RegTech Insights: As safe as Bitcoin: How blockchains can better protect audit trails.

10. March 2021

When you hear blockchain, you immediately think of Bitcoins. But the technology can do much more. Tamper-proof, traceable data and transactions are also important for regulated companies in medical technology or the pharmaceutical environment. And this can be done very well with blockchain technology, as a research project using audit trails as an example shows.

Blockchain technology has one outstanding advantage: Stored data remains unchangeable and is tamper-proof. This is important when – as with Bitcoins – money is at stake. But blockchains are also used in regulated environments – to track raw materials, prevent drug counterfeiting, secure production processes and distribution channels, or seamlessly document a cold chain in a blockchain using data from temperature sensors. The importance of this aspect can currently be seen in the sensitivity of COVID 19 vaccines with regard to cooling and transport.

The situation is very similar when software systems are used in regulated industries. It must be precisely documented what someone did when, why and with which results on a device, for example in the laboratory or with a software inquality management. This data is stored in so-called audit trails. And because product and patient safety are at stake, this data must be stored in a tamper-proof, unalterable and verifiable manner. That’s a regulatory requirement – and a perfect application area for blockchains.

DHC Business Solutions is investigating how to apply blockchain technology to audit trails in a research project. The RegTech specialist develops application scenarios and technical solutions for blockchain-based audit trails.

Audit trail data is generated when working with software systems or devices. In a blockchain network, each instance – or “peer” – has a cryptographic identity, issued by an assigned certification body. Audit trail data is stored with the peers, but is also backed up remotely and distributed across the network on different instances. This is driven by “smart contracts,” digital negotiation mechanisms that govern data distribution logic on the network. Data is always transmitted encrypted on the network; its hash values are stored globally on the blockchain. The latter help to verify the data; manipulations can be detected.

  This logic can now be applied to different devices or systems in a company. It can work between companies or business units. And it can reshape the relationship between the software vendor or device manufacturer on the one hand and the user on the other, if the copy of the audit trail data is held by the manufacturer in a blockchain in a quasi-fiduciary capacity and as a service.

The fact that a blockchain solution can be resource-intensive is another insight from the project; this is already familiar from the Bitcoin environment. However, this is not a fundamental barrier to blockchain-based audit trails; scalable consensus mechanisms are available and solve the problem. The advantages carry far more weight: Decentralized organization in the network, cryptographic protection of identities and a unique sequence of data or hash values lead to the desired and regulatory required security of audit trails.

The research project “GxP-Blockchain” is funded by the Central Technology Program Saar (Zentrale Technologieprogramm Saar, ZTS) and by the European Regional Development Fund (ERDF). Cooperation partners are the German Research Center for Artificial Intelligence (Deutsche Forschungszentrum für Künstliche Intelligenz, DFKI) and the medical technology startup AkknaTek GmbH.


The research project is documented in the whitepaper “GxP Blockchain: Possible Applications for Blockchain Technology in the Regulated Environment” and can be obtained here.