HELM Regional Compatibility

HELM supports regional deployment profiles that automatically configure governance policies, data residency, encryption standards, and ceremony requirements.

Supported Regions

Region	Profile	Compliance	Encryption	Ceremony
US	us	SOC2, NIST-800-53	AES-256-GCM	Standard (2s timelock)
EU	eu	GDPR, SOC2, ISO-27001	AES-256-GCM	Strict (5s timelock, challenge/response)
RU	ru	GOST-R-34.10, 152-FZ	GOST-28147-89	Standard (3s timelock)
CN	cn	GB/T-35273, CSL	SM4	Standard (3s timelock)

Configuration

Set the HELM_REGION environment variable:

export HELM_REGION=eu

Or in helm.yaml:

region: eu

EU-Specific Requirements

• GDPR: PII handling set to strict mode. All personal data processing requires explicit consent, logged as TRUST_EVENT in the ProofGraph.
• Right to Erasure: Supported via cryptographic key rotation. Data encrypted with tenant keys can be rendered inaccessible by revoking the key in the Trust Registry.
• Data Residency: All data stored in eu-west-1. Cross-region replication disabled by default.

Ceremony Differences

The EU profile requires challenge/response verification for all approval ceremonies, adding an extra layer of human verification. This means the operator must type a confirmation phrase (e.g., "DELETE") in addition to the standard timelock and hold requirements.

Custom Profiles

Create a custom profile in config/profiles/:

profiles:
  custom:
    name: "Custom Region"
    ceremony:
      min_timelock_ms: 10000
      min_hold_ms: 5000
      require_challenge: true
      domain_separation: "helm:approval:v1:custom"
    data_residency: "custom-dc-1"
    compliance:
      - "CUSTOM-STANDARD"
    encryption: "AES-256-GCM"