Digital Asset Risk & Compliance Standard
DARC is a standard for evaluating the operational integrity of digital asset systems. It covers key management, infrastructure, governance, and incident response: The systems that determine real-world reliability beyond code.
The Problem
01 —
There is no shared standard for evaluating the operational risk of digital asset ecosystems. Institutional due diligence lacks a common baseline, such as an equivalent of SOC2 or ISO 27001. Each evaluation is bespoke, inconsistent, and difficult to compare across entities.
02 —
Smart contract audits assess code, not operations. They do not evaluate key management, infrastructure security, governance processes, or incident response, which are the systems that determine how protocols behave in practice.
03 —
There is no public mechanism to verify operational integrity. Without a registry of certified entities, the market cannot distinguish between systems that are operationally sound and those that represent concentrated risk.
Open Standard
The DARC standard, control framework, and audit criteria are publicly available at no cost. Organization may review the standard, self-assess against it, or build on top of it.
Certification is optional and is intended for entities requiring independent, verifiable attestation of their operational controls.
View the StandardThe full control framework, audit procedures, and evaluation criteria are published under a Creative Commons license.
There is no cost to access or implement the standard. Certification fees apply only to audit services.
Certification Framework
Establishes the minimum operational baseline across all 12 domains. Required as a prerequisite for DARC2.
Builds on DARC1 with formal processes, deeper controls, and operational maturity across every domain. Requires DARC1.
Audit Domains
Named security owner, plain-language policy, asset inventory, secure onboarding & offboarding, NDAs, social engineering awareness.
Risk register, data classification, security metrics, regulatory awareness, threat intelligence, domain-specific ownership, change management.
Keys encrypted at rest, tested backup recovery, 2FA on all key systems, no two keys on same device, written Key Compromise Protocol.
Formal key lifecycle docs, geographic backup distribution, rotation schedules, tamper-evident storage, background checks, spend verification.
Multisig on all fund wallets, hardware wallets required, independent signer verification per transaction, no single-entity threshold control.
Risk classification, signer training & assessment, transaction simulation, emergency playbooks, monitoring, 12-hour quorum reachability.
MFA everywhere (no SMS), password manager, full-disk encryption, auto-lock, 24-hour offboarding, no shared credentials.
Hardware security keys for critical accounts, least privilege, quarterly access reviews, phishing simulations, malware protection, MDM.
Branch protection, signed commits, automated secret scanning, dependency pinning, no production credentials in dev environments.
Multi-party code review, SAST in CI/CD, isolated dev environments, dedicated secrets management, staging before production.
One external audit before mainnet, all critical findings resolved, verified deployed bytecode matches audited source, privileged functions documented.
Two+ audits for core contracts, timelocks on privileged ops, pause mechanism, bug bounty, re-audit triggers, remediation tracking.
Named incident owner, emergency contact list, written response plan (contain, scope, notify), incident channel known to all.
IR team with defined roles, per-scenario playbooks, 24/7 monitoring with paging, tamper-evident logs, post-incident reviews.
Multisig treasury wallets, company funds segregated from user funds, test transactions, basic spend approval policies.
Custody model documented, risk classification per wallet, fund allocation limits, video-call verification for large transfers, monitoring.
Monitor all treasury/multisig wallets, alerts on large transfers & signer changes, named alert reviewer with defined cadence.
Smart contract monitoring, credential leak monitoring, DeFi attack pattern detection, severity-based escalation, on-call schedule.
Inventory of critical dependencies, official sources only, version pinning with lockfiles, automated vulnerability scanning in CI/CD.
Vendor risk assessments, oracle architecture documented, RPC redundancy (2+ providers), SBOM, frontend build integrity verification.
Domain inventory, MFA on all registrars, auto-renewal, SPF/DKIM/DMARC configured, TLS certificate expiration tracking.
DNSSEC, CAA records, registry locks, CT log monitoring, CSP headers, SRI for externally-loaded scripts on signing pages.
Hardware wallets in locked storage, clear desk policy, visitor policy for signing areas, verified hardware supply chain.
Physical access control with logging, cameras in secure areas, environmental protections, designated key ceremony areas.
Who It's For
Asset managers, banks, and family offices need a standardised operational risk signal. DARC provides the due diligence shorthand that reduces friction and accelerates capital deployment.
DAOs, foundations, and on-chain treasuries use DARC certification as a filter when evaluating integration partners, liquidity deployments, and protocol risk.
DeFi protocols, L1/L2 chains, custodians, wallets, and exchanges use DARC to demonstrate operational maturity to the market and attract institutional liquidity.
DARC is designed with regulatory alignment in mind. The framework is structured to support recognition within formal licensing and supervisory processes.