EireLedger: A ZKP-enabled Privacy-Preserving Blockchain Framework for Cross-Border Regulatory Compliance in Irish MedTech SMEs Supply Chain
Abstract
The complexity of cross-border regulatory compliance in the MedTech sector imposes significant administrative and financial burdens on manufacturers, characterized by manual processes, data redundancy, and country-specific, cross-border heterogeneous regulations. To address this, we present EireLedger, a decentralized framework that automates and cryptographically enforces regulatory compliance verification. EireLedger utilizes a novel dual-purpose zero-knowledge proof (ZKP) scheme, instantiated with Groth16 zk-SNARKs, which allows a manufacturer to prove a device dossier's compliance to a jurisdiction-specific regulator in a privacy-preserving manner, while simultaneously generating a verifiable ZKP-based access grant for the regulator. This cryptographic proof is immutably anchored to a permissioned Hyperledger Fabric blockchain, which orchestrates the protocol and maintains a minimal, auditable record. The corresponding encrypted dossier artefacts are stored off-chain in a private IPFS cluster. Our comprehensive evaluation demonstrates that on-chain proof verification is highly efficient with a median latency of 12.3 ms, and our integrated ZKP-as-access-control model reduces end-to-end audit latency by 40% compared to traditional attribute-based access control (ABAC) by eliminating external authorization calls. The on-chain storage footprint is constant at ~2.1 KB per audit, ensuring data minimization. The framework also supports right to erasure in compliance with GDPR, cryptographically unpinning a 5 GB dossier in under 90 s. These results establish EireLedger as a novel, privacy-preserving, and practical solution for cross-border regulatory compliance in the MedTech supply chains.