Running a blockchain network is one thing. Knowing whether it's healthy is another. 72% of organizations experienced at least one certificate-related outage in the past year (CyberArk, 2025). Teams deploy Fabric channels and Besu testnets, add nodes, configure TLS, and then... hope nothing drifts. Certificate expirations sneak up. Orderer quorums shrink without anyone noticing. A single organization ends up controlling all the orderers, and nobody catches it until a transaction fails.
ChainLaunch's compliance scanner fixes this. Every network — Fabric or Besu — now has a Compliance tab directly in the network detail page. One click shows you exactly what's healthy, what's degraded, and what needs attention. No separate dashboards. No manual checklists.
TL;DR: ChainLaunch now runs platform-specific compliance checks directly inside each network's detail page. Fabric networks get orderer quorum, organization diversity, and certificate checks. Besu networks get validator count, TLS, and backup verification. With 72% of orgs reporting certificate outages (CyberArk, 2025), catching these issues early isn't optional.
If you don't have a network yet, start with our how to create a Hyperledger Fabric network or create a Besu network in 2 minutes guides.
What Does the Compliance Tab Check?
Compliance automation cuts audit preparation time by 60% and boosts auditor productivity by 35%, according to PwC's 2025 Global Risk Survey. ChainLaunch applies this principle to blockchain infrastructure: instead of manually checking certificate dates, counting orderers, and verifying TLS configs, the scanner does it all on demand.
The compliance scanner runs a different set of checks depending on your network's platform. Each check returns one of three statuses: Passed, Failed, or Warning. Here's what gets evaluated.
Fabric Network Checks
| Check | Category | What It Verifies |
|---|---|---|
| Orderer Quorum | Consensus | Enough orderers to tolerate failures (Raft requires a majority) |
| Organization Diversity | Decentralization | No single org controls more than 50% of orderers |
| TLS Certificates | Security | All nodes have valid TLS certificates configured |
| Certificate Expiry | Security | No certificates expiring within 30 days |
| Node Health | Operations | All nodes are running and responsive |
| Endpoint Conflicts | Configuration | No port or endpoint collisions between nodes |
| Backup Schedule | Operations | A backup schedule is configured for the network |
The Organization Diversity check is worth calling out. It catches a common mistake in development networks that quietly becomes a production risk: having a single organization run every orderer. If that org's infrastructure goes down, your entire consensus layer goes with it.
Besu Network Checks
| Check | Category | What It Verifies |
|---|---|---|
| Validator Count | Consensus | At least 4 validators for QBFT Byzantine fault tolerance (3f+1) |
| TLS Certificates | Security | All nodes have valid TLS certificates |
| Certificate Expiry | Security | No certificates expiring within 30 days |
| Node Health | Operations | All nodes are running and responsive |
| Endpoint Conflicts | Configuration | No port or endpoint collisions |
| Backup Schedule | Operations | A backup schedule is configured |
ChainLaunch's compliance scanner runs 7 platform-specific health checks for Fabric networks and 6 for Besu networks, covering consensus safety, TLS certificate validity, node health, and backup configuration. Each check returns a Passed, Failed, or Warning status with remediation guidance, enabling teams to catch infrastructure drift before it causes outages.
For Besu networks using QBFT consensus, the scanner verifies you have enough validators to tolerate Byzantine faults. With 4 validators, you can tolerate 1 faulty node. With 7, you tolerate 2. Drop below 4 and the check fails with a clear remediation message.
Want to understand QBFT consensus in more depth? Our QBFT consensus guide covers the theory behind validator requirements.
How Do You Access Compliance Checks?
Unplanned IT downtime costs an average of $14,056 per minute (EMA Research, 2024), and for large enterprises that number climbs to $23,750 per minute. A single expired TLS certificate can take an entire blockchain channel offline. That's why ChainLaunch puts compliance checks one click away — right inside the network detail page.
Navigate to any network's detail page from the Networks list or the sidebar. You'll see a Compliance tab alongside Details, Explorer, and the other network-specific tabs.
Click it. The scanner runs immediately, evaluating every check for that network's platform. You'll see:
- Overall status badge — Healthy (green), Degraded (yellow), At Risk (orange), or Critical (red)
- Summary counts — How many checks passed, failed, or generated warnings
- Individual check results — Each check with its status, category, message, and remediation steps if something's wrong
There's no configuration needed. The checks are built in and run on demand every time you open the tab.
The compliance scanner is accessible directly from the Compliance tab on any network's detail page in ChainLaunch. Checks run on demand with no configuration required, returning an overall status alongside individual check results with category badges and remediation steps for any failures.
Reading the Results
Each check result tells you three things:
- What was checked — The check name and its category (Consensus, Security, Operations, Configuration)
- What happened — A plain-English message like "3 orderers — can tolerate 1 failure(s)" or "Org 'OrdererOrg2' controls 100% of orderers (3/3)"
- What to do about it — Failed and warning checks include remediation guidance. For example: "Distribute orderers across multiple organizations. No single org should control more than 50% of orderers."
What Does Each Status Mean?
67% of organizations experience certificate-related outages monthly — up from 26% in 2022 (CyberArk, 2025). Catching problems early requires clear severity signals. ChainLaunch assigns one of four statuses to each network based on the aggregate results of all health checks.
- Healthy — Every check passed. Your network is in good shape.
- Degraded — Some checks produced warnings but nothing critical. Worth investigating but not urgent.
- At Risk — One or more checks failed. The network works today but has structural problems that could cause issues.
- Critical — Multiple failures. Immediate attention needed.
ChainLaunch assigns one of four compliance statuses to each blockchain network: Healthy (all checks passed), Degraded (warnings present), At Risk (one or more failures), or Critical (multiple failures requiring immediate attention). The status is derived automatically from the aggregate results of all platform-specific health checks.
A Fabric network with 3 orderers all owned by one organization? That's At Risk — the orderer quorum check passes (3 orderers can tolerate 1 failure), but the organization diversity check fails because a single point of organizational failure exists.
How Does the Organization-Wide View Work?
Beyond per-network checks, ChainLaunch also provides a global Compliance page accessible from the sidebar. This view aggregates health status across all your networks in one place.
It's useful when you're managing multiple networks — say, a Fabric production network and a Besu testnet. Instead of clicking into each one, the global view shows which networks need attention at a glance. 82% of companies plan to increase their compliance automation investment (PwC, 2025), and having a single pane of glass across all blockchain infrastructure is exactly the kind of tooling that justifies that spend.
Each network card in the global view links directly to that network's detail page, so you can drill down from the summary to specific check results in one click.
What Do Real Compliance Failures Look Like?
$2.2 billion was stolen in blockchain security incidents across 410 events in 2024 (SlowMist, 2025). While most of those were smart contract exploits on public chains, they underscore a broader point: infrastructure misconfigurations compound into serious problems. Here's how that plays out with ChainLaunch's compliance checks.
Scenario 1: Fabric Network After Adding Nodes
You've followed our Fabric network creation guide and deployed a network with 1 peer and 3 orderers under a single organization. Everything works. Then you check the Compliance tab:
- Orderer Quorum: Passed — 3 orderers, can tolerate 1 failure
- Organization Diversity: Failed — Org "Org1MSP" controls 100% of orderers
A common compliance failure occurs when a single Hyperledger Fabric organization controls 100% of orderer nodes. ChainLaunch's Organization Diversity check flags this as a Failed status with a clear remediation: distribute orderers across multiple organizations so no single org controls more than 50% of consensus infrastructure.
The fix is clear: create a second organization and distribute orderer ownership. Our Fabric PoC tutorial walks through multi-org setups if you need a reference.
Scenario 2: Besu Network With Too Few Validators
You've spun up a quick Besu testnet with 3 nodes for development. The Compliance tab shows:
- Validator Count: Failed — Only 3 validators. QBFT needs at least 4 (3f+1) for Byzantine fault tolerance
The remediation tells you exactly what to do: add another validator. With 4, you tolerate 1 Byzantine fault. The Besu PoC tutorial shows how to create a properly sized 4-node testnet from scratch.
Scenario 3: Certificate Expiry Warning
Your Fabric network has been running for 11 months. The Compliance tab surfaces:
- Certificate Expiry: Warning — 2 certificates expiring within 30 days
You now have time to renew before an outage. Without this check, you'd find out when peer connections start failing at midnight. Given that 67% of organizations now experience certificate outages monthly (CyberArk, 2025), proactive monitoring isn't a nice-to-have — it's operational hygiene.
What's Coming Next for Compliance?
ChainLaunch's compliance roadmap includes chaincode lifecycle verification across peers, endorsement policy validation against active peer counts, performance threshold monitoring for block time and throughput, and custom check rules for organization-specific compliance requirements — extending automated governance beyond infrastructure health into operational policy enforcement.
Specifically, we're building:
- Chaincode lifecycle checks — Verifying all peers have the same chaincode versions installed
- Policy checks — Ensuring endorsement policies match the number of active peers
- Performance thresholds — Block time, transaction throughput, and queue depth monitoring
- Custom check rules — Define your own pass/fail criteria for organization-specific requirements
How Do You Get Started?
77% of enterprise blockchain projects never move past the pilot stage (Gartner, 2025). Infrastructure complexity kills momentum before teams ever reach business logic. ChainLaunch's compliance scanner is one more way to remove operational friction — you shouldn't need a dedicated SRE to tell you your certificates are about to expire.
If you don't have a network to check yet:
- For Fabric: Follow our step-by-step Fabric network guide — you'll have a network running in under 10 minutes
- For Besu: Use our 2-minute Besu network tutorial — 4 validators, QBFT consensus, pre-funded accounts
- With AI assistance: Try our Fabric PoC with Claude Code or Besu PoC with Claude Code tutorials for a fully guided experience
Once your network is up, click into it from the Networks page, open the Compliance tab, and see exactly where you stand.
Not sure which blockchain platform fits your use case? Our Fabric vs Besu comparison breaks down the trade-offs.
Frequently Asked Questions
How often should I run compliance checks?
Every time you open the Compliance tab, checks run on demand against the current network state. There's no scheduled scan — you get real-time results. 67% of organizations experience certificate outages monthly (CyberArk, 2025), so checking after any infrastructure change is a good practice.
What happens when a compliance check fails?
Failed checks display a red status icon, a plain-English explanation of the problem, and a specific remediation recommendation. For example, a Validator Count failure tells you exactly how many validators you need and why (QBFT's 3f+1 Byzantine fault tolerance formula).
Can I add custom compliance checks?
Not yet — but it's on the roadmap. Currently, ChainLaunch runs built-in checks for consensus, security, operations, and configuration. Custom check rules will let you define organization-specific pass/fail criteria for your compliance requirements.
Does compliance work with imported networks?
Yes. The scanner evaluates any network in ChainLaunch, whether it was created through the wizard or imported from an existing deployment. It inspects the current state of nodes, certificates, and configuration regardless of how the network was provisioned.
What's the difference between the per-network tab and the global compliance page?
The per-network Compliance tab shows detailed check results for a single network. The global Compliance page (accessible from the sidebar) aggregates status across all networks, giving you a quick overview of which networks need attention without clicking into each one individually.