01Executive Summary
The Jurisdiction-Aware Event Bus is JIL Sovereign's observability backbone, purpose-built to solve the fundamental conflict between comprehensive system monitoring and data sovereignty regulations. Traditional event streaming platforms treat all events identically regardless of their jurisdictional implications, creating regulatory exposure whenever event data containing personal information crosses borders.
JIL's event bus classifies every system event at the point of emission, routes it to jurisdiction-compliant storage based on the data sovereignty classification of its contents, and enforces zone-specific retention periods automatically. The system achieves sub-100-millisecond delivery latency using 64-partition parallel processing with a replication factor of 3, while simultaneously ensuring that EU person data never leaves EU-resident storage and US person data remains in US-compliant infrastructure.
02Problem Statement
Financial services platforms operating across multiple jurisdictions face an irreconcilable tension between observability and compliance. Engineering teams need comprehensive event streams for debugging, performance monitoring, and incident response. Compliance teams need assurance that personal data never crosses jurisdictional boundaries in violation of GDPR, PDPA, LGPD, or other data protection frameworks.
Existing Solutions Fall Short
Platforms like Datadog, Splunk, and Elastic offer powerful event processing capabilities, but none provide jurisdiction-aware routing at the event level. Events flow into centralized clusters, and data residency is enforced - if at all - at the cluster level. This means organizations must either run entirely separate observability stacks per jurisdiction (expensive and operationally complex) or accept the regulatory risk of cross-border data flows.
Retention Complexity
Different jurisdictions mandate different retention periods for financial records. FINMA requires 10 years, ESMA requires 5 years, and FinCEN requires 5 years with different data categories. No existing event bus supports per-topic, per-zone retention policies that map directly to regulatory requirements.
03Technical Architecture
The event bus is built on RedPanda as the underlying message broker, extended with a custom classification and routing layer that operates at the producer level.
Event Classification
Every event emitted by any of the 190+ JIL services is classified at the point of production using a deterministic classification engine. The classifier inspects event metadata (source service, event type, account identifiers) and content fields to assign a sovereignty class and one or more applicable compliance zones.
| Compliance Zone | Regulator | Retention Period | Data Residency | Partition Count |
|---|---|---|---|---|
| EU_ESMA | European Securities and Markets Authority | 5 years | EU-resident only | 8 |
| US_FINCEN | Financial Crimes Enforcement Network | 5 years | US-compliant | 8 |
| CH_FINMA | Swiss Financial Market Supervisory Authority | 10 years | Switzerland or equivalent | 8 |
| SG_MAS | Monetary Authority of Singapore | 5 years | APAC-compliant | 8 |
| GB_FCA | Financial Conduct Authority | 5 years | UK-resident | 8 |
| JP_JFSA | Japan Financial Services Agency | 7 years | Japan-compliant | 4 |
| AE_FSRA | Financial Services Regulatory Authority | 5 years | ADGM-resident | 4 |
| BR_CVM | Securities and Exchange Commission of Brazil | 5 years | Brazil-compliant | 4 |
| DE_BAFIN | Federal Financial Supervisory Authority | 10 years | EU-resident | 4 |
| GLOBAL_FATF | Financial Action Task Force | 5 years | Any compliant location | 8 |
Routing Architecture
Service emits event via obs-bus client library
- Classifier assigns sovereignty_class + zones[]
- Event serialized with zone metadata in header
RedPanda producer routes to zone-specific topic
- Topic pattern: jil.obs.{zone}.{event_type}
- 64 total partitions across 10 zones
- Replication factor 3 for durability
Zone-local consumer processes and stores
- Events written to zone-compliant PostgreSQL
- Retention enforced via pg_cron + zone config
- Auditor export available per zone04Implementation
The event bus is implemented as a thin client library (obs-bus-client) embedded in every JIL service, combined with a central routing configuration managed by the obs-bus service.
Producer-Side Classification
Each service imports the obs-bus client, which exposes a simple emit(eventType, payload) API. The client library performs classification locally using a cached copy of the routing rules, avoiding any network round-trip for classification decisions. Rules are refreshed every 60 seconds from the obs-bus configuration endpoint.
Performance Characteristics
| Metric | Target | Measured (DevNet) |
|---|---|---|
| End-to-end latency (p50) | Under 50ms | 23ms |
| End-to-end latency (p99) | Under 100ms | 67ms |
| Throughput per partition | 10,000 events/s | 14,200 events/s |
| Classification overhead | Under 1ms | 0.3ms |
| Replication lag | Under 500ms | 120ms |
Auditor-Ready Export
Each compliance zone supports on-demand export in three standardized formats: JSON Lines (for programmatic analysis), CSV (for spreadsheet review), and PDF (for formal regulatory submissions). Exports are signed with the validator's Ed25519 key and include a Merkle root covering all exported events, enabling auditors to verify completeness and integrity without accessing the live event stream.
05Integration with JIL Ecosystem
The event bus serves as the central nervous system for JIL Sovereign's observability and compliance infrastructure.
Settlement Consumer
Settlement events are classified by zone and routed to the appropriate compliance zone topic. Each validator's settlement-consumer subscribes only to its authorized zone topics, maintaining jurisdictional isolation.
AI Fleet Inspector
The Fleet Inspector consumes aggregated metrics from the event bus to compute threat scores and health metrics across all 20 mainnet validators without requiring direct access to zone-restricted event data.
Regulatory Reporter
The regulatory-reporter service generates jurisdiction-specific compliance reports by querying zone-local event stores. Reports are assembled entirely within the zone's data boundary.
Telemetry Store
System performance telemetry (non-PII) flows through a separate GLOBAL_FATF topic partition, enabling cross-zone performance analysis without data sovereignty implications.
06Prior Art Differentiation
JIL's jurisdiction-aware event bus introduces capabilities not available in any existing observability or event streaming platform.
| Feature | Datadog | Splunk | Confluent (Kafka) | JIL Event Bus |
|---|---|---|---|---|
| Per-Event Classification | Tag-based (manual) | Index-based | Topic-based (manual) | Automatic at producer |
| Jurisdiction Routing | Region selection | Region selection | Not built-in | Per-event, per-zone |
| Zone-Specific Retention | Global policy only | Per-index | Per-topic | Per-zone with regulatory mapping |
| Auditor Export | API export | Scheduled reports | Not built-in | Signed, Merkle-verified |
| Data Residency Enforcement | Region-level | Region-level | Cluster-level | Event-level per zone |
07Implementation Roadmap
Core Classification Engine
Deploy obs-bus client library to all 190+ services. Implement deterministic event classification with zone assignment. Configure 64-partition RedPanda topology across 13 compliance zones.
Zone-Specific Storage
Deploy zone-local PostgreSQL instances for event persistence. Implement per-zone retention policies via pg_cron. Verify data residency compliance through automated residency audits.
Auditor Export System
Build signed export pipeline with Merkle root verification. Support JSON Lines, CSV, and PDF output formats. Integrate with regulatory-reporter for automated compliance report generation.
Cross-Zone Analytics
Deploy privacy-preserving aggregation layer for cross-zone metrics. Implement differential privacy for aggregate statistics. Enable fleet-wide observability without zone boundary violations.