immo.quick Serverless Edition v2.0.0: A Deterministic, Sovereign Compliance Infrastructure for Multi-Jurisdictional Institutional Transactions

This paper presents the architectural specification of the immo.quick Serverless Edition v2.0.0, a stateless, deterministically executing compliance infrastructure designed for institutional-grade, multi-jurisdictional transaction verification. The system provides forensic evidentiary proof of compliance decisions through a cryptographically sealed, append-only artifact chain without relying on probabilistic AI models, persistent runtime processes, or US-hyperscaler infrastructure. The architecture enforces three non-negotiable sovereignty constraints — (1) absence of US-Cloud-Act nexus through exclusive use of European infrastructure providers (Hetzner, IONOS, OVHcloud), (2) deterministic execution via a DEPE (Deterministic Execution Proof Engine) ensuring identical outputs for identical inputs and rule set versions, and (3) forensic survivability through a 4-layer HMAC-SHA256 + Merkle-chain attestation scheme anchored to multi-source NTP timestamps (PTB, NIST, NPL, BIPM) — ensuring proof artifacts remain independently verifiable even after the originating system is decommissioned. The compliance pipeline comprises 7 core legal gates covering 103 sub-gate checks across 64 Rechtsnormen (legal norms) in 47 jurisdictions, spanning regulatory frameworks including GDPR, DORA, NIS2, EU AI Act, PSD3/PSR, eIDAS 2.0, BaFin KWG §44, MiFID II, Basel III, Solvency II, IDD, FINMA, OFAC, FinCEN, FATCA/CRS, CTA/BOI, and CRA. Each gate evaluation produces a signed Warranty Token (SCP-1.0 schema) carrying a rule version hash, input snapshot hash, NTP-anchored timestamp, and HMAC chain link — the four architectural constraints required for independent verifiability. Cryptographic signing employs a hybrid scheme combining HMAC-SHA256 for primary attestation with ML-DSA (Dilithium-5, NIST FIPS 204) co-signatures for post-quantum retention beyond 10 years. Private key material is distributed via Shamir Secret Sharing (3-of-5 threshold) across five non-US jurisdictions (DE, CH, LU, SG, JP), enforcing zero operator key custody. The system addresses a structural gap identified in the BMDS (Bundesministerium für Digitales und Staatsmodernisierung) mandate for „klare Kriterien für eine echte europäische digitale Souveränität": the absence of technically operationalizable, legally enforceable sovereignty criteria that withstand judicial scrutiny. The paper defines the Forensic Survival Condition — the requirement that a compliance proof artifact must remain independently verifiable by any party, using only the artifact itself and publicly documented cryptographic primitives, without access to the originating system, vendor narrative, or operator cooperation. Sectors covered include Banking & FinTech, Real Estate, Mergers & Acquisitions, Wealth Management, Insurance, Government & Regulatory Bodies, and Cloud & Critical Infrastructure. The paper includes sector-specific Annexes (BA, MA, IN, GO, WM, RE, CL) with gate-level legal mapping per sector. This work is positioned as a citable architectural reference for regulatory consultations with BMDS, BaFin, ENISA, AMLA, and EUCS Level High certification procedures. The paper further defines a receiver-agnostic proof grammar enabling any institutional counterparty to independently verify compliance artifacts without vendor cooperation, establishing the foundation for future interoperability with emerging cross-boundary attestation standards Version Series 10.5281/zenodo.19462893 (v1.0.0) → 10.5281/zenodo.20562673 (v1.1.0) → 10.5281/zenodo.20736877 (v2.0.0 , this Paper)