Mock/sandbox only. Production authority submission requires configured credentials, authority onboarding, operator approval, data protection controls, and retention policy review. Mock and sandbox outputs are not legal authority submissions.
Compliance and legal readiness
EU and U.K. border workflows need authority-specific filing logic, data protection controls, auditability, record retention, and explicit production approval. This page is an operational checklist for professional review.
Production posture
Production authority submissions are locked until real connector credentials, authority onboarding, EORI scope, operator approval policy, data protection ownership, retention policy, and fallback process are configured and reviewed.
Current staging remains mock-first. Sandbox and mock responses are useful for testing workflow logic, but they do not create legal filings with HMRC, EU Member State customs, French customs, or transit systems.
Readiness blockers and guardrails
| Type | Item |
|---|---|
| Blocking item | No current blocking items |
Controls required before production
| Control | Operational requirement |
|---|---|
| Data protection | Restrict evidence images and payload archives; expose metadata to normal users; keep OCR local in v1. |
| Accuracy | Show missing fields by connector and require review when evidence confidence, conflicts, or required fields are unsafe. |
| Record keeping | Keep clear audit and payload metadata; set a real retention policy before production use. |
| Production gates | Do not call production authorities until credentials, onboarding, approvers, fallback, and policies are configured. |
| Operator responsibility | The app assists workflow decisions; declarant/operator responsibility for complete and accurate data remains outside the software. |
Authority scope matrix
| System | Scope | BorderBridge guardrail |
|---|---|---|
| UK S&S GB | Entry summary declarations for imports into Great Britain. | Complete and accurate ENS data, issued movement reference number, operator review before production. |
| EU ICS2 | Advance cargo safety and security data for goods entering or transiting the EU, including Northern Ireland scope. | Manual/STP or S2S gateway onboarding, certificates, complete ENS data, no real S2S in mock mode. |
| GVMS / GMR | UK Goods Vehicle Movement Service routes where declaration references are linked into a GMR. | Applicable route, vehicle/trailer data, declaration references, GMR finalisable state before check-in. |
| French ELO | France-UK smart-border/RoRo logistics envelope scope. | Only apply on configured France smart-border routes with ELO access, dossier/token reconciliation, callback audit. |
| NCTS | Transit movements when a transit declaration applies. | Transit MRN capture in this MVP; real declaration preparation remains a later authorised connector. |
Source review baseline
| Area | Operational interpretation |
|---|---|
| EU/UK data protection | Use data minimisation, security, transparency, and retention controls for personal data in evidence, parties, vehicles, and audit records. |
| UK safety and security | Imports into Great Britain use S&S GB for entry summary declarations; accepted declarations receive movement references and are risk assessed. |
| EU safety and security | ICS2 is the advance cargo information system for goods entering or transiting the EU; road/rail operators need complete ENS data under current deployment rules. |
| GVMS | GMR links customs, safety/security, transit, and vehicle/trailer details for applicable pre-lodgement routes. |
| Customs records | Production operators need accurate records, secure backup, and retention rules that match the authorisation and filing type. |