Regulatory compliance, verified

ShipORB maps every technical requirement from MARPOL Annex I, MEPC.312(74), and IACS UR E26/E27 to specific features in the platform.

๐Ÿ“‹
MARPOL Annex I Regulation 17
๐Ÿ›๏ธ
MEPC.312(74)
๐Ÿ”’
IACS UR E26 / E27
๐Ÿ“„
MEPC.1/Circ.736/Rev.2

Three pillars of maritime compliance

ShipORB addresses every regulatory framework that governs electronic Oil Record Books.

๐Ÿ“‹

MARPOL Annex I

Regulation 17 - Oil Record Book

The foundational international convention requiring every ship of 400 GT and above to maintain an Oil Record Book documenting all machinery space and cargo/ballast operations involving oil.

๐Ÿ›๏ธ

MEPC.312(74)

Guidelines for Electronic Record Books

The IMO resolution establishing specific requirements for electronic ORBs: tamper-evident records, digital signatures, access control, data backup, and the ability to produce printed copies matching the prescribed format.

๐Ÿ›ก๏ธ

IACS UR E26/E27

Maritime Cybersecurity

Unified Requirements from the International Association of Classification Societies mandating cybersecurity measures for onboard systems, including network security, access control, and intrusion detection.

Compliance matrix

How each MEPC.312(74) requirement maps to ShipORB's implementation.

RequirementDescriptionShipORB ImplementationStatus
MEPC.312(74) - Record Integrity
ยง3.1Tamper-evident recordingSHA-256 hash chain + append-only SQL triggersโœ“ Full
ยง3.2Digital signature per entryECDSA P-256 per-officer signaturesโœ“ Full
ยง3.3Prevent unauthorised modificationImmutable append-only log, RBAC enforcementโœ“ Full
ยง3.4Record amendments with audit trailAmendment entries linked to original via hash referenceโœ“ Full
MEPC.312(74) - Access Control & Authentication
ยง4.1Unique user identificationPer-officer credentials with TOTP 2FAโœ“ Full
ยง4.2Role-based accessOfficer โ†’ C/E review โ†’ Master verification workflowโœ“ Full
ยง4.3Master's page-by-page signingDual-auth Master verification per pageโœ“ Full
MEPC.312(74) - Data Management
ยง5.1Data backup and recoveryAutomated backup to NAS + USB export scriptsโœ“ Full
ยง5.2Minimum 3-year data retentionSQLite + PostgreSQL with configurable retentionโœ“ Full
ยง5.3Produce printed copy in prescribed formatIMO-format PDF export on-vessel and shore-sideโœ“ Full
MEPC.312(74) - System Requirements
ยง6.1Operate in shipboard conditionsOffline-first, runs on ruggedised shipboard hardwareโœ“ Full
ยง6.2Flag state approval mechanismDNV type approval documentation preparedIn Progress
IACS UR E26/E27 - Cybersecurity
E26 ยง4Network segmentation & monitoringWazuh SIEM + dedicated VLAN configurationโœ“ Full
E27 ยง5Secure communicationsNetbird WireGuard VPN + TLS 1.3 everywhereโœ“ Full
E27 ยง6Vulnerability managementAutomated scanning, patching, log rotationโœ“ Full

How ShipORB implements each requirement

Detailed technical mapping from regulation to code.

Every ORB entry contains a SHA-256 hash of the previous entry, creating an unbreakable chain. If any entry is modified, all subsequent hashes become invalid, immediately revealing tampering.

Go crypto/sha256 library for hash computation ship-service
SQLite triggers enforce append-only behaviour database
Chain verification endpoint for PSC inspectors api

Each officer has a unique ECDSA P-256 key pair. When signing an entry, the officer's private key signs the entry hash, producing a cryptographic proof that this specific officer approved this specific record.

FIPS 140-3 validated Go Cryptographic Module v1.0.0 (CMVP #5247) ship-service
Key pairs generated on-device, private key never leaves vessel security
Signature verification in PDF export & dashboard ship-core + react

The system enforces a three-stage workflow: the responsible officer creates and signs the entry, the Chief Engineer or Chief Mate reviews and countersigns, and the Master provides final verification with dual authentication.

State machine: DRAFT โ†’ SIGNED โ†’ REVIEWED โ†’ VERIFIED ship-service
TOTP second-factor for all signing operations auth

All functionality operates without internet connectivity. SQLite provides on-vessel storage, and NATS JetStream handles reliable ship-to-shore synchronisation when connectivity returns.

SQLite with SQLCipher for the encrypted on-vessel store ship-core
NATS JetStream with at-least-once delivery guarantee sync

PDFs generated in the exact IMO-prescribed Oil Record Book format, including operation codes, item numbers, tank details, and signature blocks. Available from both vessel and shore.

PDF generation on-vessel for offline inspections ship-service
USB export via dedicated script for PSC scripts

Automated daily backups to NAS with hash verification on restore. Shore-side PostgreSQL provides long-term retention. Minimum 3-year archival with configurable policies.

backup-ship.sh - automated NAS + USB backup scripts
restore-ship.sh - hash-verified database restore scripts

Full compliance with IACS Unified Requirements E26 (system resilience) and E27 (onboard communication security) through defence-in-depth architecture.

Wazuh SIEM - file integrity monitoring, IDS alerts infra
Netbird WireGuard VPN - encrypted ship-to-shore tunnel infra
Kubernetes NetworkPolicy - pod-level micro-segmentation k8s

Type approval roadmap

Our path to classification society approval for electronic Oil Record Books.

โœ“
Q3 2025
MEPC.312(74) gap analysis completed
Full regulatory mapping documented, every requirement traced to platform features.
โœ“
Q2 2026
Cryptographic module validation
SHA-256 hash chain and ECDSA P-256 signatures run inside the FIPS 140-3 validated Go Cryptographic Module v1.0.0 (CMVP #5247).
โ†’
Q1 2026
DNV type approval submission
Documentation package submitted to DNV for type approval of electronic Oil Record Book system.
3
Q2 2026
Pilot fleet deployment
Initial deployment on 5 vessels under DNV class supervision for field validation.
4
Q3 2026
Flag state approvals
Seeking approval from Marshall Islands, Panama, Liberia, and Bahamas maritime authorities.

Classification society readiness

Designed for approval by the world's leading maritime classification societies.

๐Ÿ‡ณ๐Ÿ‡ด
DNV
Type approval in progress
๐Ÿ‡ฌ๐Ÿ‡ง
Lloyd's Register
Documentation prepared
๐Ÿ‡ซ๐Ÿ‡ท
Bureau Veritas
Documentation prepared
๐Ÿ‡ฏ๐Ÿ‡ต
ClassNK
Planned Q3 2026

Need a compliance deep-dive?

Our maritime compliance team can walk you through the full regulatory mapping for your flag state.