Digital Asset Risk & Compliance Standard
DARC certifies the security, operational integrity, and control effectiveness of digital asset systems across the full stack—including DeFi protocols, L1s, L2s, wallets, custodians, and centralized exchanges. It covers key management, infrastructure, governance, and incident response: the systems and processes that determine real-world reliability beyond code.
The Problem
01 —
TradFi institutions allocating to digital assets have no equivalent of SOC 2 or ISO 27001 to evaluate operational risk. Every due diligence engagement starts from zero.
02 —
Smart contract audits do not assess multisig controls, key management procedures, infrastructure security, incident response readiness, or the human and operational layer.
03 —
Without a public registry of certified entities, there is no mechanism for the market to distinguish operationally sound protocols from those that represent concentrated risk.
Certification Framework
Establishes the minimum operational baseline. Required as a prerequisite for DARC-2.
Demonstrates mature operational controls and third-party verification readiness. Requires DARC-1.
The highest level of certification. Designed for entities seeking regulatory recognition and institutional capital. Requires DARC-2.
Audit Domains
Who It's For
Asset managers, banks, and family offices allocating to digital assets need a standardised operational risk signal. DARC provides the due diligence shorthand that reduces friction and accelerates capital deployment.
DAOs, foundations, and on-chain treasuries use DARC certification as a filter when evaluating integration partners, liquidity deployments, and protocol risk.
DeFi protocols, L1/L2 chains, custodians, wallets, and exchanges use DARC to demonstrate operational maturity to the market and attract institutional liquidity.
DARC-3 is designed to align with DORA and MiCA, giving supervisory authorities a recognised private-sector standard to reference in licensing and supervisory frameworks.
Public Registry
Every certified entity is listed in the DARC Public Registry — a machine-readable, continuously updated database of certification status, tier level, audit date, and expiry. Certification badges are cryptographically signed and verifiable on-chain.
The registry enables institutional investors, aggregators, and risk platforms to integrate DARC status directly into their due diligence workflows.
View Registry| Entity | Tier | Expires | Status |
|---|---|---|---|
| Protocol Alpha | DARC-3 | Dec 2025 | Active |
| Chain Beta | DARC-2 | Mar 2026 | Active |
| Wallet Gamma | DARC-1 | Aug 2025 | Active |
| Exchange Delta | DARC-3 | Jan 2026 | Active |
Open Standard
The DARC methodology, control framework, and audit criteria are fully open source and available to anyone at no cost. We believe that operational trust standards for digital assets should be a public good — not a proprietary product.
Any organisation can read the standard, self-assess against it, or build tooling on top of it. Certification by an accredited auditor is optional, and is intended for entities that want independent, verifiable attestation.
View on GitHubThe full control framework, audit procedures, and scoring criteria are published publicly under a Creative Commons licence.
There is no cost to read, implement, or reference DARC. Certification fees cover auditor time only — DARC itself charges nothing.
Updates to the standard are proposed publicly, reviewed by the independent standards board, and ratified through an open comment process.