Regulator Journey

Role: Read-only access to audit trails, custody chains, and governance exports for compliance and regulatory purposes
Org: External (government ministry, agency, or regulatory programme)
Scope: Configured per regulatory agreement (corridor, time range, operator subset, or full platform)

Preconditions

Account provisioned by System Admin under a regulatory access agreement
Access scope defined in the agreement (which corridors, orgs, date ranges)
Read-only, no ability to modify any data or trigger any actions

1. Platform Access

Regulator logs in via email/password or government SSO (as configured)
Access is limited to the governance portal view

Step 1.2: Scope Confirmation

On login, Regulator sees only data within their configured access scope
Out-of-scope data is not visible or queryable

2. Custody Chain Audit

Step 2.1: Query a Specific Container

Regulator searches by container ID, order ID, operator ID, or date range
Returns the full custody chain for that container:
- Origin scan (who, when, where, integrity result)
- Every handoff (HANDOVER + RECEIVE scans, both operators, timestamps, GPS, integrity)
- Delivery scan (who, when, where, OTP confirmed)
- All integrity assessments with reason codes and confidence scores

Step 2.2: View Custody Chain Visualisation

Timeline view of all custody events for a container
Each event shows: event type, operator identity, GPS, timestamp, integrity status
Evidence linkage: click through to view scan video and assessment

Step 2.3: Inspect Operator History

View an operator's full transaction history within the regulator's scope
Includes: trust tier history, integrity pass/hold/fail rates, dispute outcomes, risk flags

3. Governance Exports

Step 3.1: Export Audit Event Stream

Regulator can export a structured event log for a date range and scope
Canonical events included:
- OperatorVerified, DeviceBound, TrustTierUpdated
- VehicleCapacityAttested
- OrderCreated, ContainerCreated
- ScanCaptured, ScanUploaded, ScanValidated, IntegrityAssessed
- CustodyTransferInitiated, CustodyTransferred
- AggregationProposed, AggregationExecuted
- CarbonImpactCalculated
- PayoutTriggered, PayoutHeld, DisputeOpened, DisputeResolved
- RiskFlagRaised
Export format: structured JSON or CSV

Step 3.2: Compliance Metrics Export

Exportable platform-wide or corridor-specific metrics:
- Scan upload success rates
- Integrity outcome distributions (PASS / PASS_WITH_TOLERANCE / HOLD / FAIL)
- Payout hold reasons breakdown
- Dispute resolution outcomes
- Operator trust tier distribution

4. GovTech Formalisation (M13: government clients only)

Step 4.1: Licensing Workflow

Regulator can view operator licensing status linked to the platform's verified identity and transaction records
Licensing commission workflows configured per government agreement

Step 4.2: Tax Remittance

Transaction-based tax remittance workflows
Regulator receives structured data exports of taxable transactions
Processing commissions tracked per corridor

Edge Cases

Scenario	Behaviour
Regulator queries outside their scope	Access denied; query returns empty result with scope violation note
Regulator requests a scan video	Video access governed by the regulatory agreement, may require additional authorisation level
Audit log shows a supervisor override	Override is immutable and fully traceable, Supervisor identity, rationale, and timestamp all visible

Regulator Journey ​

Preconditions ​

1. Platform Access ​

Step 1.1: Login ​

Step 1.2: Scope Confirmation ​

2. Custody Chain Audit ​

Step 2.1: Query a Specific Container ​

Step 2.2: View Custody Chain Visualisation ​

Step 2.3: Inspect Operator History ​

3. Governance Exports ​

Step 3.1: Export Audit Event Stream ​

Step 3.2: Compliance Metrics Export ​

4. GovTech Formalisation (M13: government clients only) ​

Step 4.1: Licensing Workflow ​

Step 4.2: Tax Remittance ​

Edge Cases ​