Enterprise RPC infrastructure: nodes, SLA, and compliance

TL;DR: Most enterprise blockchain projects fail at the infrastructure layer, not the smart contract layer. The gap between “it works in staging” and “it holds under production load with contractual guarantees and a compliance audit trail” is not a configuration problem — it is a vendor selection problem. This guide covers what enterprise RPC infrastructure actually means, why Ethereum remains the primary enterprise chain, and what the compliance checklist looks like before procurement.

The wrong question enterprises ask about blockchain infrastructure

The standard enterprise procurement question is: “What’s your uptime?”

It is the wrong question — and it is how organizations end up in production on shared endpoints that technically meet the 99.9% uptime number while being completely unfit for institutional use. Shared infrastructure means your traffic competes with every other tenant on the same nodes. A burst from a high-volume dApp on the same cluster degrades your response times. You have no SLA with financial penalties, no dedicated support channel, no audit logs for your own requests, and no contractual basis to escalate when latency spikes at 2am before a settlement window.

The right question is: “What happens to my organization when this endpoint fails, and what does the provider owe us when it does?”

That question — not uptime percentages — is what separates enterprise blockchain RPC infrastructure from developer-tier shared endpoints. The JSON-RPC protocol is identical across vendors. The operational guarantees, isolation model, and compliance posture wrapped around it are not.

Shared vs dedicated: the architectural split that matters

Standard RPC providers, including the free tiers of every major vendor, operate shared infrastructure. Your application sends requests to a pool of nodes serving hundreds or thousands of other users simultaneously. This is economical and fine for development. It is unsuitable for production systems where SLA obligations exist, where sensitive data moves, or where regulators expect documented controls.

Dedicated Nodes operate on physically or logically isolated compute. Your traffic goes to nodes reserved for your organization. This changes several things at once:

Dimension	Shared RPC	Dedicated Node
Performance isolation	No — shared with all tenants	Yes — resources reserved for you
Noisy neighbor risk	Present	Eliminated
Rate limits	Platform-wide caps	Negotiated per-deployment
Custom configuration	Not available	Node client version, flags, cache settings
Audit log access	Not available	Full request/response logging
Uptime SLA	Best-effort or soft	Contractual, with penalty clauses
Compliance artifacts	Not available	Available on request
Support tier	Ticket queue	Named technical contact

For an enterprise deploying, say, a stablecoin payment system or a tokenized asset custody flow, the shared model introduces risk that cannot be mitigated by application-level retry logic alone. Retries work when failures are brief and transactional. They do not work when the underlying infrastructure is rate-limiting your tenant because another tenant spiked — and your operations team needs to explain to the compliance function why transaction confirmations were delayed.

Ethereum as the primary enterprise chain

Ethereum is not the fastest chain. It is not the cheapest chain. It is, however, the enterprise chain — and this is unlikely to change in the medium term.

The reasons are structural rather than technical. Enterprise procurement favors auditability. Ethereum has the longest continuous mainnet history of any programmable blockchain, the deepest developer toolset, and the broadest institutional familiarity. Legal and compliance teams increasingly know what “Ethereum mainnet” means. They do not yet have equivalent frameworks for most alternatives.

Beyond familiarity, Ethereum’s EVM has become the canonical smart contract execution standard. L2 networks — Arbitrum, Optimism, Base, Polygon — all expose EVM-compatible RPC interfaces. An enterprise that standardizes on Ethereum RPC infrastructure can extend that investment across most of the L2 ecosystem without retraining engineers or rewriting integration libraries.

Practically, this means:

• Custodians, prime brokers, and institutional trading venues hold ETH and ERC-20 assets as primary inventory
• MiCA-regulated entities in the EU operate primarily on EVM chains for regulatory traceability
• Enterprise tokenization projects — real estate, bonds, trade finance — predominantly deploy on Ethereum mainnet or permissioned EVM chains
• SWIFT’s 2023–2024 interoperability experiments and Euroclear’s tokenized asset pilots have both targeted Ethereum or EVM-compatible environments as the settlement layer

RPC infrastructure that treats Ethereum as the primary chain and extends to Solana, BNB Chain, or others as secondaries maps cleanly onto the actual portfolio of an enterprise blockchain operation.

What an enterprise SLA actually contains

An SLA document that just states “99.9% uptime” is close to meaningless in practice. Enterprise infrastructure contracts should specify:

• Uptime definition. Is downtime measured per endpoint, per region, or globally? Does partial degradation count? A provider with three regional clusters can claim 99.9% global uptime while one region is completely unavailable — unacceptable if your users are concentrated there.
• Penalty structure. Without financial penalties or service credits tied to specific SLA breach thresholds, the uptime number is a marketing claim. Credible enterprise SLAs include tiered credit schedules: for example, 10% monthly credit for availability between 99.5–99.9%, 25% credit below 99.5%, and contract termination rights below 99.0%.
• Latency guarantees. Availability alone does not cover performance degradation. p95 and p99 latency targets — not just averages — should appear in the contract. An endpoint that responds in 30ms 95% of the time but 800ms 5% of the time will fail latency-sensitive applications.
• Support response times. Shared-tier support means tickets processed in business hours. Enterprise SLAs should specify response time by severity: P1 (production outage) in under one hour, 24/7; P2 (degraded performance) in under four hours; P3 (non-urgent) in one business day.
• Incident communication. Enterprise operations teams need structured incident notifications — not just a status page — with estimated resolution times and post-incident root cause reports within 48 hours.
• Data residency and processing terms. For deployments subject to GDPR, data localization requirements, or sector-specific regulations (banking, healthcare, public sector), the contract must specify where request data is processed and stored, for how long, and under what deletion schedule.

SOC 2 and ISO 27001: the compliance floor

When an enterprise security team evaluates a blockchain infrastructure vendor, SOC 2 Type II and ISO 27001 certification are the baseline. Not differentiators — the floor below which a vendor does not make it to the shortlist. As crypto regulation tightens in 2026 under frameworks like MiCA and the GENIUS Act, this bar is rising, not softening.

SOC 2 Type II covers the operational controls around security, availability, processing integrity, confidentiality, and privacy over a sustained audit period — typically six to twelve months. The “Type II” distinction matters: Type I is a point-in-time snapshot of whether controls exist. Type II demonstrates those controls were consistently applied over time. A vendor with only Type I certification has not yet proven their processes hold under real operating conditions.

ISO 27001 is the international standard for information security management systems. Where SOC 2 is primarily US-focused and trusted by US enterprises, ISO 27001 is the equivalent recognized by European and Asian institutions. The two frameworks are complementary by design: ISO 27001 establishes the governance blueprint — the policies, risk management processes, and controls that define how an organization protects its information assets. SOC 2 Type II then provides the audited evidence that those controls actually work under real operating conditions, not just on paper. For multi-jurisdictional deployments, both certifications together cover the procurement requirements of most regulated industries.

For blockchain node infrastructure specifically, these certifications map onto controls that go well beyond typical SaaS requirements:

• Validator key protection — hardware security modules (HSMs) handle cryptographic operations directly, preventing private key material from ever being exposed in software memory
• Change management for protocol client updates — updates to Geth, Erigon, or Reth carry real consensus risk; a faulty update can drop a node off the network entirely. Formal change processes with multi-signature approval and isolated test environments create the auditable trail SOC 2 auditors need
• Availability architecture — geo-distributed clusters with automated self-healing remove the single points of failure that would otherwise make continuous consensus participation impossible
• Double-signing prevention — real-time consensus monitoring detects duplicate key activity across forks and shuts down secondary nodes before a slashing event can occur
• RPC-layer attack mitigation — rate limiting, Layer-7 traffic scrubbing, and Tier 3 data center infrastructure protect endpoints against mempool-clogging and exploit attempts
• Data encryption — TLS in transit, AES-256 at rest across all RPC history and blockchain data

For a detailed breakdown of how these controls apply specifically to node infrastructure, see the SOC 2 Type II and ISO 27001 for blockchain infrastructure guide.

Chainstack holds SOC 2 Type II certification, with ISO 27001 underway as of Q2 2026 — making it one of the few RPC infrastructure providers that can hand a compliance team an audit-backed answer on the first ask.

For the enterprise checklist, the compliance artifacts to request from any RPC provider include:

• Current SOC 2 Type II report (not older than 12 months)
• ISO 27001 certificate with scope statement (or in-progress roadmap with expected certification date)
• Penetration test summary (last 12 months)
• Business continuity and disaster recovery plan summary
• Subprocessor list
• Data processing agreement (DPA) template

The enterprise blockchain RPC checklist

Before signing with any blockchain RPC infrastructure provider, procurement and engineering teams should verify each of the following:

Infrastructure

• Dedicated node option available (not just shared pool access)
• Node client version selection and configuration control
• Archive node access for historical state queries
• Multi-region deployment with documented failover behavior
• Private networking option (VPC peering, private endpoints) to avoid public internet transit

SLA and operations

• Written SLA with explicit uptime definition and measurement methodology
• Financial penalties or service credits for SLA breach
• p95/p99 latency targets in addition to availability
• 24/7 P1 support with named escalation path
• Post-incident root cause analysis within 48 hours
• Status page with historical incident data

Compliance

• SOC 2 Type II report available under NDA
• ISO 27001 certification with current certificate
• DPA available for GDPR or equivalent compliance
• Data residency options documented (EU, US, APAC)
• Audit log access for your own request history

Commercial

• Custom contracts with negotiated terms (not just click-through ToS)
• Invoicing in a format compatible with enterprise finance systems
• Multi-year pricing stability clauses
• Defined offboarding and data export procedures

Chainstack enterprise infrastructure: what the deployment looks like

Chainstack’s enterprise offering combines Dedicated Nodes with the compliance posture, commercial flexibility, and support model that enterprise procurement requires.

At the infrastructure layer, Dedicated Nodes provide fully managed node operation with complete resource isolation. Engineering teams choose the chain, node client, configuration parameters, and deployment region. Chainstack handles node health, software updates, and failover — without the enterprise team needing to maintain the underlying infrastructure themselves.

The node product stack for enterprise deployments typically combines:

• Dedicated Nodes for production workloads requiring isolation and guaranteed resources
• Global Nodes for geo-distributed read traffic where latency optimization across regions matters
• Archive Data for historical state queries — common in compliance reporting, analytics, and reconciliation workflows

For Ethereum specifically, archive node access is non-negotiable for most enterprise use cases. State queries against contract interactions from six months ago require full archive history. On a full (pruned) node, those calls return errors. Chainstack’s archive node coverage extends to all major EVM chains.

At the commercial layer, Chainstack enterprise clients operate under custom contracts rather than standard click-through terms. This includes negotiated SLAs, DPA execution, invoicing that integrates with AP workflows, and access to the SOC 2 Type II report under NDA.

Support at enterprise tier means a named technical contact, not a ticket queue. Escalation paths go directly to infrastructure engineers who know the customer deployment. This is relevant during incidents — when a trading platform’s node starts returning unexpected responses at market open, the difference between “submit a ticket and wait” and “call the engineer who deployed your node” is measurable in revenue.

Conclusion

The article opened with a claim: enterprise RPC infrastructure is a different product category, not a harder version of developer tooling. The procurement checklist above is what makes that claim concrete. Every item on it — dedicated resource isolation, financial penalty clauses, p99 latency targets, SOC 2 Type II, DPA execution, named technical contact — exists to address a category of risk that a shared endpoint simply cannot mitigate. Retries do not fix a tenant spike. Application logic does not produce a compliance audit trail. And a status page is not a contract.

Ethereum holds the primary enterprise position not because of performance benchmarks, but because the institutional framework built around it — custody support, regulatory familiarity, MiCA applicability, EVM-standard L2 extension — reduces procurement risk for deploying organizations. Infrastructure investment in Ethereum-compatible RPC compounds across the L2 ecosystem in a way that investment in chain-specific alternatives does not.

If your organization is working through the vendor checklist above, start with Chainstack Enterprise — custom contracts, SOC 2 Type II report available under NDA, Dedicated Nodes with full resource isolation, and a named technical contact from day one.

FAQ

Additional resources

• Chainstack Enterprise
• Dedicated Nodes
• SOC 2 Type II certification
• SOC 2 Type II and ISO 27001 for blockchain infrastructure
• How regulation is reshaping crypto infrastructure in 2026
• Global Nodes
• Enterprise Solana infrastructure: What matters in 2026
• Chainstack pricing