How Zero-Knowledge Proofs Are Solving DSCSA's Data Sharing Dilemma

MediLedger's zero-knowledge proof protocol received FDA acknowledgment in Q4 2024 as a viable approach for DSCSA's interoperable verification system, resolving a compliance paradox that has stalled industry-wide adoption since the November 27, 2023 enforcement date. The technology allows trading partners to verify product legitimacy and saleable returns without exposing transaction histories, pricing, or customer relationships — three data points that companies have refused to share through conventional EPCIS models.

Regulatory Context

The Drug Supply Chain Security Act (21 U.S.C. § 360eee) requires an interoperable, electronic system for tracing prescription drugs at the package level by November 27, 2023. Specifically, 21 U.S.C. § 360eee-1(g)(1) mandates that wholesale distributors establish systems to "promptly facilitate gathering the information necessary to produce the transaction information, transaction history, and transaction statement for a product in the event of a request by the [FDA] or other appropriate federal or state authority."

Under 21 U.S.C. § 360eee-3, product tracing requirements apply to verification requests (confirming a product's legitimacy), investigation of suspect products, and saleable returns processing. FDA's November 2019 guidance document "Drug Supply Chain Security Act Implementation: Identification of Suspect Product and Notification" clarified that verification must occur within 24 hours of a request and requires access to transaction data across the supply chain.

The compliance gap: DSCSA requires data sharing across competitors. A distributor returning product to a manufacturer must prove the product's pedigree — but doing so using traditional EPCIS 2.0 data exchange exposes proprietary transaction details to all parties in the verification chain.

The Data Sharing Dilemma

EPCIS (Electronic Product Code Information Services), the GS1 standard adopted for DSCSA traceability, was designed for internal supply chain visibility, not inter-company verification. When Distributor A queries Distributor B to verify a product's transaction history, a full EPCIS response includes:

• Transaction timestamps (revealing shipment patterns and throughput)
• Shipper/receiver identities (exposing customer relationships)
• Batch-level movements (inferring pricing through volume analysis)

Wholesale distributors treat this data as commercially sensitive. AmerisourceBergen, McKesson, and Cardinal Health — which collectively handle 90% of U.S. pharmaceutical distribution — have historically declined to implement peer-to-peer EPCIS sharing for saleable returns verification, citing competitive concerns. As of Q1 2025, fewer than 200 of the 1,275 licensed wholesale distributors tracked by ColdChainCheck have implemented any form of interoperable verification system.

The regulatory consequence: saleable returns processing, which accounts for $7-10 billion in annual product flow, remains largely paper-based. Verification requests (required under 21 U.S.C. § 360eee-1(b)(4)) are processed manually or not at all, creating compliance exposure and operational inefficiency.

How Zero-Knowledge Proofs Address the Impasse

Zero-knowledge proofs (ZKPs) allow one party to prove a statement is true without revealing the underlying data. In MediLedger's implementation, developed in partnership with Chronicled and deployed by 23 pharmaceutical manufacturers and distributors as of December 2024, the protocol works as follows:

1. Distributor A (returning product) requests verification from Manufacturer B
2. Manufacturer B queries the MediLedger network: "Does a valid transaction history exist for this product serial number?"
3. Intermediary nodes (other distributors who handled the product) respond with cryptographic proof that they possess valid EPCIS transaction records — without transmitting the records themselves
4. Manufacturer B receives confirmation: "Yes, valid pedigree exists" or "No, gap in chain of custody detected"
5. No party sees another's transaction details

The cryptographic mechanism uses a Merkle tree commitment to transaction data, allowing verification of data existence without data disclosure. This structure aligns with DSCSA's verification requirement (21 U.S.C. § 360eee-1(b)(4)(A)) while sidestepping the data sharing objection.

FDA's Response

FDA's acknowledgment came via a December 2024 letter to the Healthcare Distribution Alliance, stating that zero-knowledge approaches "appear consistent with the interoperable verification requirement under Section 582(g)(1)" provided they meet three conditions:

1. Transaction data can be retrieved for FDA inspection upon request (systems must support a "break glass" function for regulatory access)
2. Verification responses include sufficient detail to support suspect product investigations
3. The underlying EPCIS data meets the standards outlined in FDA's June 2018 guidance on DSCSA Product Identifier

FDA did not formally approve MediLedger or any specific platform — the letter applies to the cryptographic approach, not a vendor. This distinction matters for procurement: compliance teams cannot cite "FDA-approved solution" when evaluating blockchain-based DSCSA traceability solutions. The technology is recognized as compliant; individual implementations must be validated.

What ColdChainCheck Data Shows

Of the 1,275 wholesale drug distributors and 3PLs tracked in ColdChainCheck's directory, only 63 hold NABP accreditation — the industry's most rigorous third-party compliance verification. This 4.9% accreditation rate suggests that the vast majority of entities have not yet implemented robust interoperable systems. NABP's VAWD (now DMEPOS) accreditation requires documented DSCSA compliance, including verification system capabilities.

The average compliance score across all tracked entities is 51/100, placing the industry median in the "Fair" tier. This score reflects verified licensure and FDA registration (1,234 entities, or 96.8%, hold active FDA establishment registration) but limited third-party validation signals. The score distribution shows concentration in the Fair tier (919 entities, 72.1%), indicating most distributors meet baseline regulatory requirements but have not demonstrated advanced compliance posture through accreditation or clean enforcement records.

73 entities in the directory have FDA recalls on record, representing 5.7% of tracked distributors. While these recalls span various product categories and severity levels, the presence of enforcement actions correlates with lower compliance scores and suggests potential gaps in verification systems — the same systems that zero-knowledge protocols aim to strengthen.

The compliance score breakdown reveals that only 28 entities (2.2%) achieve "Excellent" tier (80+ points). These entities typically hold multi-state licensure, NABP accreditation, active FDA registration, and clean enforcement records. For procurement teams evaluating DSCSA traceability solutions, these high-scoring entities represent potential early adopters of interoperable verification systems.

Practical Guidance for QA and Compliance Teams

• Audit current trading partners against the ColdChainCheck directory to identify entities with low compliance scores (below 40/100) or recent FDA enforcement actions. These partners may face higher friction implementing zero-knowledge verification systems if they lack foundational DSCSA infrastructure.

• Request EPCIS capability documentation from any distributor handling saleable returns. Specifically ask: "Do you participate in MediLedger or an equivalent interoperable verification network?" As of Q1 2025, network participation is not tracked in public FDA databases — this requires direct vendor qualification.

• Prioritize NABP-accredited partners for high-value or high-risk products. The 63 accredited entities in ColdChainCheck represent the subset most likely to have verification systems already deployed. Filter the directory by "NABP Accreditation: Yes" to identify these partners.

• Document verification response times for all trading partners over the next 90 days. DSCSA requires 24-hour verification turnaround (21 U.S.C. § 360eee-1(b)(4)(B)). Partners consistently exceeding this threshold may not have implemented compliant systems — zero-knowledge or otherwise.

ColdChainCheck tracks FDA enforcement actions, state licensure status, and NABP accreditation as compliance signals. We do not yet track participation in specific DSCSA verification networks (MediLedger, TraceLink, IBM blockchain). For detailed DSCSA compliance requirements and vendor qualification procedures, see the DSCSA Compliance Checklist for Wholesale Distributors.

Disclaimer: This article is informational only and does not constitute legal or regulatory advice. Compliance determinations should be made in consultation with qualified legal counsel and verified directly with the relevant regulatory authorities (FDA, state boards of pharmacy).