P4 · Regulatory Attribute Proof

Verify Supplier Licenses, ISO & Certificates Without Handing Over Originals

Hide original certificates and the certifier's contact
Prove holds a valid ISO certification

Verify that a supplier "validly holds" a license, ISO, or quality/insurance certificate as a proof — without receiving the original. Remove forgery, expiry, and reuse; track revocation.

Manufacturing · Procurement & supply chain · Trading firms · Critical infrastructure 4 min read
live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist
01 · WHO IT'S FOR

Who this is for.

For those who verify suppliers' licenses, ISO certifications, quality proofs, and insurance certificates. Exchanging certificate PDFs carries forgery, expiry, and reuse risk. "Submitted" and "valid right now" are not the same thing.

  • Procurement / purchasing / supplier-management leads in manufacturing and critical infrastructure

  • Teams verifying ISO / licenses / insurance across many suppliers

  • Organizations needing to prove supplier-attribute conformance for CBAM, EUDR, etc.

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma
Hand over the original
supplier:
Corp ABC
iso_certificates:
ISO 9001, ISO 14001 (PDF)
financial_statements:
B/S, P/L (3 yrs)
licenses:
mfg license #ABC123
audit_reports:
auditor report
↓ all of it goes to the AI / outside
With Lemma
Hand over just the facts
holder:
did:lemma:supplier-ABC
issuer:
did:lemma:authority-iso
jurisdiction:
JP
licenseType:
iso-9001-14001
disclosed:
[isISO9001Certified, isISO14001Certified, validUntilYear]
hidden:
[certificate_no, financial_detail, audit_detail]
attestation:
ISO certs valid
ZK verified:
✓ VALID
↓ only the necessary facts to the AI

We verify only that a supplier "validly holds" a certification, license, or insurance — as a proof. The original (the certificate's contents) is not handed over. Because revocation (expiry, withdrawal) is trackable, "valid when submitted but now lapsed" is detectable.

Attributes are chained with issuer signatures from each supplier tier; the assembler verifies them as ZK proofs.

See the technical details ↗
03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method Pass without exposing Independent verification Tamper-proof
Access control only
Masking / anonymization
Encryption only
Lemma (ZK proof)the only one with all 3
04 · HOW IT WORKS

What's next

We enter through AI-adoption and data-governance support and a PoC, and stay alongside you through to operations.

  1. A 30-minute review — identify procurement paths where forgery/expiry/reuse risk concentrates.
  2. Narrow to 1–2 decisions (results) to prove — e.g. "holds a valid ISO certification," "insurance is valid." Not the originals.
  3. Design issuance and revocation — issuance paths with certifiers/suppliers, and expiry/revocation handling.
  4. Prove one path via a (quote-based) PoC.
  5. Hands-on support from rollout through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; the setup and pricing are designed together.

Tell us the one procurement path where certificate-verification risk concentrates most, in the first 30 minutes. No disclosure of sensitive data required.

05 · RELATED

Related use cases

Still have questions? See the FAQ →

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Regulatory Attribute in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →