Skip to main content

Compliance and Liability Disclaimer

Important Legal Notice

This document contains legal disclaimers regarding the use of Excalibur framework packages. Please read carefully before using any compliance-assistance features.

Overview

The Excalibur framework provides tools and functionality to assist with building compliant applications. However, the framework provides tools, not guarantees. Your compliance obligations remain your responsibility.

What This Framework Provides

FeatureWhat It DoesWhat It Does NOT Do
Audit LoggingRecords events with timestamps, actors, and metadataGuarantee regulatory compliance
Event SourcingMaintains immutable event historyReplace required audit procedures
GDPR HelpersProvides data subject request workflowsEnsure GDPR compliance
Encryption UtilitiesOffers encryption abstractionsCertify data protection adequacy
Compliance PackagesAssists with compliance workflowsReplace professional compliance review

Compliance Responsibility Notice

Use of the Excalibur framework does NOT:

  • Guarantee compliance with any law or regulation
  • Replace independent compliance testing and validation
  • Substitute for professional legal or compliance advice
  • Exempt you from obtaining necessary certifications or audits
  • Constitute legal advice or create any advisory relationship
  • Ensure your specific implementation meets regulatory requirements
Your Responsibility

You remain solely and fully responsible for ensuring your applications comply with all applicable laws and regulations. The framework provides tools; compliance requires your diligence.

Your Obligations

General Compliance

You MUST:

  • Conduct all necessary compliance testing and validation
  • Obtain required certifications and regulatory approvals
  • Ensure adherence to all applicable laws and standards
  • Maintain documentation of compliance efforts
  • Implement adequate security controls
  • Monitor for regulatory changes
  • Engage qualified legal and compliance professionals

Technical Implementation

You MUST:

  • Properly configure the framework for your use case
  • Implement appropriate access controls and encryption
  • Conduct security reviews of your implementations
  • Maintain audit trails as required by your regulators
  • Test disaster recovery and business continuity procedures

Regulatory-Specific Disclaimers

GDPR (EU Data Protection)

EU Users

The framework includes features that may assist with GDPR workflows but does NOT guarantee GDPR compliance.

You MUST still:

  • Conduct Data Protection Impact Assessments (DPIAs)
  • Implement technical and organizational measures (Article 32)
  • Maintain records of processing activities (Article 30)
  • Execute Data Processing Agreements (Article 28)
  • Implement data subject rights workflows (Articles 15-22)
  • Appoint a Data Protection Officer if required (Article 37)
  • Report breaches within 72 hours (Article 33)
  • Obtain independent legal advice

SOC 2

SOC 2 Users

Audit logging features may support SOC 2 efforts but do NOT guarantee attestation.

You MUST still:

  • Engage qualified CPA firms for SOC 2 examinations
  • Implement controls across all Trust Services Criteria
  • Maintain control documentation and evidence
  • Conduct regular internal assessments
  • Address control deficiencies

HIPAA (US Healthcare)

Healthcare Users

The framework does NOT guarantee HIPAA compliance.

You MUST still:

  • Conduct HIPAA Security Rule risk assessments
  • Implement technical, physical, and administrative safeguards
  • Execute Business Associate Agreements (BAAs)
  • Implement breach notification procedures
  • Train workforce on HIPAA requirements
  • Obtain qualified HIPAA legal counsel review

Financial Services (SOX, PCI-DSS, etc.)

Financial Services Users

The framework is not intended to ensure compliance with financial regulations.

You MUST still:

  • Conduct independent compliance assessments
  • Implement required controls and segregation of duties
  • Obtain legal review of implementations
  • Engage qualified auditors for attestations

Limitation of Liability

No Warranty

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Limitation

IN NO EVENT SHALL THE AUTHORS, CONTRIBUTORS, OR MAINTAINERS BE LIABLE FOR ANY:

  • Direct, indirect, incidental, or consequential damages
  • Loss of use, data, or profits
  • Business interruption
  • Regulatory fines or penalties
  • Any other commercial damages or losses

Before You Deploy

Professional Review Required

Before using compliance-assistance features in production:

  1. Consult qualified legal counsel in your jurisdiction(s)
  2. Engage compliance professionals to review your implementation
  3. Conduct independent security assessments
  4. Obtain appropriate certifications from qualified third parties
  5. Document your compliance approach with evidence of due diligence

Summary

AspectFramework ProvidesYou Must Provide
ToolsAudit logging, event sourcing, helpersProper implementation and configuration
PatternsBest practices, abstractionsIndependent validation and testing
DocumentationUsage guidanceLegal and compliance review
FeaturesCompliance-assistance functionalityActual compliance program

Questions?

  • Technical questions: GitHub Discussions
  • Legal questions: Consult qualified legal counsel in your jurisdiction
note

This disclaimer does not create any advisory relationship. For legal advice, consult qualified legal counsel.

See Also