KYC/Eligibility & Compliance Policy

k&z identity verification, eligibility criteria, sanctions screening, and anti-money laundering compliance requirements for accessing quantum AI infrastructure services.

Effective Date: January 1, 2026 — Version: 1.0

1. Introduction

This KYC/Eligibility & Compliance Policy (“Policy”) describes the identity verification, eligibility screening, and compliance requirements that K&z Limited (“k&z”) applies to prospective and existing clients of the k&z quantum AI infrastructure platform and associated services (the “Services”). This Policy is incorporated into the Terms of Service and any applicable Master Service Agreement.

Given the strategic nature of quantum computing technology and the regulatory environment surrounding dual-use technologies, k&z is committed to ensuring that our Services are provided only to legitimate, verified clients in compliance with applicable laws, including anti-money laundering (AML) regulations, counter-terrorism financing (CTF) laws, export controls, and international sanctions regimes.

2. Eligibility Criteria

2.1 General Eligibility

To be eligible to use the Services, you must meet all of the following criteria:

  • Legal Age: You must be at least eighteen (18) years of age.
  • Legal Capacity: You must have the legal capacity to enter into a binding agreement. If acting on behalf of an organization, you must have the authority to bind that organization.
  • Jurisdiction: You must not be located in, organized under the laws of, or a resident of any country or territory subject to comprehensive sanctions (see Section 6).
  • Non-Restricted Entity: You must not be listed on any applicable denied party, blocked persons, specially designated nationals (SDN), or sanctions list.
  • Lawful Purpose: Your intended use of the Services must be for lawful purposes and in compliance with the Acceptable Use Policy.

2.2 Enhanced Eligibility for Restricted Services

Certain Services require enhanced eligibility verification due to their nature or the sensitivity of the quantum computing resources involved. Enhanced verification is required for:

  • Dedicated Single-Tenant QPU Deployments: Institutional verification, beneficial ownership disclosure, and intended use documentation.
  • Sovereign Deployments: Government verification, security clearance documentation, and compliance with applicable national security requirements.
  • High-Capacity Reservations: Reserved capacity commitments exceeding specified thresholds may trigger enhanced due diligence.
  • Access to Advanced QPU Configurations: Access to certain high-qubit-count or advanced-topology QPU systems may require additional verification.

3. Identity Verification (KYC)

3.1 Individual Verification

For individual users, identity verification may include one or more of the following:

  • Government-Issued Photo ID: A copy of a valid passport, national identity card, or driver’s license. The document must include your full name, date of birth, photograph, and a machine-readable zone (MRZ) or equivalent.
  • Proof of Address: A recent utility bill, bank statement, or government-issued document (no older than three months) showing your name and current residential address.
  • Selfie Verification: A live selfie photograph for biometric comparison with the submitted photo ID, processed through our automated identity verification system.
  • Email and Phone Verification: Verification of the email address and phone number associated with your account through one-time passwords (OTP) or verification links.

3.2 Institutional Verification

For organizations, institutional verification may include:

  • Certificate of Incorporation: Official documentation confirming the legal existence and registration of the organization.
  • Business Registration: Business registration number, tax identification number, and jurisdiction of incorporation.
  • Beneficial Ownership: Disclosure of individuals who directly or indirectly own or control twenty-five percent (25%) or more of the organization, or who otherwise exercise significant control.
  • Authorized Representative: Proof that the person creating the account is authorized to act on behalf of the organization (e.g., power of attorney, board resolution, or letter of authorization).
  • Financial Statements: For high-value engagements, audited financial statements or equivalent documentation may be required to assess creditworthiness.
  • Professional References: For academic and research institutions, evidence of institutional accreditation or affiliation with recognized research bodies.

3.3 Government and Defense Verification

For government agencies and defense organizations seeking access to sovereign or classified-compatible deployments, additional verification requirements apply:

  • Official government procurement documentation or contract vehicle;
  • Authorization from the relevant contracting officer or program manager;
  • Security clearance verification where applicable;
  • Compliance with applicable government procurement regulations; and
  • End-use certificates as required by export control regulations.

4. Prohibited Entities

4.1 Categories of Prohibited Entities

k&z shall not provide Services to, and reserves the right to refuse or terminate service to, any individual or entity that:

  • Is listed on any applicable sanctions list, including the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List), the European Union Consolidated Sanctions List, the Hong Kong sanctions lists, the United Nations Security Council Consolidated List, or the UK Office of Financial Sanctions Implementation (OFSI) list;
  • Is owned or controlled by, or acting on behalf of, a person or entity listed on any of the above sanctions lists;
  • Is located in, organized under the laws of, or ordinarily resident in a comprehensively sanctioned country or territory;
  • Is a military end-user or military intelligence end-user as defined under applicable export control regulations, unless the engagement is specifically authorized;
  • Is involved in the proliferation of weapons of mass destruction, including nuclear, chemical, or biological weapons;
  • Is engaged in activities that violate applicable anti-money laundering or counter-terrorism financing laws; or
  • Has been previously terminated by k&z for violation of our policies.

5. Ongoing Monitoring

5.1 Continuous Screening

k&z conducts ongoing monitoring of existing clients against applicable sanctions lists and denied party databases. Screening is performed:

  • Upon account creation and initial verification;
  • Daily, through automated batch screening against updated sanctions lists;
  • Upon any material change to the client’s account information (name, address, organizational details);
  • Upon renewal or modification of service agreements; and
  • In response to changes in applicable sanctions regimes or regulatory guidance.

5.2 Transaction Monitoring

k&z monitors account activity for patterns that may indicate potential misuse, sanctions evasion, or money laundering, including:

  • Unusual payment patterns (e.g., payments from multiple unrelated accounts, payments from sanctioned jurisdictions);
  • Rapid account creation and deactivation;
  • Usage patterns inconsistent with the stated business purpose;
  • Attempts to access the Services from sanctioned jurisdictions; and
  • Requests to transfer account ownership or access to third parties.

5.3 Periodic Review

k&z conducts periodic reviews of existing client relationships based on risk classification. High-risk clients (e.g., those in regulated industries, government-affiliated entities, or clients accessing advanced QPU resources) are reviewed at least annually. Standard-risk clients are reviewed every two (2) years.

6. Sanctions Screening

6.1 Sanctions Lists

k&z screens all clients and transactions against the following sanctions lists and databases:

  • Hong Kong sanctions lists;
  • European Union Consolidated Sanctions List;
  • U.S. OFAC Specially Designated Nationals and Blocked Persons List (SDN List);
  • U.S. Bureau of Industry and Security (BIS) Entity List, Denied Persons List, and Unverified List;
  • United Nations Security Council Consolidated List;
  • UK OFSI Consolidated List of Financial Sanctions Targets; and
  • Other applicable national and supranational sanctions lists.

6.2 Comprehensively Sanctioned Jurisdictions

As of the effective date of this Policy, k&z does not provide Services to clients located in or ordinarily resident in the following comprehensively sanctioned jurisdictions: Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions. This list is subject to change based on updates to applicable sanctions regimes.

7. Right to Refuse or Terminate Service

7.1 Refusal of Service

k&z reserves the right to refuse to provide Services to any individual or entity that fails to meet the eligibility criteria, cannot be satisfactorily verified, is identified as a prohibited entity, or whose intended use of the Services raises compliance concerns.

7.2 Termination of Service

k&z may immediately suspend or terminate Services to any client if: (a) the client is added to any applicable sanctions list; (b) the client fails to provide requested verification documentation within the specified timeframe; (c) the client is found to have provided false or misleading information during the verification process; (d) ongoing monitoring reveals compliance concerns; or (e) required by applicable law, regulation, or governmental order.

7.3 No Liability

k&z shall not be liable for any damages, losses, or expenses incurred by a client as a result of the refusal or termination of Services under this Section, provided k&z acts in good faith and in compliance with applicable law.

8. Compliance with AML Laws

8.1 Applicable Laws

k&z complies with applicable anti-money laundering and counter-terrorism financing laws, including but not limited to: the Hong Kong Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615); the EU Anti-Money Laundering Directives; the U.S. Bank Secrecy Act and USA PATRIOT Act; and the Financial Action Task Force (FATF) Recommendations.

8.2 Suspicious Activity Reporting

k&z is committed to reporting suspicious activities to the appropriate authorities as required by applicable law. k&z employees are trained to identify and escalate potential suspicious activities, and k&z maintains procedures for filing suspicious activity reports (SARs) with the Joint Financial Intelligence Unit (JFIU) in Hong Kong and other relevant authorities.

8.3 Record Keeping

k&z maintains records of all KYC documentation, verification results, transaction records, and compliance decisions for a minimum of five (5) years following the end of the client relationship, or longer if required by applicable law.

9. Data Protection

Personal data collected during the KYC and verification process is processed in accordance with our Privacy Policy and applicable data protection laws. KYC data is stored securely with access limited to authorized compliance personnel. Data retention periods for KYC data are governed by applicable AML record-keeping requirements.

10. Contact

For questions about this Policy or the verification process:

  • Compliance Team: support@kandz.co
  • Verification Support: support@kandz.co
  • Legal Department: support@kandz.co