Exit control portability
Keep issuer authority, investor eligibility, lifecycle governance, and audit evidence portable during an asset servicing exit.
DALP supports an asset servicing exit by keeping the asset's control record available to an approved receiving operator. That record covers issuer authority, investor eligibility rules, lifecycle governance, holder state, documents, configuration, and transaction evidence. The handover path depends on the contract model: upgradeable deployments transfer the relevant administrative authority, while immutable deployments use a controlled replacement asset and investor transition.
DALP mechanism
The portable record combines on-chain authority, configured policy, participant state, documents, and operational evidence. Review these surfaces before a servicing provider change, administrator handover, audit review, controlled wind-down, or migration to another operator.
| Control surface | Portable record | Review point |
|---|---|---|
| Issuer authority | Token roles for permission management, governance, supply management, custody actions, and emergency actions | Confirm the current role holder and the receiving role holder before revoking outgoing access. |
| Platform authority | Platform administrator roles for identity, compliance, token creation, feeds, gas sponsorship, and audit visibility | Confirm which users can manage system configuration and which roles are needed after the handover. |
| Investor eligibility | Identity registry entries, OnchainID links, jurisdictions, trusted issuers, claim topics, allowlists, and denylists | Confirm that every affected holder remains linked to the correct identity and eligibility policy. |
| Lifecycle governance | Compliance modules, feature configuration, metadata rules, supply controls, pause state, redemption, and governance | Confirm which settings are mutable by governance and which settings require a new deployment. |
| Holder state | Holder balances, available balances, frozen amounts, historical balances where enabled, and lifecycle status | Reconcile current state before changing authority or opening a replacement asset. |
| Contract artifacts | Token address, asset identity, access manager, compliance attachments, feature configuration, documents, and metadata | Retain the deployed artifact list and the configuration used by the factory or issuance path. |
| Transaction evidence | Administrative actions, mint, burn, transfer, pause, freeze, recovery, document, and metadata activity | Retain transaction status, monitoring records, action queues, and idempotency evidence where the deployment records it. |
The diagram is a planning view. Each deployment must still follow its configured approval, custody, privacy, and change-control process.
Handover sequence for upgradeable contracts
Upgradeable DALP asset deployments keep the asset address and holder record while administrative authority changes hands. Use this path when the deployed contract model permits the required administration change without replacing the asset.
Freeze the scope
Record the asset address, asset identity, access manager, compliance attachments, enabled features, current role holders, holders, frozen amounts, documents, metadata, and recent administrative transactions. Treat this as the handover baseline.
Prepare the receiving operator
Create or confirm the receiving user account, wallet, and identity records. For holder or participant activity, the wallet must resolve through the identity registry and hold the claims required by the asset's trusted issuers and compliance modules.
Transfer required authority
Grant only the platform roles and token roles needed for the receiving operator. Use token roles for asset-specific work such as permission management, governance, supply management, custody actions, and emergency actions. Use platform roles for system-wide configuration, identity, compliance, token creation, feeds, sponsorship, and audit visibility.
Verify the receiving authority
Confirm that the receiving operator can inspect the asset, identity registry links, compliance configuration, holder state, documents, metadata, and recent actions. Confirm recent transaction status before removing old access.
Remove outgoing authority
Revoke outgoing roles that are no longer needed. Keep transition-period access only when the operating model requires it, and record that reason in the regulated operator's evidence file.
Migration sequence for immutable contracts
Immutable contracts keep their deployed code and immutable parameters. A handover that requires changed immutable terms, a different contract owner model, or a different servicing architecture uses a replacement asset rather than changing the existing contract.
Preserve the existing record
Retain the original asset address, token identity, access manager, compliance configuration, feature configuration, documents, metadata, holder list, balances, freezes, and transaction history. On-chain history remains on the ledger. Off-chain evidence remains under the deployment's retention and privacy model.
Define the replacement configuration
Deploy the replacement asset with the required role mappings, identity policy, trusted issuers, compliance modules, documents, metadata, lifecycle settings, and immutable parameters. Treat testnet and mainnet as separate deployments. A successful testnet rehearsal does not promote state or authority into production by itself.
Map investor transition
Map each affected holder from the original asset to the replacement asset. Reconfirm identity registry links, jurisdictions, required claims, allowlist or denylist status, frozen balances, and any lifecycle restrictions before issuing, swapping, redeeming, or otherwise transitioning balances.
Reconcile state and evidence
Reconcile holder balances, supply, frozen amounts, lifecycle status, documents, metadata, and recent actions between the original asset and the replacement asset. Keep transaction evidence for both assets so auditors can follow the transition without losing the original history.
Close or restrict the original asset path
Apply the deployment's approved wind-down controls to the original asset. Depending on the asset configuration, this may mean removing operational roles, pausing selected operations, freezing affected balances, completing redemption, or keeping the asset available only for audit and historical review.
Deployment and evidence boundary
DALP preserves the technical control record that a receiving operator needs to continue asset servicing. It does not replace the regulated operator's legal appointment records, customer notices, privacy obligations, custody contracts, or off-chain evidence archive.
| Boundary | Required operating evidence |
|---|---|
| Legal and contractual appointment | Keep appointment letters, service termination terms, notices, and regulator or customer communications in the regulated record system. |
| Off-chain KYC evidence | Keep verifier records, consent evidence, and data-retention controls with the regulated operator or verifier. DALP records claim results and issuers on identity records, not the full evidence file. |
| External custody or bridge infrastructure | Confirm provider contracts, keys, route approvals, and external balances with the provider. Token roles do not certify or transfer external infrastructure. |
| Personal data exports | Follow the deployment's privacy and retention controls. On-chain history remains on the ledger, while off-chain personal data follows the deployment's retention model. |
| Testnet and production environments | Treat each network as a separate deployment with its own addresses, roles, identities, transactions, and evidence. Do not treat testnet activity as production evidence. |
Before completing the exit, confirm that the receiving operator has the required authority, the outgoing operator no longer has unnecessary access, affected investors remain eligible, lifecycle governance is assigned, documents and metadata match the operating record, and recent transactions reconcile.
Published docs URL
The public documentation path for this answer is /docs/user-guides/asset-servicing/exit-control-portability.