Ops managers are right to be skeptical of LLMs in compliance workflows. Here's the full picture: how validation actually works, what CanalClear prepares vs. submits, where liability sits, and how your data is protected.
The core compliance engine is deterministic — every check is a defined rule against a published regulation. The system doesn't "decide" whether your filing is valid; it executes a fixed rule set and returns pass/fail for each check.
LLMs (large language models) are used only for document extraction: reading uploaded PDFs (certificates, crew lists, cargo manifests) and converting them to structured data. Once data is extracted, validation is 100% deterministic rule execution. The AI never makes compliance judgments.
PDF upload or form entry
Reads PDF → structured fields
LLM used here onlyDeterministic checks against regulation
Pass/fail per check + remediation
All validation rules are derived from published authority regulations: Panama Canal Authority (ACP) VUMPA/PCSOPEP requirements, Suez Canal Authority (SCA) pre-arrival notifications, Kanuni Directive on Government Measures (KDGM) for the Turkish Straits, and Maritime and Port Authority (MPA) STRAITREP requirements for Malacca. Rules are reviewed and updated when authorities publish amendments.
Below is a representative subset of the rule set for each waterway. Not exhaustive — the full rule set runs deeper — but representative of the type and specificity of checks applied.
Checks sourced from ACP VUMPA regulations and the Admeasurement Manual.
| Check | Category | Rule |
|---|---|---|
| IMO number format | Format | Must be 7 digits, prefix "IMO" optional |
| GT / NT consistency | Consistency | NT must be ≤ 72% of GT per ACP admeasurement rules |
| LOA within locks limit | Regulatory | Max 366m for Neopanamax, 294m for original locks |
| Beam within locks limit | Regulatory | Max 49m beam for Neopanamax lane |
| Draft vs. maximum allowable | Regulatory | Cannot exceed current maximum allowable draft per ACP notice |
| PCSOPEP certificate validity | Certificate | Must be current; expiry date in past = fail |
| ISPS Declaration present | Certificate | Required for all commercial vessels |
| Crew list completeness | Format | All crew entries must include name, rank, nationality, passport/seaman's book |
| Hazmat / DG declaration | Regulatory | IMDG class, UN number, stowage plan required if DG cargo aboard |
| Pre-arrival notice window | Deadline | VUMPA submission ≥ 96 hours before arrival at Cristóbal or Balboa |
| Flag state code validity | Format | Must match ISO 3166-1 alpha-2 registered flag states |
| Vessel type classification | Consistency | Type code must match ACP vessel type registry |
Checks sourced from Suez Canal Authority transit requirements and ISPS Port Facility documentation.
| Check | Category | Rule |
|---|---|---|
| SCNT tonnage calculation | Consistency | SCNT must align with stated GT/NT using SCA admeasurement formula |
| ISPS security level declaration | Certificate | Security level 1/2/3 must be declared; level 2+ requires additional docs |
| Last 10 ports of call | Format | Port name, LOCODE, arrival/departure dates — all fields required |
| Suez Canal registered agent | Regulatory | Agent must hold valid SCA-registered agent status |
| Pre-arrival window | Deadline | Notification ≥ 72 hours before arrival at Port Said or Suez |
| Convoy booking slot | Regulatory | Northbound and southbound convoys operate on fixed schedule; slot must be confirmed |
| Vessel dimensions vs. channel limits | Regulatory | Max draft 20.1m laden; beam restrictions for simultaneous transit |
Checks sourced from the Kanuni Directive on Government Measures (KDGM) and the Turkish Maritime Organization.
| Check | Category | Rule |
|---|---|---|
| SP-1 submission window | Deadline | Required ≥ 24 hours before entry into the Turkish Straits |
| Montreux Convention classification | Regulatory | Vessel class (warship, tanker, other) determines applicable rules |
| DG cargo declaration (tankers) | Regulatory | All hazardous cargo must be declared per KDGM Article 24 |
| Pilot booking status | Certificate | Pilotage not compulsory but booking confirms priority transit |
| Vessel LOA vs. straits limit | Regulatory | Vessels >200m require 24h advance daylight transit request |
| VHF watch declaration | Format | Continuous watch on VHF channel 16 mandatory; declaration required |
Checks sourced from MPA STRAITREP requirements and the Traffic Separation Scheme (TSS) for the Straits of Malacca and Singapore.
| Check | Category | Rule |
|---|---|---|
| STRAITREP report submission | Deadline | Required for vessels ≥300 GT; submit on entering STRAITREP zone |
| VHF / VTIS communication plan | Format | VTIS contact protocol and VHF channel must be declared |
| Draft vs. route depth constraints | Regulatory | Deep-draught vessels must transit via precautionary areas |
| ISPS security declaration | Certificate | ISPS certificate and current security level required |
| Pilotage requirement check | Regulatory | Compulsory pilotage applies in certain TSS zones by flag state treaty |
| MARPOL Annex I compliance | Certificate | Tankers must carry valid IOPP certificate; expires = immediate fail |
Each filing produces a compliance score (0–100) and a per-check result list. Failures include the specific field, the rule violated, the regulation source, and a remediation suggestion. The validator does not produce vague warnings — it produces actionable, traceable results.
This is the most important distinction to understand before adopting CanalClear. The compliance workflow has two phases. CanalClear owns the first. You or your agent owns the second.
Validates every field against authority rules, catches errors and omissions before submission, tracks regulatory deadlines per waterway, generates a submission-ready document package, and logs all validation history for your audit trail.
Your licensed ship agent (ACP-registered for Panama, SCA-registered for Suez) takes the validated package and submits it through the official authority portal. CanalClear ensures the package is right before they hit send.
Here's the sequence from vessel data to cleared filing:
CanalClear does not currently submit directly to authority portals on your behalf. Direct submission integration with ACP and SCA is on the product roadmap — if this matters for your operation, join the Direct Filing waitlist. Until then: the validated package is ready to hand to your agent the moment validation passes.
Ambiguity about scope is how compliance software earns a bad reputation. These are hard boundaries, not small print.
These are structural constraints of how canal compliance works legally, not product gaps we're planning to close.
Vessel filing data is sensitive. Here's exactly what we store, where it goes, and who has access.
All data at rest uses AES-256-GCM encryption. All connections require TLS 1.2 or higher. Suez Canal credentials are separately encrypted at the field level — not just at the database layer.
Primary database: Neon PostgreSQL on AWS us-east-1 (Northern Virginia, USA). File storage (PDFs, exports): Cloudflare R2, US region. Payment data: Stripe (PCI DSS Level 1, under Stripe's own privacy policy).
Role-based access (RBAC) with a 6-state approval workflow for team accounts. Filing data is scoped to your organisation — CanalClear staff do not access your filing data unless you open a support request that requires it. Audit trail logs all access.
Active filing data retained while your account is active. Deleted accounts: filing data purged within 30 days. Soft-deleted filings removed within 90 days. Backup data follows the same retention schedule.
We don't claim certifications we haven't completed. Here's the honest state:
For full security documentation including our responsible disclosure policy and data processing agreement (DPA) for GDPR-jurisdiction operators, see /security or email security@canalclear.org.
Honest answer: rejection happens. Here's what CanalClear does about it, and what the formal liability position is.
Not all rejections are equal. The table below distinguishes between what CanalClear is responsible for and what falls outside the scope of filing validation.
| Rejection reason | CanalClear's position |
|---|---|
| Field error caught by our rule set — CanalClear missed it | We missed it. File a support ticket — we'll investigate the rule gap and prioritise a fix. We don't charge for re-validation on the same filing. |
| Regulation change published after your filing | We update rules pre-effective-date for known amendments. For emergency authority notices, we push updates within 24 hours and alert affected users. |
| Authority-side scheduling, operational, or system issues | Outside filing quality — not a validation issue. Contact your agent. |
| Agent submission error (wrong portal, wrong form version) | Outside CanalClear scope. The validated package is correct — the submission error is in the agent's process. |
| Novel regulatory interpretation (treaty exemption, unusual cargo class) | Edge cases requiring legal interpretation are outside automated validation scope. See Section 3 — "Does not provide legal advice." |
CanalClear operates on a commercially reasonable uptime basis with no formal SLA for the current tier. Enterprise accounts (fleet-wide and agency plans) can negotiate SLA addenda — contact support@canalclear.org.
CanalClear's liability is governed by our Terms of Service. In short: we are a software tool that assists with compliance preparation, not a licensed agent or legal services provider. Liability is limited to the value of your subscription for the relevant period.
CanalClear reduces rejection risk by catching errors before submission — it doesn't eliminate it. The right framing: CanalClear is what you do before you hand the filing to your agent. A CanalClear-validated filing still requires a licensed agent and manual authority submission. We make that process faster, more accurate, and auditable — not legally guaranteed.
Try the demo to see what a VUMPA, SCA, or SP-1 validation actually looks like — errors flagged, remediation steps, deadline tracking, and the full compliance report.