Where the patient data lives. Who can touch it. Why the architecture is the answer.

ARDIN (Saudi Authority for Data and AI): data residency on Saudi soil, audit access for ARDIN regulators, breach notification per ARDIN timeline. NPHIES integration: national platform for health information exchange exposed via FHIR R4-compliant adapter. Saudi PDPL (Personal Data Protection Law, 2021): consent management, data subject rights, retention policy. MoH alignment: Saudi Vision 2030 Health Sector Transformation, with LUMEN positioned as a national champion technology partnership.

PIPEDA (Personal Information Protection and Electronic Documents Act): consent, retention, access, breach notification. Quebec Law 25 (Loi 25): local representative, breach notification within thirty days, transfer impact assessment. Provincial health acts: Ontario PHIPA, BC PIPA, Alberta HIA, Saskatchewan HIPA. LUMEN ships per-province configuration. DND DISH alignment: active grant submission for sovereign defence intelligence work that shares architectural ancestors with LUMEN.

GDPR: data subject rights, DPO contact, right to erasure, data portability, lawful basis documentation. EU MDR (Medical Device Regulation 2017/745): clinical-decision-support classification with Class IIa CE marking pathway, subject to confirmation by EU regulatory counsel. France HDS (Hébergeur de Données de Santé): health data hosting certification for French deployments. Germany BDSG and Patient Data Protection Act for German tertiary centres.

UAE PDPL: alignment for UAE Department of Health deployments. Bahrain PDPL. Qatar Personal Data Privacy Law. Kuwait, Oman: in progress with each respective regulator. Tunisia INPDP (Instance Nationale de Protection des Données Personnelles): clinical data residency, consent management. Morocco DGSSI / CNDP. Egypt Personal Data Protection Law (Law 151 of 2020). Cross-cutting: WHO digital health framework alignment, ITU/WHO Focus Group on AI for Health.

Every read, every write, every model inference, every order, every signature is appended to a hospital-owned cryptographic chain. The hospital owns the chain. The chain is portable: the hospital exports it for regulators on demand. Append-only. Inspectable. The audit chain is a hospital asset, not a vendor service. No CLOUD Act subpoena path crosses it. No vendor key escrow holds the chain.

AES-256-GCM at rest, TLS 1.3 in transit, hardware-bound keys in a hospital-owned HSM (Thales, YubiHSM, or equivalent). Per-patient encryption envelopes. The encryption keys live in the hospital's own jurisdiction, never in a Silicon Valley key escrow service. Key rotation on the hospital's own schedule. Key destruction on the hospital's own command.

For hospitals that prefer managed deployment, sovereign Canadian datacenter partner OVH Beauharnois (Quebec). ISO 27001, SOC 2 Type II, no US CLOUD Act exposure (Quebec data residency law applies). For Saudi deployments, the hospital's own datacenter or a Saudi-sovereign partner per MoH approval. PulsarOS does not require any specific cloud partner; the hospital chooses the deployment topology.

Standard contract: ninety-day data export window. Open formats. The hospital takes its data, its model weights, its audit log, its fine-tune deltas. We do not lock the hospital in. The hospital owns the brain, the chain, the keys, the data. PulsarOS provides the platform license and the implementation; the hospital owns the rest.