Background and Motivation

Global supply chains are among the most complex information systems humans operate. They span hundreds of organizations, dozens of jurisdictions, and thousands of individual product movements per day. Despite this complexity, the underlying data infrastructure remains fragmented: proprietary formats, bilateral EDI agreements, and centralized intermediary platforms are the norm rather than the exception.

The GS1 [[EPCIS]] standard, widely adopted across retail, healthcare, and logistics, provides a common vocabulary for supply chain events — captures of who did what to which item, where, and when. However, EPCIS defines what to record, not how to prove it. A receiving party cannot cryptographically verify that an EPCIS record was created by an authorized party, has not been tampered with, or corresponds to any real-world act of authority.

Simultaneously, the W3C Verifiable Credentials Data Model and [[DID-CORE]] provide a mature, widely deployed infrastructure for cryptographically signed, decentralized identity. These technologies have been adopted in digital credentials for education, healthcare records, and government identity, but have not yet been systematically applied to supply chain event data.

Regulatory pressure is accelerating the need. The US [[DSCSA]] mandates electronic, interoperable tracing of prescription drug products across the entire pharmaceutical distribution chain. The EU [[EUDR]] requires due diligence documentation for commodities associated with deforestation. The EU [[EU-BEV]] requires battery passport data covering the full material supply chain. India's Drugs Rules, 1945 mandate QR codes on top 300 formulation brands and all APIs. These regulations require auditable, tamper-evident records — a property EPCIS alone cannot provide.

The Verifiable Supply Chain (VSC) framework addresses this gap by defining how [[EPCIS]] events can be represented as [[VC-DATA-MODEL]] credentials, binding event data to the issuing party's [[DID-CORE]] identifier and enabling cryptographic verification across organizational boundaries without requiring a shared central database. Beyond event integrity, VSC incorporates three normative vocabularies that transform credentials into self-contained trade documents: the WCO Harmonized System for commodity classification, ICC INCOTERMS® for commercial terms and risk allocation, and UCP 600 for trade finance instrument binding. Together with the VSC Event Matrix and Regulatory Rule Compiler, the framework provides a complete verification operating system for global trade.

Problem Statement

Current supply chain data systems exhibit three structural deficiencies that VSC is designed to address:

Fragmentation

No standard mechanism exists to exchange verifiable supply chain event records across organizational boundaries in a vendor-neutral way. Point-to-point integrations and proprietary platforms create data silos that prevent end-to-end visibility (see [[ISO28000]] Section 4.2 on supply chain security risk assessment).

Lack of Verifiability

EPCIS provides rich event semantics but contains no native mechanism for a receiver to verify the identity of the asserting party, the integrity of the record, or the authority of the issuer to make the claimed assertion. A well-formed EPCIS document is indistinguishable from a fabricated one without out-of-band authentication mechanisms.

Regulatory Non-Compliance Risk

Regulations including [[DSCSA]], [[EUDR]], [[EU-BEV]], and India's Drugs Rules require auditable, tamper-evident records of product provenance and chain of custody. Existing data systems cannot satisfy these requirements without significant bespoke engineering, creating compliance risk for supply chain participants across multiple jurisdictions simultaneously.

Commercial Liability Ambiguity

Even when event data is available, existing systems cannot programmatically determine who bears commercial responsibility when goods are damaged, delayed, or lost in transit. INCOTERMS® rules govern this liability but are not machine-readable in current supply chain data formats, leading to disputes that take weeks or months to resolve.

The VSC Approach

VSC addresses the deficiencies identified in Problem Statement by:

• Preserving EPCIS semantics: The Event-to-Credential Mapping is a normative, lossless transformation. All EPCIS event fields (event type, temporal context, business context, product identifiers, read points) are preserved. The resulting Verifiable Credential is a superset of the source EPCIS event.
• Binding identity to events: Each event credential is signed by the asserting Supply Chain Actor using a [[DID-CORE]] identifier. Verifiers can resolve the DID to retrieve the public key and verify the signature without contacting the issuer.
• Enabling selective disclosure: Using [[VC-DATA-MODEL]] mechanisms (e.g., [[BBS-2023]] proofs or [[SD-JWT]]), holders can reveal only the event fields required by a given verification context, protecting commercially sensitive data while satisfying regulatory requirements.
• Supporting chain-of-custody reconstruction: Individual event credentials can be linked by reference, enabling a verifier to reconstruct the full custody chain from issuance through delivery.
• Embedding normative trade vocabularies: VSC incorporates the WCO Harmonized System (HS) for commodity classification, ICC INCOTERMS® for commercial terms and risk allocation, and UCP 600 for trade finance instrument binding. These vocabularies transform a VSC credential from an event record into a self-contained trade document that answers what the product is, where commercial responsibility transfers, and how payment is governed.
• Providing architectural frameworks: The VSC Event Matrix expresses any trade event as a five-dimensional vector with forward-compatible extensibility and integrated machine learning feature extraction. The VSC Regulatory Rule Compiler compiles trade regulations into machine-executable verification functions, enabling a single verification architecture to process any event from any domain.
• Aligning with existing community work: VSC builds on [[TRACEABILITY-V1]], [[TRACEABILITY-INTEROP]], and [[UNTP]], maximizing reuse of existing credential vocabularies and interoperability profiles.

VSC does not require distributed ledger technology. DID methods backed by web infrastructure (e.g., did:web) are explicitly supported and are expected to be the dominant deployment pattern for enterprise supply chains. Ledger-based DID methods MAY be used but are not privileged.

Document Conventions

Requirement identifiers take the form REQ-Xn where X is F (functional) or NF (non-functional) and n is a two-digit sequence number. Every requirement includes a rationale grounded in published standards or regulations, a specific testability statement to guide conformance test development, and normative references.

Use case identifiers take the form UC-n. Each use case cross-references the requirements it motivates.

Defined terms appear in bold style and are linked on first use in each section.

Document Structure

This document is organized into five parts:

• Part I — Foundation: Conformance, Scope, Terminology, Conceptual Architecture, and Related Work establish the conceptual foundation.
• Part II — Normative Vocabularies: HS Codes, Trade Finance, and INCOTERMS® define the standardized languages VSC speaks for commodity classification, payment instruments, and commercial terms.
• Part III — Architectural Frameworks: The VSC Event Matrix and Regulatory Rule Compiler provide the cross-domain verification schema and machine-executable compliance engine.
• Part IV — Use Cases and Requirements: Eleven use cases motivate twenty functional and five non-functional requirements with testability statements.
• Part V — Cross-Cutting Concerns: Security, Privacy, Accessibility, Internationalization, and Future Work.

In Scope

• Event-to-credential mapping: A normative, field-level mapping from each [[EPCIS]] event type (ObjectEvent, AggregationEvent, TransformationEvent, TransactionEvent, AssociationEvent) to a corresponding [[VC-DATA-MODEL]] credential schema.
• Physical binding alignment: VSC credentials are designed to be compatible with emerging physical-to-digital binding specifications, including the W3C Physical Asset Attestation (UORA) Community Group's work on DID-native object addressing and secure physical anchors (NFC, QR codes, IoT sensors). VSC defines the trade and compliance layer operating above the physical binding layer, enabling a UORA-anchored object identifier to carry VSC trade classifications, commercial terms, and regulatory compliance attestations through the global supply chain.
• Identity binding: Specification of how Supply Chain Actors are identified using [[DID-CORE]] and how their authority to assert events for a given business context is established.
• Verification model: Rules for verifying the integrity, authenticity, and provenance of Supply Chain Events represented as Verifiable Credentials.
• Selective disclosure: Mechanisms allowing holders to reveal only a subset of event fields to a given verifier.
• Event linking: Conventions for chaining event credentials to reconstruct provenance and custody histories.
• Normative commodity vocabulary: Integration of WCO Harmonized System (HS) codes as a normative classification vocabulary for product-bearing credentials.
• Normative commercial terms vocabulary: Integration of ICC INCOTERMS® as a normative vocabulary for commercial responsibility and risk allocation.
• Normative trade finance vocabulary: Integration of UCP 600 instruments as a normative vocabulary for payment and documentary compliance.
• Cross-domain verification schema: The VSC Event Matrix providing a five-dimensional, forward-compatible grammar for expressing any trade event.
• Machine-executable regulatory compliance: The VSC Regulatory Rule Compiler enabling regulations to be expressed as executable verification functions.
• Interoperability requirements: Normative requirements enabling VSC-conformant implementations from different vendors to exchange and verify event credentials without bilateral agreements.
• Use cases and requirements: Eleven motivating scenarios grounded in regulatory obligations and industry practice, with twenty corresponding testable functional requirements and five non-functional requirements.

Out of Scope

• Credential transport protocols: How credentials are transmitted between parties (e.g., HTTPS, messaging queues, DIDComm) is out of scope. Implementers SHOULD follow [[TRACEABILITY-INTEROP]] for HTTP-based exchange.
• Storage and persistence: Database schemas, file formats, and retention policies for event credentials are implementation-specific.
• Business workflow automation: Rules engines, approval workflows, and ERP integrations are out of scope.
• Identity governance: Frameworks for issuing, revoking, or governing organizational DID identifiers are defined externally (e.g., by sector trust frameworks).
• Distributed ledger technology: VSC does not define or require any specific DLT, blockchain, or consensus mechanism.
• Physical IoT and sensor integration: How physical readings (temperature logs, GPS coordinates) are captured and bound to credentials is out of scope, though VSC credentials can carry such data as extension elements.
• National tariff schedules: VSC provides the structure for national HS code extensions but does not maintain or publish country-specific tariff schedules.

The Five-Layer Model

VSC operates as a five-layer architecture. Each layer addresses a distinct dimension of verifiability, and together they transform a physical supply chain event into a self-contained, cryptographically provable trade document:

Layer 1 — Physical Events (EPCIS 2.0)

Captures what happened to which item, where, and when. EPCIS provides the event vocabulary: ObjectEvent, AggregationEvent, TransformationEvent, TransactionEvent, and AssociationEvent. Every VSC credential begins as an EPCIS event.

Layer 2 — Cryptographic Integrity (VC Data Model)

Wraps each EPCIS event in a Verifiable Credential with a Data Integrity proof. The proof makes the event tamper-evident: any modification to the event data after issuance invalidates the proof. Selective disclosure mechanisms allow holders to reveal only the fields required by a given verification context.

Layer 3 — Organizational Identity (DID Core)

Binds each credential to the asserting party's Decentralized Identifier. Verifiers resolve the DID to retrieve the public key and verify the proof independently, without contacting the issuer. DID methods are not prescribed; did:web is expected to be the dominant enterprise deployment pattern.

Layer 4 — Trust Anchor Governance (Trust Framework)

Separates cryptographic proof verification from real-world authorization. A Trust Framework maintains the Issuer Registry of DIDs authorized to assert specific types of events in specific business contexts. Proof validity does not imply authorization — the registry check closes this gap.

Layer 5 — Sector and Regulatory Overlays

Applies jurisdiction-specific and industry-specific rules to the verified event. This layer incorporates the three normative vocabularies (HS Codes, INCOTERMS®, Trade Finance), the VSC Event Matrix for cross-domain verification, and the Regulatory Rule Compiler for machine-executable compliance.

Roles

VSC defines three primary roles, aligned with [[VC-DATA-MODEL]] Section 1.3. In supply chain deployments these roles are typically held by different organizations, though a single organization may act in multiple roles across different transactions.

Issuer

A Supply Chain Actor that asserts a Supply Chain Event and creates the corresponding Verifiable Credential. The issuer signs the credential using the cryptographic key material associated with its [[DID-CORE]] identifier. The issuer is responsible for the accuracy of the event claims, for maintaining Credential Status information, and — when applicable — for populating the HS Classification, INCOTERMS® Classification, and Trade Finance Instrument bindings that transform the credential into a self-contained trade document.

Holder

An entity that receives and stores Verifiable Credentials and may assemble them into Verifiable Presentations for submission to verifiers. In supply chain contexts, holders are typically downstream trading partners, freight forwarders, customs agents, or regulatory bodies. A holder may also be an issuer (e.g., a manufacturer issues a provenance credential and later presents it to a retailer). Holders apply Selective Disclosure to reveal only the fields required by the verification context.

Verifier

An entity that accepts Verifiable Credentials or Presentations and validates their integrity, authenticity, and policy compliance. Verifiers execute the Universal Verification Pattern: resolve the issuer's DID, verify the Data Integrity proof, check credential status, validate issuer authority against the Issuer Registry, and — when configured — apply machine-executable regulatory rules from the Regulatory Rule Compiler. Verifiers produce structured verification results including per-dimension status and a composite trust score.

EPCIS Event Types and VSC Mapping

[[EPCIS]] v2.0 defines five event types. VSC requires a normative credential schema for each. Every event type can carry the three normative vocabulary bindings (HS Classification, INCOTERMS® Classification, and Trade Finance Instrument) as optional credential subject extensions:

The schema names in the table above are placeholders. Normative schema identifiers and JSON-LD context URIs will be defined in the VSC Core Data Model specification. The "Normative Vocabularies Applicable" column indicates which vocabulary bindings are relevant to each event type; all are optional and populated only when the business context requires them.

Object Model

The core objects in VSC are:

Supply Chain Event

The occurrence being recorded, conforming to one of the five [[EPCIS]] event types. The event carries the event-time, record-time, business step, disposition, read point, business location, and EPC or product class lists.

Verifiable Credential

The cryptographically signed representation of the event. The credential's issuer is the asserting Supply Chain Actor's DID. The credentialSubject contains the EPCIS Event fields and may include the hsClassification, incotermsClassification, and tradeFinance objects. The credential carries a credentialStatus endpoint for revocation checks and a termsOfUse reference to the governing Trust Framework.

Event Chain

A directed graph of Verifiable Credentials linked by credential identifier references. The chain enables reconstruction of provenance or custody histories. When TransformationEvent credentials carry input and output HS classifications, the chain enables automated Rules of Origin verification via Change in Tariff Classification (CTC).

Verifiable Presentation

A holder-assembled collection of event credentials (and optionally other credentials, e.g., certification credentials, insurance credentials, export license credentials) submitted to a verifier for a specific verification context such as customs clearance, regulatory audit, or Letter of Credit documentary compliance.

VSC Event Matrix

A five-dimensional vector representation of any supply chain event, with dimensions for Event (D1), Actor (D2), Product (D3), Commercial (D4), and Financial (D5). The matrix provides a unified grammar for cross-domain verification and produces structured output for machine learning feature extraction.

Information Flow

The VSC framework operates as a five-layer architecture. The diagram below shows how physical events, cryptographic integrity, organizational identity, governance and trust, and sector-specific regulatory overlays converge into a unified, verifiable supply chain system. Animated flow lines represent continuous, tamper-evident data transmission between actors and trust infrastructure.

Verification may fail if the DID cannot be resolved, the signature is invalid, the credential has been revoked, or the issuer is not in the required issuer registry. Verifier behavior in each failure case is defined in Requirements. Additional failure modes for HS misclassification, INCOTERMS® version mismatch, documentary discrepancies, and regulatory rule violations are defined in their respective normative sections and use cases.

Core Architecture Standards

GS1 EPCIS 2.0 [[EPCIS]] and Core Business Vocabulary [[GS1-CBV]]

The event semantic foundation for VSC. All VSC event credential schemas are derived from EPCIS event types (ObjectEvent, AggregationEvent, TransformationEvent, TransactionEvent, AssociationEvent). VSC is backward-compatible with EPCIS 2.0 JSON-LD serialization. GS1 CBV provides the controlled vocabularies for bizStep and disposition fields. EPCIS 2.0 was published in 2022 and remains the current version.

W3C Physical Asset Attestation (UORA) Community Group

The Universal Object & Resource Attestation (UORA) Community Group develops protocols for binding physical objects to digital identifiers using DIDs and Verifiable Credentials. UORA focuses on universal object addressing at batch, SKU, and serial levels; lifecycle attestation schemas for Origin, Transfer, Transformation, and Disposition events; and secure physical-to-digital binding through tamper-evident anchors such as NFC, QR codes, and IoT sensors. VSC extends UORA's attestation model with normative trade vocabularies (HS Codes, INCOTERMS®, UCP 600), cross-domain verification via the Event Matrix, and machine-executable regulatory compliance via the Rule Compiler. VSC credentials are designed to be compatible with UORA's physical binding layer: a UORA-anchored object identifier can serve as the subject of a VSC credential carrying trade-specific classifications and compliance data. Implementations MAY use UORA specifications for physical-to-digital binding while using VSC for the trade and compliance layer above.

W3C Verifiable Credentials Data Model v2.0 [[VC-DATA-MODEL]]

The credential data model underlying VSC. All VSC event credentials are valid Verifiable Credentials and satisfy the MUST-level requirements of [[VC-DATA-MODEL]]. VSC uses the credentialStatus, termsOfUse, evidence, and credentialSchema properties. VSC presentations use the VerifiablePresentation structure. VC Data Model v2.0 was published as a W3C Recommendation in 2024.

W3C Decentralized Identifiers v1.0 [[DID-CORE]]

The identity layer for VSC actors. All issuer and subject identifiers use DID syntax. VSC does not mandate a specific DID method; implementations commonly support did:web and at least one additional method. DID Core v1.0 was published as a W3C Recommendation in 2022.

W3C Verifiable Credential Data Integrity 1.0 [[VC-DATA-INTEGRITY]]

The cryptographic proof mechanism for VSC credentials. Every VSC event credential carries at least one Data Integrity proof. Implementations supporting Selective Disclosure may use [[BBS-2023]] proofs for zero-knowledge presentation of credential subsets. The EdDSA cryptosuite [[LINKED-DATA-PROOFS]] serves as the baseline proof mechanism. VC Data Integrity 1.0 was published as a W3C Recommendation in 2024.

IETF Selective Disclosure for JWTs [[SD-JWT]]

An alternative selective disclosure mechanism to BBS+ proofs, suited for implementations using JWT-based credential formats. VSC verifiers support at least one of BBS+ or SD-JWT for selective disclosure verification. SD-JWT remains an IETF draft with implementation in the European Digital Identity Wallet ecosystem.

Normative Vocabulary Standards

WCO Harmonized System (HS) Nomenclature, 2022 Edition

The commodity classification system maintained by the World Customs Organization, used by over 200 countries and economic unions for customs tariffs, trade statistics, and Rules of Origin. VSC adopts HS codes as a normative commodity vocabulary (see §7). The 2022 Edition is current; the 2027 Edition is under development and expected to enter into force on 1 January 2027.

ICC INCOTERMS® 2020

The International Chamber of Commerce's commercial terms defining buyer-seller responsibilities for delivery of goods. INCOTERMS® 2020 defines eleven three-letter rules allocating costs, risks, and responsibilities across the shipment journey. VSC adopts INCOTERMS® as a normative commercial terms vocabulary (see §10). INCOTERMS® 2020 is the current edition.

ICC Uniform Customs and Practice for Documentary Credits (UCP 600)

The rule set governing Letters of Credit, published by the ICC Banking Commission. UCP 600 defines the documentary compliance requirements banks verify before honoring a Letter of Credit. VSC adopts UCP 600 instruments as a normative trade finance vocabulary (see §8). UCP 600 was published in 2007 and remains current; a revision (UCP 725) is under discussion.

ICC International Standard Banking Practice (ISBP 745)

Companion to UCP 600 providing detailed document examination practices for trade documents including drafts, invoices, transport documents, insurance documents, and certificates of origin. VSC documentary compliance verification aligns with ISBP 745 requirements. ISBP 745 was published in 2013 and remains current.

ICC eUCP Version 2.0 (2019)

Supplement to UCP 600 governing electronic presentation of documents under Letters of Credit. VSC Verifiable Presentations submitted for LC documentary compliance constitute electronic records under eUCP.

UNCITRAL Model Law on Electronic Transferable Records (MLETR) 2017

The legal framework for electronic documents to carry the same legal effect as paper-based transferable documents, including Bills of Lading, Bills of Exchange, and Warehouse Receipts. As of 2026, eleven jurisdictions have adopted MLETR-based legislation. VSC credentials representing transferable trade documents align with MLETR functional equivalence requirements.

UN Convention on Contracts for the International Sale of Goods (CISG) 1980

Governs international sales contracts among 97 contracting states. VSC's INCOTERMS® binding aligns with CISG Articles 30–34 (delivery) and 66–70 (risk). VSC's titleTransferCondition field bridges INCOTERMS® risk/cost allocation with the separate legal mechanism of property transfer under CISG and applicable national law.

Trade Facilitation and Regulatory Standards

WTO Trade Facilitation Agreement (TFA) 2017

Mandates simplified customs procedures among 164 WTO members. VSC's HS code binding relates to TFA Article 10.1 (Formalities and Documentation Requirements). CTC-based Rules of Origin verification relates to TFA Article 10.3 (Advance Rulings). VSC's automated customs clearance pipeline relates to TFA Article 10.4 (Single Window).

WCO SAFE Framework of Standards, 2021 Edition

The global standard for securing and facilitating cross-border trade. VSC's Trust Framework model aligns with the SAFE Framework's Authorized Economic Operator (AEO) concept: an Issuer Registry provides verifiable proof of supply chain actor authorization. VSC's automated customs clearance pipeline (UC-03) relates to SAFE Pillar 3 (Customs Control).

UN/CEFACT Single Window Recommendation 33 (2005, revised 2020)

Recommends that governments establish a Single Window facility for parties to lodge standardized information and documents through a single entry point. VSC Verifiable Presentations submitted to customs APIs serve as a Single Window submission format.

UN/CEFACT Transparency Protocol [[UNTP]]

A UN-level framework for product and facility passports using Verifiable Credentials, published in 2024. VSC aligns with UNTP's Digital Product Passport structures and extends them with INCOTERMS® binding, trade finance instrument binding, and the Event Matrix for cross-domain verification.

EU Carbon Border Adjustment Mechanism (CBAM) Regulation (EU) 2023/956

Requires carbon emissions reporting for imports of cement, iron and steel, aluminium, fertilisers, electricity, and hydrogen. The definitive regime entered into force on 1 January 2026, with mandatory CBAM certificate purchase from 1 January 2027. VSC's dimension extensibility (REQ-F18) enables carbon accounting per shipment leg as an extension dimension.

EU Ecodesign for Sustainable Products Regulation (ESPR) (EU) 2024/1781

Establishes a framework for Digital Product Passports across multiple product categories, effective from 2026 for batteries and expanding to textiles, electronics, and construction products. VSC's Event Matrix and event chain model provide verifiable provenance infrastructure for DPP data.

EU Corporate Sustainability Due Diligence Directive (CSDDD) (EU) 2024/1760

Requires large companies to identify, prevent, and mitigate adverse human rights and environmental impacts in their supply chains. Member States must transpose by 26 July 2026, with phased compliance from 2027 to 2029. VSC's verifiable custody chain and Trust Framework model provide infrastructure for auditable due diligence across multi-tier supply chains.

Community and Infrastructure Standards

W3C CCG Traceability Vocabulary [[TRACEABILITY-V1]]

A community vocabulary for supply chain credentials developed by the W3C Credentials Community Group. VSC reuses credential types and JSON-LD contexts from [[TRACEABILITY-V1]] where semantically equivalent types exist.

W3C CCG Traceability Interoperability Profile [[TRACEABILITY-INTEROP]]

Defines the HTTP API and exchange protocol for traceability credentials. VSC-conformant implementations that expose HTTP APIs follow [[TRACEABILITY-INTEROP]] for credential exchange.

GS1 Digital Link Standard v1.2 [[GS1-DIGITAL-LINK]]

Provides resolvable web URIs for GS1 identifiers including GTIN, SSCC, GLN, and SGTIN. VSC event credentials use GS1 Digital Link URIs as EPC and location identifiers for linked-data resolution from physical QR codes and barcodes to digital credentials.

OpenPEPPOL Technical Specifications [[PEPPOL]]

The Pan-European Public Procurement Online network for standardized e-procurement document exchange. VSC's Trust Framework model follows the governance pattern established by PEPPOL's Service Metadata Publishers (SMP) architecture.

ISO 28000:2022 — Supply Chain Security Management Systems [[ISO28000]]

Provides requirements for organizations to assess and manage security risks in their supply chains. VSC's threat model (§14.1) and chain integrity detection (REQ-F09) relate to ISO 28000 Sections 6.4 and 6.5.

Overview

The Harmonized Commodity Description and Coding System (HS), maintained by the World Customs Organization (WCO), is the universal economic language for international trade. Over 200 countries and economies use HS codes as the basis for customs tariffs, trade statistics, rules of origin, and trade negotiations. The HS classifies approximately 5,000 commodity groups at the 6-digit level, with each country extending to 8, 10, or more digits for national tariff schedules.

VSC adopts HS codes as a normative commodity classification vocabulary that operates alongside [[EPCIS]] event semantics. While EPCIS describes what happened to an item, HS codes describe what the item is in a universally recognized taxonomy. This dual-vocabulary approach ensures that VSC credentials are immediately machine-readable by any customs authority, trade platform, or regulatory system worldwide without requiring translation or mapping.

HS Code Binding in VSC Credentials

Every VSC event credential that describes a product, commodity, or trade item SHOULD include the applicable HS classification. The HS classification MUST be expressed using the hsClassification object with the following structure:

hsCode

The 6-digit WCO HS subheading code as a string with period separator (e.g., "3004.90"). REQUIRED for all product-bearing credentials.

hsCodeVersion

The HS nomenclature version year as a four-digit string (e.g., "2022", "2017"). The WCO revises the HS every five years; the next revision is 2027. REQUIRED when hsCode is present. This field is critical for cross-version interoperability: a credential classified under HS 2017 may not be directly comparable to HS 2022 classifications without version disambiguation.

hsCodeNational

The extended national tariff line code (8–12 digits) as a string. OPTIONAL — used when declaring to a specific customs jurisdiction.

hsCodeJurisdiction

The ISO 3166-1 alpha-2 country code indicating which national tariff schedule the hsCodeNational applies to. REQUIRED if hsCodeNational is present.

hsDescription

The WCO-recommended textual description of the goods at the declared heading/subheading level, expressed as a [[JSON-LD]] language-tagged string. RECOMMENDED. This provides the human-readable safety net that customs officers use to verify whether the numeric code was applied correctly.

Example JSON-LD representation:

{
  "credentialSubject": {
    "id": "urn:epc:id:sgtin:8901234.56789.0",
    "type": "TradeItem",
    "hsClassification": {
      "hsCode": "3004.90",
      "hsCodeVersion": "2022",
      "hsCodeNational": "3004.90.11",
      "hsCodeJurisdiction": "IN",
      "hsDescription": "Medicaments consisting of mixed or unmixed products for therapeutic or prophylactic uses, put up in measured doses or in forms or packings for retail sale"
    }
  }
}

The WCO revises the HS nomenclature every five years (most recently 2022, next revision 2027). VSC implementations SHOULD support multiple HS versions and the hsCodeVersion field enables verifiers to apply the correct classification rules for the nomenclature version in effect at the time the credential was issued.

HS Code Transformation in Manufacturing Events

In HS nomenclature, parts and accessories often fall under different headings than finished goods. For example, an active pharmaceutical ingredient (API) classified under HS 2933.39 (heterocyclic compounds) becomes a medicament under HS 3004.90 after formulation. This transformation of classification is a critical signal for Rules of Origin determination, customs valuation, and regulatory compliance.

When a VSC TransformationEvent is issued, the credential MAY include:

• Input HS codes: The hsClassification of each input material, referenced from the input EPCs' credentials;
• Output HS code: The hsClassification of the resulting output product;
• HS Change Indicator: A machine-readable flag indicating whether the HS code changed at the chapter (2-digit), heading (4-digit), or subheading (6-digit) level between inputs and outputs.

Automated Rules of Origin via Change in Tariff Classification (CTC)

Most Free Trade Agreements (FTAs) use Change in Tariff Classification (CTC) as the primary criterion for determining whether a product qualifies as originating from a particular country. The CTC rule specifies the minimum level of HS transformation required: typically a change at the Chapter level (CC — 2 digits), Heading level (CTH — 4 digits), or Subheading level (CTSH — 6 digits).

Because VSC makes HS codes normative within event credentials, a VSC verifier can programmatically prove origin without human intervention:

The VSC verifier performs the following automated CTC check:

1. Retrieve input HS codes from the TransformationEvent credential's input EPC references;
2. Retrieve the output HS code from the TransformationEvent credential;
3. Compare HS code segments at the FTA-specified level (Chapter, Heading, or Subheading);
4. If the input and output codes differ at or above the required level, the CTC rule is satisfied;
5. The verifier signals "Origin Confirmed" or "Origin Not Confirmed" with the specific HS segments compared.

HS-Based Risk Scoring and Compliance Screening

HS codes serve as the primary key for automated risk assessment in customs processing. VSC verifiers MAY implement HS-based risk scoring to automatically determine:

• Whether the HS code requires additional credentials (e.g., export license for dual-use goods, CITES certificate for endangered species, pharmaceutical registration certificate);
• Whether the product is subject to anti-dumping or countervailing duties;
• Whether the HS code falls within a high-risk category requiring mandatory physical inspection;
• Whether the importer's historical misclassification rate for this HS heading exceeds a threshold.

Regulatory Mapping via HS Codes

VSC verifiers MAY use the HS code in a credential to automatically determine:

• Applicable customs duties and tariff rates (MFN and preferential);
• Non-tariff measures (quotas, licenses, anti-dumping, countervailing duties);
• Regulatory requirements (pharmaceutical registration, food safety certification, chemical controls);
• Preferential trade agreement eligibility via CTC-based Rules of Origin;
• Restricted or prohibited goods screening (CITES, Montreal Protocol, Basel Convention);
• Dual-use and strategic goods export control screening;
• Statistical reporting obligations.

Alignment with EPCIS

EPCIS v2.0 does not natively include an HS code field. VSC defines HS codes as a normative extension vocabulary within the ilmd (Instance/Lot Master Data) or as a top-level credential subject field. This approach:

• Preserves full backward compatibility with [[EPCIS]] 2.0;
• Enables customs authorities to query HS codes without parsing EPCIS business steps;
• Keeps the event semantics (the movement) separate from the commodity classification (the identity), allowing the HS code to be verified once while the item moves through multiple business steps;
• Allows sector trust frameworks to define verification rules based on HS chapter/heading scope;
• Supports automated tariff classification, Rules of Origin verification, and risk scoring as part of the VSC verification pipeline.

Overview

International trade moves on credit. The Letter of Credit (LC), governed by the ICC Uniform Customs and Practice for Documentary Credits (UCP 600), remains the dominant payment mechanism for cross-border trade, facilitating over USD 2 trillion in annual transactions. An LC is fundamentally a documentary condition: the issuing bank promises to pay the beneficiary (seller) upon presentation of documents that strictly comply with the credit's terms. This is a purely document-based process — the bank deals in documents, not goods (UCP 600 Article 5).

VSC transforms the LC from a manual document-checking exercise into an automated cryptographic verification. Because VSC credentials are tamper-evident, DID-signed, and independently verifiable, they can satisfy the documentary requirements of a Letter of Credit without human document examination. This reduces the LC settlement cycle from 5–10 banking days to seconds, and eliminates the discrepancies that cause 70% of documentary presentations to be rejected on first presentation.

Payment Instrument Binding in VSC Credentials

A VSC commercial shipment credential MAY include a tradeFinance object that binds the shipment to the applicable payment instrument. The trade finance binding MUST use the following structure:

paymentInstrument

The type of trade finance instrument: "LC" (Letter of Credit), "DC" (Documentary Collection), "OA" (Open Account), or "AP" (Advance Payment). REQUIRED.

lcNumber

The Letter of Credit reference number as issued by the issuing bank. REQUIRED when paymentInstrument is "LC".

issuingBank

The issuing bank's SWIFT/BIC code and DID. REQUIRED when paymentInstrument is "LC" or "DC".

advisingBank

The advising/negotiating bank's SWIFT/BIC code and DID. OPTIONAL.

lcType

The LC type: "irrevocable" (standard under UCP 600 Article 3), "confirmed", "transferable", "revolving", or "standby". REQUIRED for LC instruments.

lcAmount

The LC amount in the stated currency. REQUIRED for LC instruments.

lcExpiryDate

The latest date for presentation of documents under the LC (UCP 600 Article 6). REQUIRED for LC instruments.

lcDocumentaryRequirements

An array of documentary requirements specified in the LC, each mapped to a VSC credential type that satisfies it. For example, a "Commercial Invoice" requirement maps to a VscCommercialShipmentCredential with hsClassification and incotermsClassification. REQUIRED for automated LC compliance checking.

lcPresentationStatus

The current status of the documentary presentation: "pending", "compliant", "discrepant", "paid", or "expired". RECOMMENDED — updated by the negotiating bank or smart contract upon presentation verification.

settlementTrigger

A reference to the specific event in the VSC event chain that triggers payment. For INCOTERMS® CIF/FOB, this is typically the incotermsRiskTransferEvent (on board vessel). For DDP, this is the arrival at named place event. RECOMMENDED — enables programmatic payment release.

titleTransferCondition

An optional field specifying the condition for transfer of title (ownership). While INCOTERMS® handle risk and cost, title transfer is governed by the sales contract and applicable law (CISG Articles 30–34, 41–44). When present, this field indicates whether title transfers upon payment, upon delivery of goods, or upon transfer of a negotiable bill of lading. OPTIONAL — enables integration with decentralized electronic Bills of Lading (eBL) systems and legal ownership tracking.

Example JSON-LD representation of the trade finance binding:

{
  "credentialSubject": {
    "id": "urn:epc:id:sscc:8901234.5678901234",
    "type": "CommercialShipment",
    "hsClassification": { "hsCode": "3004.90", "hsCodeVersion": "2022" },
    "incotermsClassification": {
      "incotermsRule": "CIF",
      "incotermsVersion": "2020",
      "incotermsNamedPlace": "Mombasa Port, Kenya",
      "incotermsRiskTransferEvent": "urn:epc:id:event:onboard-mumbai-001",
      "incotermsInsuranceRequired": true
    },
    "tradeFinance": {
      "paymentInstrument": "LC",
      "lcNumber": "LC2026-08921-IN-KE",
      "issuingBank": {
        "swiftBic": "KCBLKENAXXX",
        "did": "did:web:kcbbank.co.ke"
      },
      "advisingBank": {
        "swiftBic": "SBININBBXXX",
        "did": "did:web:sbi.co.in"
      },
      "lcType": "irrevocable",
      "lcAmount": { "value": "250000.00", "currency": "USD" },
      "lcExpiryDate": "2026-08-15",
      "lcDocumentaryRequirements": [
        { "requirement": "Commercial Invoice", "vcType": "VscCommercialShipmentCredential", "satisfied": true },
        { "requirement": "Bill of Lading", "vcType": "VscTransportEventCredential", "satisfied": true },
        { "requirement": "Certificate of Origin", "vcType": "VscOriginCredential", "satisfied": true },
        { "requirement": "Packing List", "vcType": "VscAggregationEventCredential", "satisfied": true },
        { "requirement": "Insurance Certificate", "vcType": "VscInsuranceCredential", "satisfied": true }
      ],
      "lcPresentationStatus": "pending",
      "settlementTrigger": "urn:epc:id:event:onboard-mumbai-001",
      "titleTransferCondition": "upon_payment"
    }
  }
}

INCOTERMS® 2020 explicitly state that they do not deal with transfer of property/title in the goods (ICC Publication No. 723E, Introduction, paragraph 8). Title transfer is governed by the underlying sales contract and applicable national law (e.g., CISG Articles 30–34, UK Sale of Goods Act 1979, US UCC Article 2). The titleTransferCondition field provides a bridge between VSC's risk/cost determination (via INCOTERMS®) and the separate legal mechanism of ownership transfer. When integrated with a decentralized electronic Bill of Lading (eBL) system based on DIDs, this field enables automated ownership transfer upon satisfaction of the stated condition.

Automated Documentary Compliance Verification

Under UCP 600 Article 14, a bank must examine a documentary presentation on the basis of the documents alone to determine whether they appear on their face to constitute a complying presentation. This examination is currently performed manually by trade finance professionals who check each document against the LC terms, the UCP 600 rules, and international standard banking practice (ISBP 745).

VSC transforms this process into automated cryptographic compliance verification:

1. The LC terms are expressed as a machine-readable set of documentary requirements, each mapped to a VSC credential type;
2. The seller (beneficiary) assembles a Verifiable Presentation containing all required VSC credentials;
3. The VSC verifier (which may be operated by the negotiating bank, a trade finance platform, or a decentralized smart contract) checks each credential against the LC requirements;
4. For each requirement, the verifier confirms: (a) the credential type matches the requirement; (b) the credential's DID issuer is authorized; (c) the Data Integrity proof is valid; (d) the credential content satisfies the LC conditions (e.g., HS code matches, INCOTERMS® rule matches, shipment date within LC validity, goods description consistent);
5. If all requirements are satisfied, the verifier signals "Compliant Presentation" and triggers the settlement process;
6. If any requirement is not satisfied, the verifier signals "Discrepant Presentation" with specific discrepancy details.

Design Principle: Orthogonal Dimensions, Forward-Compatible Extensibility

Every verifiable supply chain interaction can be expressed as a vector in a five-dimensional matrix. Each dimension draws its values from a single, globally standardized vocabulary. The dimensions are orthogonal — changing the value in one dimension does not require changing values in any other. Because the dimensions are independent, the verification logic for each dimension is decoupled from all others. A verifier processes each dimension separately, using only the rules applicable to that dimension's vocabulary.

This orthogonality is what gives the Event Matrix its structural longevity. When a vocabulary standard updates — the WCO revises the HS nomenclature, the ICC releases a new INCOTERMS® edition, a new DID method emerges — only the affected dimension's validation rules change. The verification engine does not need to be rewritten. When a new regulatory requirement emerges that does not fit within the existing five dimensions, a sixth dimension can be added. Verifiers that have not been updated to recognize the new dimension continue to verify the five they know. Verifiers that have been updated verify all six. Neither class of verifier breaks.

This is forward-compatible extensibility: the architecture accepts dimensions it does not yet understand without failure, and new dimensions can be added without modifying the verification logic for existing ones.

Matrix Representation Format

The Event Matrix is expressed as a compact, colon-delimited vector format for transmission and a structured JSON object for programmatic processing. Both representations are semantically equivalent.

Compact Vector Format:

D1:EVENT        D2:ACTOR           D3:PRODUCT        D4:COMMERCIAL      D5:FINANCIAL
────────────    ──────────────     ─────────────     ──────────────     ────────────
ObjectEvent     did:mfr:in:001     HS:3004.90:22     EXW:2020:Mumbai    OA:open
AggregationEv   did:whl:ae:002     HS:0901.11:22     FOB:2020:Santos    LC:irrevoc
TransformEv     did:cell:kr:003    HS:8507.60:22     CIF:2020:Dubai     DC:sight
TransactionEv   did:dist:ke:004    HS:8517.13:22     DDP:2020:Nairobi   AP:advance
AssociationEv   did:recy:eu:005    HS:8703.80:22     CPT:2020:Rotter    LC:confirmed

Structured JSON Format:

{
  "vsc:event": {
    "matrix": ["ObjectEvent", "did:mfr:in:001", "HS:3004.90:22", "EXW:2020:Mumbai", "OA:open"],
    "dimensions": {
      "D1": {"type": "ObjectEvent", "source": "EPCIS", "version": "2.0"},
      "D2": {"did": "did:mfr:in:001", "method": "web", "resolved": false},
      "D3": {"hsCode": "3004.90", "hsVersion": "2022", "description": "Medicaments...", "national": "3004.90.11", "jurisdiction": "IN"},
      "D4": {"incoterms": "EXW", "incotermsVersion": "2020", "namedPlace": "Mumbai", "riskTransferEvent": null, "insuranceRequired": false},
      "D5": {"instrument": "OA", "lcNumber": null, "issuingBank": null, "requirements": []}
    },
    "verification": {
      "status": "pending",
      "checks": ["D2.resolve", "D2.proof", "D3.hsValidate", "D4.incotermsValidate"],
      "results": {},
      "score": null
    }
  }
}

D1 values use abbreviated EPCIS event type names. D2 values are fully qualified DIDs. D3 values use the format HS:<6-digit>:<version-year>. D4 values use the format <INCOTERMS®>:<version-year>:<named-place>. D5 values use the format <instrument>:<subtype>. Unpopulated dimensions are represented by an empty string in the compact format and by null fields in the JSON format.

Cross-Industry Application Examples

The following table demonstrates how the same five-column matrix expresses events across different industries using different vocabulary values. The verification pattern is identical; only the dimension values change.

In each case, the verifier executes the same verification pattern: resolve D2 DID, verify proof, validate D3 HS code against the declared version, validate D4 INCOTERMS® rule against the declared version, and check D5 documentary requirements if applicable. The verifier does not need pharmaceutical domain knowledge to verify a vaccine shipment, or agricultural domain knowledge to verify a coffee shipment. It needs only the validation rules for each dimension's vocabulary.

The Universal Verification Pattern

Because every event is expressed as a vector in the same matrix, every verifier executes the same pattern regardless of the domain:

1. Parse the vector — extract the value for each populated dimension;
2. Resolve identities — for D2, resolve each DID to its DID Document and retrieve verification methods;
3. Verify proofs — for each credential in the presentation, verify the Data Integrity proof against the issuer's public key;
4. Check status — for each credential, query the credentialStatus endpoint and verify the credential has not been revoked;
5. Validate authority — for D2, check each issuer DID against the applicable Trust Framework Issuer Registry;
6. Validate dimensions — for D3, verify HS code against the declared HS version; for D4, verify INCOTERMS® rule against the declared INCOTERMS® version; for D5, verify documentary compliance against LC requirements if applicable;
7. Compute trust score — aggregate per-dimension verification results into a composite trust score for downstream ML processing;
8. Determine outcome — signal "Verified" with dimension-specific confirmations, or signal "Rejected" with specific dimension failure codes.

This pattern is invariant across use cases. A pharmaceutical shipment under CIF with LC payment executes exactly the same verification steps as a food export under FOB with open account terms. The only difference is which dimensions are populated and which vocabulary values are present. The verifier does not need to understand pharmaceuticals or food — it needs to understand the verification pattern.

Machine Learning Integration

The Event Matrix produces structured, labeled data at every verification step. Because each dimension value is drawn from a finite vocabulary, the matrix forms a well-defined feature space suitable for supervised machine learning. Each verified event becomes a training row where the dimension values are features and the verification outcome is the label.

Feature Extraction:

# Each VSC matrix row produces a structured feature vector
features = {
    "event_type":          "ObjectEvent",       # D1
    "did_method":          "web",               # D2: extracted from DID
    "hs_chapter":          "30",                # D3: first 2 digits
    "hs_heading":          "3004",              # D3: first 4 digits
    "incoterms_rule":      "CIF",               # D4
    "incoterms_version":   "2020",              # D4
    "payment_instrument":  "LC",                # D5
    "has_lc":              True,                # D5: derived
    "is_cif_cip":          True,                # D4: derived (insurance check required)
    "named_place_region":  "Mombasa"            # D4: geographic risk factor
}

# Labels produced by verification
labels = {
    "status":   "accepted",                     # or "rejected", "flagged"
    "score":    0.97,                           # trust score 0.0–1.0
    "anomaly":  False                           # anomaly detection flag
}

ML Use Cases Enabled by the Matrix Structure:

After processing a sufficient volume of verified events, the ML models can predict verification outcomes before submission. A shipment with a predicted trust score below a configurable threshold can be flagged for additional scrutiny before the credential is presented to the verifier. This closes the loop from verification to prediction to prevention.

Essential Properties

Orthogonality

Each dimension is independent. Changing the INCOTERMS® rule from FOB to CIF does not require changing the HS code, the event type, or the financial instrument. A verifier can validate each dimension separately, using the vocabulary and rules appropriate to that dimension, without understanding the others.

Forward-Compatible Extensibility

New dimensions can be added without breaking existing ones. If a future regulation requires carbon accounting per shipment leg, a sixth dimension (D6) can be added with values drawn from the GLEC Framework or ISO 14083. Existing verifiers that do not recognize D6 verify D1–D5 without error. Verifiers that do recognize D6 execute the additional validation rules. The "+Dn" indicator in the matrix diagram represents this property.

Standardized Vocabularies

Each dimension draws its values from a single, globally recognized standard. D1 from EPCIS 2.0. D2 from DID Core. D3 from the WCO Harmonized System. D4 from ICC INCOTERMS® 2020. D5 from UCP 600. No dimension uses a VSC-proprietary vocabulary. Every value in the matrix is meaningful to its respective domain authority without translation.

Versioned Immutability

Every vocabulary entry that changes over time carries its own version identifier. HS codes carry hsCodeVersion. INCOTERMS® rules carry incotermsVersion. A verifier encountering a value from an unfamiliar version can either cross-walk to the current version or flag the credential for version review. The matrix does not break when vocabularies evolve.

Minimal Sufficient Representation

A VSC event vector requires only the values necessary for verification in its context. A domestic shipment within India may populate only D1 (ObjectEvent), D2 (Manufacturer DID), and D3 (HS Code with Indian national tariff line). It does not require D4 or D5. The matrix is not a mandatory schema — it is a grammar. Any subset of dimensions that satisfies the verification context is valid.

Machine-Readable Feature Space

Because each dimension value is drawn from a finite vocabulary and each verification produces a structured outcome, the matrix forms a well-defined feature space for supervised machine learning. Every verification decision becomes a labeled training row, enabling anomaly detection, trust scoring, and predictive compliance models without additional data transformation.

Overview

INCOTERMS® (International Commercial Terms), published by the International Chamber of Commerce (ICC), are the universal language of commercial responsibility in international trade. The current version, INCOTERMS® 2020, defines eleven three-letter terms that precisely allocate costs, risks, and responsibilities between buyer and seller at every stage of the shipment journey. These terms are referenced in virtually every commercial invoice, letter of credit, marine insurance policy, and sales contract worldwide.

VSC adopts INCOTERMS® as a normative commercial terms vocabulary that operates alongside HS codes for commodity classification. While HS codes describe what the product is, INCOTERMS® describe where responsibility transfers and who bears the risk at each point. Together, they form the complete commercial identity of a trade transaction.

Why INCOTERMS Are Critical to Verifiable Supply Chains

A supply chain credential system without INCOTERMS can verify what happened but cannot determine who is responsible. Consider this scenario:

• A shipment of vaccines moves from Mumbai to Mombasa under CIF terms.
• The temperature logger records a 9.2°C excursion during the ocean freight leg.
• Without INCOTERMS, the verifier cannot determine whether the seller (Indian exporter) or buyer (Kenyan importer) bears the loss.
• With INCOTERMS CIF embedded in the credential, the verifier knows: risk transferred when goods were placed on board the vessel in Mumbai. The ocean freight leg is buyer's risk. The buyer bears the loss — but may have an insurance claim.

This is the difference between knowing what happened and knowing who pays for it. INCOTERMS transform VSC from a tracking system into a commercial liability determination engine.

INCOTERMS® Binding in VSC Credentials

Every VSC event credential that represents a commercial shipment SHOULD include the applicable INCOTERMS® rule. The INCOTERMS® classification MUST be expressed using the incotermsClassification object with the following structure:

incotermsRule

The three-letter INCOTERMS® rule code (e.g., "FOB", "CIF", "DDP"). Must be one of the eleven rules defined in INCOTERMS® 2020. REQUIRED for all commercial shipment credentials.

incotermsVersion

The INCOTERMS® edition year (e.g., "2020"). The ICC revises INCOTERMS® approximately every ten years. REQUIRED — critical because the responsibilities under INCOTERMS® 2010 CIF differ from INCOTERMS® 2020 CIF (notably, insurance coverage requirements).

incotermsNamedPlace

The specific geographic location stipulated in the contract (e.g., "Nhava Sheva Port, Mumbai, India" for FOB, or "Mombasa Port, Kenya" for DAP). This must match the named place in the sales contract. REQUIRED.

incotermsRiskTransferEvent

A reference to the specific EPCIS event in the chain where risk transfers from seller to buyer under the applicable INCOTERMS® rule. For FOB, this is the "on board vessel" event. For DAP, this is the "arrived at named place" event. RECOMMENDED — enables automated risk determination.

incotermsInsuranceRequired

A boolean indicating whether the INCOTERMS® rule requires the seller to provide insurance (true for CIP and CIF; false for all other rules). RECOMMENDED — when true, the verifier can automatically check for a linked insurance credential.

incotermsModeOfTransport

The applicable transport mode: "any" for the seven rules that apply to all modes, or "sea" for the four rules (FAS, FOB, CFR, CIF) that apply only to sea and inland waterway transport. RECOMMENDED — enables validation that the INCOTERMS® rule is appropriate for the actual transport mode used.

Example JSON-LD representation of the INCOTERMS® classification within a VSC credential subject:

{
  "credentialSubject": {
    "id": "urn:epc:id:sscc:8901234.5678901234",
    "type": "CommercialShipment",
    "hsClassification": {
      "hsCode": "3004.90",
      "hsCodeVersion": "2022",
      "hsDescription": "Medicaments consisting of mixed products... for retail sale"
    },
    "incotermsClassification": {
      "incotermsRule": "CIF",
      "incotermsVersion": "2020",
      "incotermsNamedPlace": "Mombasa Port, Kenya",
      "incotermsRiskTransferEvent": "urn:epc:id:event:obj-001-onboard-mumbai",
      "incotermsInsuranceRequired": true,
      "incotermsModeOfTransport": "sea"
    }
  }
}

The combination of HS code and INCOTERMS® in a single credential provides the complete commercial identity of a trade transaction: HS code defines what is being traded and under what regulatory regime; INCOTERMS® define where commercial responsibility transfers. Together, they enable fully automated customs processing, duty assessment, insurance claims, and commercial dispute resolution — without human interpretation.

Automated Risk and Responsibility Determination

Because VSC captures both the INCOTERMS® rule and the complete event chain with timestamps and locations, a VSC verifier can programmatically determine commercial liability for any event in the supply chain:

The VSC verifier performs the following automated liability determination:

1. Extract the incotermsRule from the shipment credential;
2. Identify the incotermsRiskTransferEvent in the event chain;
3. For any adverse event (damage, temperature excursion, delay, loss), determine whether the event timestamp is before or after the risk transfer point;
4. If before: seller bears the loss. If after: buyer bears the loss;
5. If incotermsInsuranceRequired is true (CIF/CIP), verify that an insurance credential is linked and that coverage meets the minimum ICC requirements for the stated INCOTERMS® version;
6. Output: automated liability determination with specific INCOTERMS® rule citation, risk transfer event reference, and insurance claim eligibility.

Insurance Verification for CIF and CIP

Under INCOTERMS® 2020, CIF and CIP require the seller to provide insurance coverage. The requirements differ:

• CIF: Seller must obtain minimum cover as defined by Institute Cargo Clauses (C) of the Institute of London Underwriters, covering at least 110% of the invoice value. This is a defined minimum — the buyer may request higher cover at their own cost.
• CIP: Seller must obtain Institute Cargo Clauses (A) cover — the highest level of cover — at 110% of invoice value. This is a significant change from INCOTERMS® 2010, where CIP also required only minimum (C) cover.

VSC verifiers MAY validate that insurance credentials linked to CIF/CIP shipments meet these minimum requirements by checking the insurance coverage level, insured value, and the ICC clause reference against the incotermsVersion declared.

INCOTERMS® 2010 CIP required only ICC (C) minimum cover. INCOTERMS® 2020 CIP requires ICC (A) all-risk cover. A CIP shipment under 2010 rules with only ICC (C) cover is compliant; the same coverage under 2020 rules is non-compliant. The incotermsVersion field is therefore essential for correct insurance verification. Always verify the version before applying coverage requirements.

Commercial Dispute Resolution

INCOTERMS® combined with the VSC event chain creates a self-proving evidence package for commercial disputes:

• Cargo damage claim: The verifier identifies the damage event in the chain, compares its timestamp to the INCOTERMS® risk transfer event, and determines which party bore the risk at that moment. The entire evidence chain — including the INCOTERMS® rule, the risk transfer event, and the damage event — is cryptographically verifiable.
• Demurrage and detention: The verifier calculates the time between arrival and pickup from timestamps in the event chain and determines which party is responsible for port storage charges based on the INCOTERMS® rule.
• Non-delivery: If the event chain terminates before the INCOTERMS® named place, the verifier can identify the last recorded event and determine whether the seller fulfilled their delivery obligation under the applicable rule.

This transforms commercial dispute resolution from a document discovery exercise (weeks to months) into a cryptographic verification exercise (seconds). The evidence is the credential chain itself — tamper-evident, DID-signed, and independently verifiable by any party without access to any party's internal systems.

UC-01: Raw Material Provenance for Deforestation Due Diligence

Regulatory driver

EU Deforestation Regulation [[EUDR]], Article 3 — operators must ensure commodities are deforestation-free and legally produced.

Actors

Raw material supplier (issuer); first processor (holder/issuer); EU market operator / importer (holder/verifier); EU competent authority (verifier).

Preconditions

Supplier holds a did:web identifier registered with a sector trust framework. Importer has declared a reference DID set of accepted supplier issuers.

Nominal flow:

1. A soy supplier in Brazil harvests a batch and records an ObjectEvent in their EPCIS system with the batch EPC, harvest timestamp, geo-coordinates of the plot, and species information.
2. The supplier's VSC-conformant software applies the Event-to-Credential Mapping and signs a VscObjectEventCredential, with an extension for geospatial data and the relevant commodity type.
3. The credential includes a reference to the supplier's deforestation-free certification credential (issued by a certification body) as a linked credential.
4. The signed credential is transmitted to the first processor (crusher), who stores it and issues their own ObjectEvent credential for the crushing step, referencing the supplier's credential.
5. The EU importer requests a Verifiable Presentation from the processor containing the full Event Chain from harvest to processed shipment.
6. The importer's system verifies each credential in the chain: DID resolution, signature, revocation status, and presence in the sector Issuer Registry.
7. The importer submits the presentation to the EU Information System for EUDR due diligence statements.

Failure modes:

• Missing link: The processor's credential does not reference the supplier's credential. The importer's system SHOULD detect the gap in the Event Chain and flag the presentation as incomplete.
• Revoked certification: The certification credential referenced in step 3 has been revoked. The verifier MUST treat the linked certification as invalid; the event credential itself remains valid but the claim of deforestation-free status is unsupported.
• DID not resolvable: The supplier's DID cannot be resolved. The verifier MUST NOT accept the credential and SHOULD surface a specific error indicating DID resolution failure.

Requirements motivated: REQ-F01, REQ-F02, REQ-F03, REQ-F04, REQ-F07, REQ-NF03.

UC-02: Pharmaceutical Custody Transfer (DSCSA Compliance)

Regulatory driver

US Drug Supply Chain Security Act [[DSCSA]] Section 582 — electronic, interoperable product tracing at the package level by November 2023. Grounded in 21 CFR Part 205, 207, 210–211.

Actors

Manufacturer (issuer); wholesaler (holder/issuer); dispenser / pharmacy (holder/verifier); US FDA (verifier).

Preconditions

All actors are registered in an FDA-recognized DSCSA authorized trading partner registry that maps GLN identifiers to DIDs.

Nominal flow:

1. The manufacturer applies a serialized SGTIN (GS1 item-level identifier) to each drug package and records an ObjectEvent (bizStep: commissioning) as a signed VSC credential.
2. At shipping, the manufacturer records an ObjectEvent (bizStep: shipping) credential for the pallet SSCC, referencing the commissioned item credentials via AggregationEvent.
3. The wholesaler records an ObjectEvent (bizStep: receiving) and issues their own credential referencing the manufacturer's shipping credential by its credential identifier.
4. The process repeats at each custody transfer (repackaging, onward shipment, final delivery to pharmacy).
5. The pharmacy's dispensing system requests a Verifiable Presentation covering the product's full custody chain before dispensing.
6. The presentation is verified: each credential's signature, issuer DID, revocation status, and authorized trading partner registration are confirmed.
7. In the event of a recall, the manufacturer revokes the relevant event credentials. Verifiers checking revocation status MUST reject these credentials and SHOULD surface a specific recall indicator.

Failure modes:

• Salami injection attack: An adversary inserts a fabricated custody transfer credential between two legitimate steps. The verifier MUST detect that the fabricated credential's issuer is not in the authorized trading partner registry.
• Credential replay: A credential valid for one shipment is replayed against a different shipment. Credentials SHOULD carry a transaction-scoped identifier binding them to a specific shipment context.
• Revocation propagation delay: The recall is issued but the pharmacy has cached a stale revocation status. Implementations SHOULD define maximum cache lifetimes for revocation status (see REQ-F08).

Requirements motivated: REQ-F01, REQ-F02, REQ-F03, REQ-F04, REQ-F05, REQ-F08, REQ-NF01.

UC-03: Automated Customs Clearance

Regulatory driver

WCO SAFE Framework of Standards to Secure and Facilitate Global Trade; EU Union Customs Code (UCC) Article 163; WTO Trade Facilitation Agreement Article 10; UN/CEFACT Single Window Recommendation 33.

Actors

Exporter (issuer); freight forwarder (holder); customs authority (verifier).

Preconditions

Customs authority publishes a cryptographically verifiable trusted issuer registry of accepted certification bodies, chambers of commerce (origin), and inspection agencies. All actors hold DIDs registered in the relevant trade trust framework.

Nominal flow:

1. The exporter assembles a Verifiable Presentation containing: an origin credential (country of origin declaration from an accredited Chamber of Commerce), an inspection credential (phytosanitary or product safety from an authorized inspection agency such as SGS or Bureau Veritas), and transport event credentials covering the journey from factory to port of loading.
2. The presentation uses Selective Disclosure to reveal only the fields required by customs (e.g., HS tariff codes, declared value for duty assessment, country of origin) without exposing commercially sensitive pricing, supplier identity, or detailed commercial invoice data.
3. The freight forwarder's system submits the presentation to the customs authority's automated clearance API, compliant with the UN/CEFACT Single Window data model and the WCO Data Model.
4. The customs system verifies each credential against its cryptographically verifiable Trusted Issuer Registry, checks Data Integrity proofs and revocation status on each credential, and runs automated rules including UN sanctions list screening, tariff classification validation against the Harmonized System, and declared value plausibility checks.
5. Clearance is granted automatically or a referral for physical inspection is issued, with the complete verification result recorded as an audit event credential for regulatory record-keeping under UCC Article 166.

Failure modes:

• Partial presentation: The presentation is missing the inspection credential. The customs system SHOULD surface a specific missing-credential error rather than a generic verification failure, indicating which credential type is absent and the expected issuer category.
• Selective disclosure proof failure: A malformed [[BBS-2023]] or [[SD-JWT]] proof is submitted. The verifier MUST reject the credential and SHOULD indicate the proof type and specific failure reason to enable the submitter to correct and resubmit.

Requirements motivated: REQ-F05, REQ-F06, REQ-F07, REQ-NF02, REQ-NF03.

UC-04: Battery Passport for EV Supply Chain

Regulatory driver

EU Battery and Electric Vehicle Regulation [[EU-BEV]], Article 77 — battery passport required for EV batteries from February 2027.

Actors

Cathode material supplier (issuer); cell manufacturer (holder/issuer); battery pack manufacturer (holder/issuer); vehicle OEM (holder/verifier); EU market surveillance authority (verifier); end consumer (verifier).

Preconditions

Battery identifier issued using GS1 Digital Link [[GS1-DIGITAL-LINK]] scheme resolving to the battery passport.

Nominal flow:

1. The cathode material supplier issues ObjectEvent credentials for each batch, including cobalt and lithium provenance data, mine location, and responsible sourcing certification references.
2. The cell manufacturer issues TransformationEvent credentials mapping input material batches (cathode, anode, electrolyte) to output cell identifiers.
3. The battery pack manufacturer assembles cell credentials into AggregationEvent credentials and issues a composite battery passport presentation referencing all upstream event credentials.
4. The vehicle OEM's system verifies the full passport presentation and stores it linked to the Vehicle Identification Number (VIN).
5. A consumer or recycler can scan a GS1 Digital Link QR code on the battery, resolve the battery passport, and verify the event chain.

Failure modes:

• TransformationEvent linking gap: The cell manufacturer fails to reference upstream cathode credentials. The OEM system SHOULD flag the TransformationEvent as having unverified input provenance.
• Performance at scale: A battery contains thousands of cells; each cell may have multiple upstream event credentials. Verifier performance MUST NOT degrade unacceptably at this scale (see REQ-NF01).

Requirements motivated: REQ-F01, REQ-F04, REQ-F06, REQ-NF01, REQ-NF04.

UC-05: Product Recall Propagation

Regulatory driver

General Product Safety Regulation (EU) 2023/988; US CPSC recall authority.

Actors

Manufacturer (issuer, revocation authority); downstream holders; regulators; retailers.

Preconditions

All event credentials for the affected product batch are known and the manufacturer controls the credential status service.

Nominal flow:

1. A safety defect is identified. The manufacturer's system identifies all event credentials linked to the affected batch using batch-level identifiers.
2. The manufacturer revokes the ObjectEvent credential for the affected batch via the Credential Status service. The revocation is cryptographically signed by the manufacturer's DID.
3. Any downstream verifier checking an affected credential against the status service receives a revoked status and MUST reject the credential.
4. Downstream holders receive a recall notification (out-of-band) and can verify the revocation independently by resolving the credential status.
5. The regulator can independently verify the breadth of the recall by querying which credentials issued by the manufacturer have been revoked for the affected lot.

Requirements motivated: REQ-F03, REQ-F08, REQ-NF01.

UC-06: Regulatory Audit Trail

Regulatory driver

General requirement across regulated industries (pharma, food, aerospace) for multi-year auditable records.

Actors

Multiple supply chain actors (issuers/holders); sector regulator (verifier).

Preconditions

Credentials have been issued and held for up to 10 years. Some issuer DIDs may have changed or been retired.

Nominal flow:

1. A regulator issues a data request to a holder for all event credentials related to a specific product class over a 5-year period.
2. The holder assembles a Verifiable Presentation with selective disclosure applied to protect third-party business data.
3. The regulator's system verifies each credential. For credentials where the issuer DID is no longer resolvable, the system checks a historical DID log maintained by the sector trust framework.
4. The audit result is recorded as a signed audit event credential by the regulator, completing the audit trail.

Failure modes:

• Historical DID resolution: If a DID was deactivated, verifiers MUST have a mechanism to obtain the historical public key material needed to verify credentials signed before deactivation (see REQ-NF05).

Requirements motivated: REQ-F05, REQ-F07, REQ-NF02, REQ-NF05.

UC-07: Indian Pharmaceutical Track-and-Trace (QR Code Mandate Compliance)

Regulatory driver

Drugs and Cosmetics Act, 1940 [[DCA-1940]]; Drugs Rules, 1945 — G.S.R. 922(E) dated 28.12.2023 mandating QR Code on primary packaging for top 300 drug formulation brands (Schedule H2) and all Active Pharmaceutical Ingredients (bulk drugs) manufactured or imported, effective 1st August 2023; Revised Schedule M (Good Manufacturing Practices) effective 29.06.2024 for manufacturers with turnover > ₹250 crores and 01.01.2026 for smaller manufacturers [[PIB-DRUG-QUALITY]].

Actors

Indian pharmaceutical manufacturer (issuer); API supplier / importer (issuer); wholesale distributor / stockist (holder); retail pharmacy / Jan Aushadhi Kendra (holder/verifier); CDSCO / State Drug Controller (verifier).

Preconditions

Manufacturer holds a valid drug manufacturing license from the State Drug Controller and is compliant with revised Schedule M GMP requirements. API suppliers have QR-coded bulk drug packaging per Drugs Rules 1945 amendment. All actors are registered in the CDSCO SUGAM online portal with DIDs mapped to their manufacturing license and GSTIN identifiers. The top 300 drug formulations are listed in Schedule H2 of the Drugs Rules.

Nominal flow:

1. An API manufacturer in Hyderabad produces a batch of Paracetamol BP and applies a QR Code on each packaging level as mandated by the Drugs Rules 1945 amendment. The QR Code encodes a GS1 Digital Link URI that resolves to a VSC ObjectEvent credential signed with the API supplier's DID, containing batch ID, manufacturing date, expiry, GSTIN, and CDSCO license number.
2. A formulation manufacturer in Baddi (Himachal Pradesh) receives the API batch, verifies the API credential via DID resolution and proof verification, and uses it as input for manufacturing Paracetamol 500mg tablets — a Schedule H2 brand. The manufacturer issues a VSC TransformationEvent credential referencing the API credential, with QR Code on primary packaging containing finished product batch, MRP, expiry, and manufacturing license details.
3. The finished product moves through the distribution chain (C&F agent → super stockist → stockist → retail). Each intermediary can scan the QR Code to verify batch authenticity against the VSC credential without contacting the manufacturer.
4. A consumer at a Jan Aushadhi Kendra (Pradhan Mantri Bhartiya Janaushadhi Pariyojana outlet) scans the QR Code using their mobile phone. The GS1 Digital Link resolves to the VSC credential. The verification app resolves the manufacturer's DID, verifies the Data Integrity proof, and confirms: the medicine is authentic, within expiry, from a CDSCO-licensed manufacturer, and not flagged as recalled or counterfeit.
5. CDSCO inspectors conduct risk-based inspections using the SUGAM Labs portal [citation:1]. During inspection, they scan QR Codes on sampled products to instantly verify the full custody chain — from API source to finished product — against VSC credentials. Non-compliance findings are recorded as verifiable audit credentials for regulatory action.
6. In case of a Not of Standard Quality (NSQ) finding, the manufacturer revokes the affected batch credentials via the credentialStatus endpoint. Any downstream verifier scanning the QR Code will receive a "revoked" status and reject the product.

Failure modes:

• Counterfeit / Spurious Drug Detection: A QR Code on a counterfeit product resolves to a credential whose issuer DID is not in the CDSCO-authorized manufacturer registry, or the credential proof fails verification. The verifier MUST reject the product and surface a specific "issuer not authorized" or "proof invalid" error. In FY 2024–25, 245 spurious/adulterated drug samples were detected across India [[PIB-DRUG-QUALITY]]. VSC makes this detection instant and consumer-accessible rather than lab-dependent.
• QR Code Cloning: Counterfeiters clone a legitimate QR Code from a genuine batch onto counterfeit products. The same batch identifier appears at multiple geographically dispersed verification points simultaneously. The verifier SHOULD detect anomalous verification patterns (same batch ID scanned in Mumbai and Kolkata within minutes) and flag potential cloning for CDSCO investigation.
• NSQ Detection and Recall Propagation: CDSCO testing identifies a batch as Not of Standard Quality (3,104 NSQ samples in FY 2024–25). The manufacturer revokes the batch credential. Pharmacies relying on cached status may continue dispensing. Implementations MUST respect maximum cache lifetimes of 24 hours for pharmaceutical verification contexts (REQ-F08).

Requirements motivated: REQ-F01, REQ-F03, REQ-F04, REQ-F05, REQ-F07, REQ-F08, REQ-NF01.

UC-08: Cross-Border Cold Chain Logistics with IoT-Verified Temperature Integrity

Regulatory driver

WHO Model Guidance for the Storage and Transport of Time- and Temperature-Sensitive Pharmaceutical Products (2021); IATA Perishable Cargo Regulations (PCR) Chapter 17; EU Guidelines on Good Distribution Practice of Medicinal Products (2013/C 343/01) Annex 13; US FDA 21 CFR Part 211 Subpart H (Storage and Distribution); Indian Drugs Rules, 1945 Revised Schedule M Paragraph 16 (Storage and Distribution).

Actors

Vaccine manufacturer (issuer — Belgium); temperature-logger IoT device (issuer — on each shipment); air freight carrier (holder/issuer); cold chain logistics provider (holder/issuer — Dubai hub); customs authority (verifier — India/Mumbai Air Cargo Complex); receiving hospital pharmacy (verifier — Kenya); WHO / national regulatory authority (audit verifier).

Preconditions

IoT temperature loggers are calibrated and registered with DIDs. Logistics providers are registered in the IATA CEIV Pharma certified partner registry, mapped to DIDs. All actors accept the WHO/PQS prequalified cold chain equipment standards. The shipment is a WHO-prequalified vaccine requiring 2°C–8°C continuous cold chain per manufacturer specifications.

Nominal flow:

1. A WHO-prequalified vaccine manufacturer in Brussels commissions a shipment of 50,000 doses requiring 2°C–8°C continuous cold chain. The manufacturer issues a VSC ObjectEvent credential with the shipment SSCC, product GTIN, batch number, expiry date, and the declared temperature specification claim. A calibrated IoT temperature logger (registered with its own DID) is placed inside the active cold box.
2. The IoT logger records temperature at configured intervals (every 30 minutes per WHO/PQS specification). Each reading is signed by the logger's DID and becomes a VSC ObjectEvent credential containing: eventTime, temperature value, GPS coordinates, and the logger's DID as issuer. This creates a cryptographically verifiable, tamper-evident temperature log that no human can alter.
3. At each logistics checkpoint (Brussels departure, Dubai CEIV Pharma hub transshipment, Mumbai Air Cargo Complex arrival, Nairobi final delivery), the cold chain logistics provider scans the shipment and issues a VSC ObjectEvent credential referencing both the manufacturer's credential and the IoT logger's temperature credentials. Each custody transfer is linked into the Event Chain.
4. A temperature excursion is detected during the Dubai-to-Mumbai leg: the logger records 9.2°C, exceeding the 2°C–8°C specification. This temperature reading becomes a VSC credential with disposition "excursion_detected." The logistics provider's system automatically flags the shipment.
5. At Mumbai Air Cargo Complex, Indian Customs verifies the shipment. The verifier resolves each actor's DID, verifies all VSC proofs, and checks the temperature chain. The system detects the 9.2°C excursion at the DXB→BOM leg, cross-references against the manufacturer's declared 2°C–8°C specification, and triggers conditional acceptance with referral for physical inspection per Drugs Rules Schedule M Paragraph 16.
6. At the rural health centre in Kenya, the receiving pharmacist scans the shipment QR code. The verification app shows the complete temperature history, the excursion event, the customs inspection result, and any quality test outcome. The pharmacist makes an informed decision about vaccine usability based on verifiable evidence.
7. WHO and the Kenya Pharmacy and Poisons Board can audit the full shipment history — including the temperature excursion and the conditional acceptance decision — as verifiable audit credentials for post-market surveillance.

Failure modes:

• Temperature Log Tampering: A logistics provider attempts to alter the temperature record to hide an excursion (changing 9.2°C to 5.0°C in their transit report). Since each temperature reading is independently signed by the IoT logger's DID, any tampered reading fails Data Integrity proof verification. The verifier MUST reject the credential and surface "proof invalid" with the specific credential ID and logger DID.
• Missing Temperature Event (Chain Gap): The IoT logger stops recording during a critical flight segment, creating an 8-hour gap with no temperature data. The verifier detects the gap in the Event Chain and signals "missing predecessor" or "chain gap" with the specific time window. This triggers a conditional acceptance with mandatory quality testing before the product can be administered.
• Unauthorized Logistics Actor (Spoofing): A non-certified handler at an intermediate airport inserts a fabricated custody transfer credential into the chain. The verifier checks the handler's DID against the IATA CEIV Pharma certified partner registry. Since the DID is not registered, the credential is rejected with "issuer not authorized" error (REQ-F07).

Requirements motivated: REQ-F01, REQ-F02, REQ-F03, REQ-F04, REQ-F07, REQ-F09, REQ-NF04.

UC-09: HS Code-Driven Automated Customs Declaration with Rules of Origin

Regulatory driver

WCO Harmonized System Convention (1983); WTO Trade Facilitation Agreement (TFA) Article 10.1 (Formalities and Documentation Requirements); WTO Agreement on Rules of Origin (1994) Article 2; EU Union Customs Code (UCC) Article 56–57 (Tariff Classification) and Article 59–63 (Rules of Origin); US Tariff Act of 1930 Section 484 (19 U.S.C. §1484); Indian Customs Act, 1962 Section 14 and Customs Tariff Act, 1975.

Actors

Exporter / manufacturer (issuer — declares HS code and HS transformation in product and TransformationEvent credentials); customs broker / freight forwarder (holder — assembles customs declaration VP with origin claim); customs authority (verifier — validates HS classification, performs automated CTC Rules of Origin verification, assesses duty at preferential rate, conducts risk scoring).

Preconditions

Product credentials include HS classification per REQ-F11. TransformationEvent credentials include input/output HS codes per REQ-F12. Customs authority publishes machine-readable tariff schedule and Product-Specific Rules (PSR) keyed by HS heading. Preferential trade agreement has machine-readable Rules of Origin schedule including CTC requirements per HS heading.

Nominal flow:

1. An Indian pharmaceutical manufacturer in Hyderabad imports Para-aminophenol (HS 2924.29, Chapter 29) from a Chinese supplier. The Chinese supplier issues a VSC ObjectEvent credential with the HS classification of the API.
2. The Indian manufacturer processes the API through formulation into Paracetamol 500mg tablets. The manufacturer issues a VSC TransformationEvent credential that includes: input HS codes (2924.29, 2915.24 — both Chapter 29), output HS code (3004.90 — Chapter 30), and the HS change indicator showing a Chapter-level change (CC). The manufacturer's DID is registered in the DGFT authorized exporter registry.
3. The manufacturer exports the finished tablets to a German importer, claiming preferential duty under the EU-India Free Trade Agreement. The customs broker assembles a Verifiable Presentation containing: the product VC with HS 3004.90, the TransformationEvent VC proving CTC Chapter change, and the Certificate of Origin VC.
4. German Customs (Zoll) receives the VP through the ATLAS system. The automated verifier: (a) resolves the manufacturer's DID and verifies all proofs; (b) extracts the input HS (2924.29, Ch. 29) and output HS (3004.90, Ch. 30) from the TransformationEvent; (c) checks the EU-India FTA Product-Specific Rule for Heading 3004, which requires "CC — Change in Chapter"; (d) confirms input Chapter 29 ≠ output Chapter 30 → CC satisfied → Origin: India confirmed; (e) applies 0% preferential duty rate instead of 6.5% MFN rate; (f) performs HS-based risk scoring: HS 3004 → LOW RISK → no additional license required.
5. The same product credential is reused for a shipment to Kenya. Kenya Customs (KRA) processes through TradeNet Single Window. The verifier applies the EAC CET schedule (0% for HS 3004) and the AfCFTA Rules of Origin. The same CTC data automatically confirms origin and applies 0% duty.

Failure modes:

• HS Code Misclassification: The exporter declares HS 3004.90 (medicaments) but the hsDescription field states "Food supplement containing vitamins and minerals." The verifier's classification engine detects the mismatch between the numeric code (pharmaceutical) and the textual description (food supplement, which belongs in HS 2106.90). The verifier flags the credential for manual classification review and suspends duty assessment pending reclassification.
• HS Version Mismatch: The credential uses HS 2017 nomenclature but the importing country has migrated to HS 2022 where the product classification has changed. The verifier detects the version mismatch via the hsCodeVersion field and signals a classification review requirement, preventing incorrect duty assessment.
• CTC Rule Not Satisfied: An exporter claims preferential origin but the TransformationEvent shows input HS 3004.90 (same heading as output) — meaning no substantial transformation occurred (e.g., simple repackaging). The verifier detects that the HS heading did not change, the CTC rule is not satisfied, and origin is denied. The MFN duty rate is applied instead of the preferential rate.
• Missing Export License for Controlled HS Code: A credential declares HS 9301.10 (military weapons). The HS-based risk scorer identifies this as a controlled commodity requiring an export license. The verifier checks for a linked Export License VC issued by the competent national authority. No license VC is present. The credential is rejected with "missing required license for HS 9301.10 — export license required."

Requirements motivated: REQ-F01, REQ-F03, REQ-F05, REQ-F07, REQ-F11, REQ-F12, REQ-NF03, REQ-NF04.

UC-10: INCOTERMS®-Driven Liability and Insurance Determination

Regulatory driver

ICC INCOTERMS® 2020 (Publication No. 723E); UN Convention on Contracts for the International Sale of Goods (CISG) Articles 31–34 and 66–70 (Risk and Delivery); Institute Cargo Clauses (A), (B), (C); UCP 600 Articles 19–27 (Transport Documents) and Article 28 (Insurance Documents); Marine Insurance Act 1906 (UK) as adopted by common law jurisdictions worldwide.

Actors

Exporter / seller (issuer — declares INCOTERMS® rule in shipment credential); buyer / importer (verifier — determines liability for loss events); marine cargo insurer (issuer — issues insurance credential linked to shipment); claims adjuster / surveyor (issuer — issues inspection event credential documenting damage); arbitrator / court (verifier — resolves commercial dispute using VSC evidence chain).

Preconditions

Shipment credential includes INCOTERMS® classification per REQ-F13. Event chain captures all transport events with timestamps and geolocations. The risk transfer event is explicitly referenced in the INCOTERMS® classification. Insurance credential is linked for CIF/CIP shipments. All actors have DIDs registered in the relevant trade trust framework.

Nominal flow:

1. An Indian pharmaceutical exporter (seller) in Mumbai ships Paracetamol 500mg tablets (HS 3004.90) to a Kenyan importer (buyer) in Mombasa under INCOTERMS® 2020 CIF terms. The seller issues a VSC ObjectEvent credential containing both the HS classification and the INCOTERMS® classification: CIF Mombasa, risk transfer at "on board vessel Nhava Sheva Port, Mumbai," insurance required (ICC C, 110% invoice value, Allianz Policy #IN-2026-08921).
2. The shipment is loaded on board the vessel MV Mombasa Express at Nhava Sheva Port. The carrier issues a VSC ObjectEvent credential for the "on board" event (bizStep: shipping, disposition: in_transit). This event is referenced as the incotermsRiskTransferEvent in the INCOTERMS® classification.
3. During the ocean freight leg (T+24h after risk transfer), the IoT temperature logger records a 9.2°C excursion — exceeding the vaccine's 2°C–8°C specification. The logger issues a VSC ObjectEvent credential signed with the logger's DID, creating a tamper-evident record of the excursion with timestamp and GPS coordinates.
4. The buyer receives the shipment in Mombasa and discovers the temperature excursion. The buyer claims the seller is liable for the damaged goods. The seller invokes the INCOTERMS® CIF risk transfer: risk passed to the buyer when goods were placed on board in Mumbai.
5. Rather than engaging in weeks of document exchange and legal argument, both parties submit the VSC credential chain to an automated verifier. The verifier: (a) extracts the INCOTERMS® rule (CIF) and risk transfer event (on board Mumbai, T=0); (b) extracts the temperature excursion event (9.2°C, T+24h); (c) determines that T+24h is after T=0 → buyer bears the risk; (d) verifies the insurance credential linked to the shipment (ICC C, 110%, Allianz) is valid and meets CIF requirements; (e) signals "Buyer bears risk · Insurance claim available."
6. The buyer files an insurance claim with the linked insurance credential and the VSC evidence chain. The insurer verifies the entire chain independently and processes the claim — all evidence is cryptographically verifiable, eliminating the need for surveyor investigation and legal review.

Failure modes:

• INCOTERMS® Version Mismatch: The seller issues a CIF shipment under INCOTERMS® 2010 rules but the buyer's contract references INCOTERMS® 2020. The verifier detects the version mismatch via the incotermsVersion field and signals "INCOTERMS® version conflict — contract specifies 2020, credential declares 2010." The buyer and seller must agree on the applicable version before liability can be determined.
• Missing Insurance Credential for CIF: The shipment credential declares CIF (incotermsInsuranceRequired: true) but no insurance credential is linked. The verifier signals "CIF requires insurance — no insurance credential found. Seller has not fulfilled CIF obligations." The buyer may reject the documents or demand proof of insurance before acceptance.
• Risk Transfer Event Ambiguity: The INCOTERMS® classification does not include the incotermsRiskTransferEvent reference. The verifier cannot programmatically determine when risk transferred and signals "Risk transfer event not specified — manual determination required."

Requirements motivated: REQ-F01, REQ-F03, REQ-F11, REQ-F13, REQ-F14, REQ-NF03, REQ-NF04.

UC-11: Automated Letter of Credit Settlement via VSC Documentary Compliance

Regulatory driver

ICC Uniform Customs and Practice for Documentary Credits (UCP 600) Articles 2, 3, 6, 14, 15, 16, 28; ICC International Standard Banking Practice (ISBP 745); UNCITRAL Model Law on Electronic Transferable Records (MLETR) 2017; eUCP Version 2.0 (2019) for electronic presentation of documents under Letters of Credit; Indian FEMA 1999 and RBI Master Direction on Export of Goods and Services (2016, updated 2024); SWIFT MT700/MT760 message standards.

Actors

Indian exporter / seller (LC beneficiary · issuer of shipment credentials); Kenyan importer / buyer (LC applicant); Kenya Commercial Bank (issuing bank · issues LC via SWIFT MT700); State Bank of India (advising/negotiating bank · verifies documentary presentation and negotiates payment); VSC smart contract / verification engine (automated verifier · checks documentary compliance and triggers settlement instruction); SWIFT / correspondent banking network (payment rail).

Preconditions

LC issued by Kenya Commercial Bank (SWIFT: KCBLKENAXXX) via SWIFT MT700 in favor of Indian exporter (State Bank of India as advising bank). LC amount: USD 250,000. LC type: Irrevocable, available by negotiation at SBI Mumbai. LC requires: Commercial Invoice, Bill of Lading, Certificate of Origin (GSP Form A), Packing List, Insurance Certificate (CIF — ICC C, 110%). INCOTERMS®: CIF Mombasa. Latest shipment date: 31 July 2026. LC expiry: 15 August 2026. All banks and parties have DIDs registered in the ICC Trade Trust Framework.

Nominal flow:

1. The Kenyan importer (buyer) applies to Kenya Commercial Bank for an irrevocable Letter of Credit in favor of the Indian exporter for USD 250,000, covering a shipment of Paracetamol 500mg tablets (HS 3004.90) under INCOTERMS® 2020 CIF Mombasa. The LC is issued via SWIFT MT700 and advised through State Bank of India, Mumbai. The LC specifies five documentary requirements and a latest shipment date of 31 July 2026.
2. The Indian exporter manufactures and ships the goods. Upon loading on board the vessel at Nhava Sheva Port, Mumbai (the INCOTERMS® CIF risk transfer event), the exporter's VSC-conformant system automatically generates the required credentials: a CommercialShipmentCredential (with HS classification, INCOTERMS® classification, and trade finance binding referencing LC2026-08921-IN-KE), a TransportEventCredential (Bill of Lading equivalent with on-board notation), an OriginCredential (GSP Form A issued by DGFT), an AggregationEventCredential (Packing List), and an InsuranceCredential (Allianz Policy, ICC C, 110%).
3. The exporter assembles all five credentials into a single Verifiable Presentation and submits it to the VSC verification engine (operated by SBI Mumbai's trade finance platform). The VP includes the settlement trigger event reference: the on-board-vessel event at Nhava Sheva Port.
4. The VSC verification engine performs automated documentary compliance checking: it verifies that each of the five LC documentary requirements is satisfied by a corresponding VSC credential in the VP, that each credential's DID issuer is in the ICC Trade Trust Framework registry, that each Data Integrity proof is valid, that the HS code matches the LC goods description, that the INCOTERMS® rule (CIF) matches the LC terms, and that the shipment date is within the LC validity period. All five requirements pass. The verifier signals "Compliant Presentation — UCP 600 Article 15(a) — Honoring bank may honor."
5. Upon "Compliant" status, the settlement process is triggered: SBI Mumbai negotiates the documents and releases payment of USD 250,000 to the exporter. Simultaneously, the lcPresentationStatus is updated to "paid" and the titleTransferCondition ("upon_payment") is recorded as satisfied, transferring title to the buyer. The entire process from VP submission to funds credited: approximately 30 seconds.
6. The buyer receives the shipment in Mombasa. If a dispute arises (e.g., temperature excursion during ocean freight), the INCOTERMS® CIF risk transfer event in the credential chain confirms that risk transferred at Mumbai — the buyer bears the loss but has an insurance claim. The same VSC credentials that satisfied the LC now serve as evidence for the insurance claim.

Failure modes:

• Missing Documentary Requirement: The VP contains four of the five required credentials — the Insurance Certificate is missing. The verifier signals "Discrepant Presentation — Missing: Insurance Certificate (UCP 600 Art. 28). CIF shipment requires insurance credential. LC Requirement #5 not satisfied." The exporter is notified and can add the missing credential before the LC expiry date.
• Documentary Discrepancy: The Commercial Invoice credential declares HS 3004.90 (medicaments) but the LC goods description specifies "Paracetamol 500mg tablets — HS 3004.90.11." The verifier detects that the HS code in the credential (3004.90) does not match the LC specification at the national tariff line level (3004.90.11). The verifier signals "Discrepant Presentation — Commercial Invoice: HS code mismatch. Credential: 3004.90. LC requires: 3004.90.11."
• LC Expiry Before Presentation: The exporter submits the VP on 16 August 2026 — one day after the LC expiry date of 15 August 2026. The verifier checks the presentation date against the LC expiry and signals "Discrepant Presentation — Late presentation (UCP 600 Art. 6(d)(i)). LC expired 15 August 2026. Presentation date: 16 August 2026."
• Unauthorized Issuer: The Certificate of Origin credential is issued by a DID that is not registered in the DGFT-authorized Certificate of Origin issuer registry. The verifier rejects the credential with "Issuer not authorized — Certificate of Origin must be issued by DGFT-registered authority (GSP Form A)."

Requirements motivated: REQ-F01, REQ-F03, REQ-F07, REQ-F11, REQ-F13, REQ-F15, REQ-F16, REQ-NF03.

Requirements Summary

The following table provides a high-level overview of all twenty functional and five non-functional requirements. Each requirement is linked to its detailed specification below and cross-referenced to the use cases that motivate it.

Functional Requirements

This section specifies the twenty functional requirements (REQ-F01 through REQ-F20) that govern VSC-conformant implementations. Each requirement includes its conformance level, the conformance class to which it applies, a rationale citing published standards or regulations, and a testability statement suitable for inclusion in a formal conformance test suite.

Non-Functional Requirements

This section specifies the five non-functional requirements (REQ-NF01 through REQ-NF05) that govern performance, privacy, interoperability, extensibility, and long-term verifiability characteristics of VSC-conformant implementations.

Threat Model

VSC threats are analyzed at the four primary trust boundaries: (1) issuer key material, (2) event credential content, (3) event chain linkage, and (4) issuer registry integrity.

Fraudulent Event Injection (T-01)

A malicious actor may attempt to inject fabricated Supply Chain Events by creating validly signed credentials from an authorized DID for events that never occurred, or from an unauthorized DID. VSC implementations MUST verify issuer identity and authority as specified in REQ-F03 and REQ-F07. Verification SHOULD include checking the issuer's DID against the Issuer Registry referenced in the credential or the verifier's trust framework configuration.

Physical-world corroboration (IoT sensor data, GPS timestamps, third-party inspection certificates referenced as linked credentials) provides additional assurance that event credentials correspond to actual physical events. VSC implementations SHOULD support referencing corroboration evidence as linked credentials in the credential evidence property.

Credential Replay (T-02 / T-01)

A valid Verifiable Credential for one shipment may be replayed in a presentation for a different shipment, or a credential may be presented outside its intended time window.

Implementations SHOULD include one or more of the following context-binding mechanisms to mitigate replay:

• Presentation challenge: Verifiers SHOULD provide a cryptographic challenge nonce that the holder must include in the Verifiable Presentation's proof, binding the presentation to the specific verification session. This is supported by [[VC-DATA-MODEL]] Section 6.3.
• Audience binding: Credentials SHOULD include an audience or equivalent field identifying the intended verifier DID, preventing use of the credential by a different verifier.
• Temporal constraints: Credentials MUST include validFrom and SHOULD include validUntil values. Verifiers MUST reject credentials outside their validity period.

Broken Custody Chains (T-02)

A verifier may receive an Event Chain from which one or more credentials have been omitted — either accidentally (data loss) or deliberately (to conceal an unauthorized custody transfer). VSC-conformant verifiers MUST detect gaps in event chains and signal non-verifiability with specific error codes as defined in REQ-F09. Implementations SHOULD treat a broken chain as a verification failure unless the verification context explicitly permits incomplete chains (e.g., for partial audit queries).

Issuer Key Compromise

If an issuer's DID private key is compromised, an adversary can issue fraudulent event credentials indistinguishable from legitimate ones. Issuers MUST implement key management practices consistent with [[NIST-SP800-53]] IA-5, including:

• Hardware Security Module (HSM) storage for signing keys;
• Key rotation schedules with DID Document update;
• Revocation of all credentials issued after suspected compromise.

The VSC Trust Framework specification SHOULD define sector-specific key management requirements and mandatory incident response procedures for key compromise events.

Commercially Sensitive Supply Chain Data

Supply chain event credentials frequently contain information that is commercially sensitive: supplier identities, production volumes, pricing signals embedded in batch sizes, and logistics routing. Disclosing this information beyond the minimum required by a verification context:

• Violates [[GDPR]] Article 5(1)(c) data minimization principle for EU-based participants;
• May constitute trade secret misappropriation under applicable national law; and
• Undermines commercial trust between supply chain participants, reducing adoption of VSC.

VSC implementations MUST support selective disclosure (REQ-F05) and SHOULD use pairwise DIDs (REQ-NF02) to minimize information disclosure.

Credential Linkability

If all credentials issued by a given Supply Chain Actor use the same long-lived DID, a verifier can correlate all events asserted by that actor across time and contexts. This enables surveillance of supply chain participants' business activity beyond the scope of individual verification requests. Implementations SHOULD use pairwise DIDs per trading relationship, or short-lived credential identifiers, to limit cross-context correlation. Zero-knowledge proof mechanisms (e.g., [[BBS-2023]]) SHOULD be preferred for contexts where correlation risk is high.

Personal Data in Event Credentials

Some supply chain events may involve personally identifiable information (e.g., the name of a quality inspector, a driver's identity, or patient-level pharmaceutical dispensing data). VSC credential schemas MUST NOT require PII fields beyond the regulatory minimum. Where PII is required by regulation, issuers MUST apply selective disclosure to prevent disclosure of PII to parties who do not require it, consistent with [[GDPR]] Article 25 and analogous data protection frameworks.

Design Principle: Regulation as Executable Code

Every trade regulation, without exception, is a conditional statement. DSCSA §582 requires product tracing if the product is a prescription drug sold in the United States. EUDR Article 3 requires due diligence if the commodity is listed in Annex I and is placed on the EU market. UCP 600 Article 14 requires documentary compliance within five banking days if the payment instrument is a Letter of Credit. INCOTERMS® 2020 CIF requires insurance at 110% of invoice value if the named place is a port of destination.

These conditions are expressed in legal prose — precise to lawyers, opaque to machines. Each regulation requires a separate interpretation, a separate compliance team, a separate software module. When a regulation changes — a new HS code is added to an annex, a tariff rate is adjusted, a documentary requirement is modified — the software must be updated. When a new regulation emerges — a carbon border adjustment, a digital product passport, a forced labour due diligence — a new software module must be built.

The VSC Regulatory Rule Compiler eliminates this cycle. It treats regulation as executable code over the Event Matrix. Every regulatory requirement is expressed as a deterministic function that accepts a matrix row as input and returns a compliance status as output. The function references only the five standardized dimensions of the matrix. When a regulation changes, only the rule changes — not the verification engine. When a new regulation emerges, a new rule is written — no new software is required.

Architecture: Compiler Pipeline

The VSC Rule Grammar

Every rule is expressed in a structured format that references only the five standard matrix dimensions. The grammar is designed to be both human-writable and machine-executable, using a syntax familiar to regulatory professionals while producing deterministic verification outcomes.

RULE: <rule_identifier>
VERSION: <semantic_version>
JURISDICTION: <ISO_3166-1_alpha2>
REGULATORY_REFERENCE: <citation>
EFFECTIVE_DATE: <ISO_8601_date>
DEPRECATES: <previous_rule_identifier | null>

WHEN:
  D1.event_type IN [<event_type_list>]
  AND D2.did_method IN [<did_method_list>]
  AND D3.hs_chapter IN [<chapter_list>]
  AND D3.hs_heading IN [<heading_list>]
  AND D3.hs_code IN [<hs_code_list>]
  AND D4.incoterms IN [<incoterms_list>]
  AND D4.incoterms_version = <version_year>
  AND D5.payment_instrument IN [<instrument_list>]
  AND D5.jurisdiction = <ISO_3166-1_alpha2>

REQUIRE:
  DIMENSION: <D1|D2|D3|D4|D5>
  CHECK: <validation_function>
  PARAMETERS: <key_value_pairs>
  ON_FAILURE: <NON_COMPLIANT | CONDITIONAL | FLAG>

OUTCOME:
  COMPLIANT: <action_if_all_requirements_met>
  NON_COMPLIANT: <action_if_any_requirement_failed>
  CONDITIONAL: <action_if_conditional_requirements>

Compiled Rule Examples

Essential Properties of the Rule Compiler

Regulation-Neutral

The compiler does not encode any specific regulation. It provides the grammar for expressing regulations as executable rules. Any regulation from any jurisdiction that can be expressed as conditions over the five matrix dimensions can be compiled into a VSC rule. The compiler is to regulations what a programming language compiler is to source code: it translates human-readable requirements into machine-executable instructions without understanding the domain.

Deterministic Output

For a given rule and a given matrix row, the compliance determination is always identical. Two verifiers applying the same rule version to the same event will produce the same outcome. This eliminates the interpretive variation that currently requires multiple compliance teams to reach different conclusions from the same regulatory text.

Versioned and Deprecatable

Rules carry semantic versions. When a regulation changes — a new HS code is added to an annex, a threshold is adjusted, a documentary requirement is modified — a new rule version is published. The previous version is marked as deprecated but remains available for audit purposes. Verifiers specify which rule versions they apply. An event verified against DSCSA_Package_ Traceability v1.0.0 on 15 June 2025 can be re-verified against v1.1.0 on 15 December 2025 without ambiguity about which requirements applied at the time of the event.

Composable

Multiple rules can apply to a single event. A pharmaceutical shipment from India to Kenya under CIF terms with LC payment triggers DSCSA export requirements, INCOTERMS® CIF insurance requirements, UCP 600 documentary requirements, and potentially CBAM carbon declaration requirements. Each rule is evaluated independently. The verifier aggregates results: an event is COMPLIANT only if all applicable rules pass.

Graduated Failure Modes

Rules produce three outcomes, not two. COMPLIANT means all requirements are satisfied. NON_COMPLIANT means a mandatory requirement failed — the event cannot proceed. CONDITIONAL means a requirement failed but the event can proceed with additional conditions (e.g., CBAM certificate purchase, physical inspection, additional documentation). This tri-state logic reflects how regulations actually work: not all failures are hard stops.