Blockchain, Provenance, Traceability & Chain of Custody

This is an article written by John G. Keogh.

Here are my answers to questions posed over the past few months online and in industry and regulator dialogue. As some of my points can be successfully argued from different angles, this is intended to create the dialogue and not limit it. Your comments and perspectives are valuable and I look forward to this discussion.

Question 1 : Do I need a Blockchain for effective Food Recall? 

No. In a closed supply chain with limited exchange partners you don’t need a blockchain to execute a rapid recall of an unsafe product. Any GS1-standards based technology platform can be used to rapidly trace (backward) and track (forward) a consumer packaged product if the product has a data carrier (barcode) and/or batch/lot # attached. Check out the GS1 global office website or your country GS1 organization as they have a traceability and product recall standard and guidelines on how to execute recall effectively.

In the USA, industry standards body GS1 has partnered with GMA and FMI and has a nationwide, cloud-based Rapid Recall Express platform in operation for almost 10 years. There are similar industry-driven, national recall platforms in place in CanadaAustralia and New Zealand which align to regulations and helps protect consumers and reduces industry risks. GS1 South Korea has a ‘stop-sale’ process in place with multiple government regulators for about 10 years. If any of the regulators determine a product is unsafe, the regulator sends a GS1-centric message to the retailers HQ. Within 30 minutes of receiving the regulators alert, all points of sale (cash registers) in the country are blocked and the ‘stop-sale’ process is enacted. I have seen this in action and it’s amazing. The stop-sale process is quickly followed by the formal recall process. This globally unique process reduces the risk of consumer harm and helps to protect the brand at the same time.

Blockchain is helpful for a recall use case when you have multiple exchange partners across multiple countries and using disparate technologies (see Q2). The opensource and purpose-built blockchain data protocol from OriginTrail is very useful in this scenario because it enables GS1-standards based interoperability between multiple blockchains and legacy. As the below slide from OriginTrail indicates, today we have many data silos and interoperability is crucial to address both traceability, transparency and to execute a rapid recall. Origin Trail will be the first to advise that without first addressing data governance (accurate and standardized data) blockchain will not work as intended.

Disclaimer: I advise the Origin Trail board on industry standards, transparency and trust

Question 2: Are current food regulations driving the need for Blockchains?

Yes. Regulations are generally non-prescriptive and in the food chain they call for a “1-up/1-down” traceability. In complex, multi-party supply chains this is costly, time-consuming and can lead to (preventable) illness and death. In the Walmart Mango use case, it took almost 7 days to execute a mock recall based on 1-up/1-down approach and 2.2 seconds using their specific Blockchain configuration. Blockchain technology is helpful in complex, multi-country, multi-exchange party supply chains that already have good data governance and industry data standards (GS1) in place. A standards-based blockchain enables linkages to be made between the exchange parties and permits sharing of product master data, transactional data and event data – the unhindered flow and visibility of this data is what we call transparency.

I have adapted and use the following diagram to explain the success of the Walmart model in context of theoretical and practical applications of transparency and trust using technology. In this model, the below-the-line RMT indicates regulation mediated transparency. You will note that this is based on mistrust – so are strong contracts that buyers put in place with suppliers. The alternative is what Walmart achieved with voluntary trust-building with strategic transparency and identification based trust enabled by technology – what I call TMT or Technology Mediated Transparency.

Question 3: Can Blockchain guarantee Food Safety and Food Authenticity?

No. Blockchain is oversold as a guarantee of food safety, food authenticity and anti-counterfeit in general. The only legitimate and legal way to guarantee food safety and authenticity is through analytical testing of the product itself – we cannot track the outer package or container and claim the food is safe and authentic. On-pack security features (forensic, covert or overt) help in fraud detection but forensic evidence is required for successful conviction in food fraud cases.

Example 1. WINE bottle recycling

There is a known underground industry that trades in used wine bottles. A hotel or restaurant worker may be incentivized to collect and sell empty vintage wine bottles for hundreds of dollars each. They are re-filled and re-sold for thousands of $, often with fake security features. According to a 2017 Forbes article, an estimated 30,000 bottles of fake imported wine are sold in China every hour. Solution providers are making technology advances and offering security features that create obstacles on the bottle itself including tamper-evident features and fraud alerts for multiple scans of the serialized identifier. Despite the technology improvements and their utility, the only way to legally guarantee the wine is genuine is through forensic testing of the wine bottle contents against the reference samples taken from the harvested crop, or the final blended mix. The storage of reference samples by harvested batch may be a regulatory requirement in some regions.

Example 2. Commingling of fresh fruit and vegetables

Colorful vegetables for sale at the Central Market of Hoi An, Vietnam

Fresh fruits and vegetables may be commingled with products from multiple, geographically dispersed suppliers which increases the risks related to quality, safety, authenticity and provenance. For example, a product may claim to be organic but might have 50% non-organic mixed in to complete the order. The role of blockchain and other technologies in this scenario is limited because human behaviour is the variable. Risk reduction strategies will vary and depend on the context and culture. They can draw on combinations of 1) incentivized behaviour to reduce cheating 2) training on a food safety culture 3) effective food safety practices 4) farm and supply chain auditing 5) industry supply chain standards 6) technology solutions and 7) analytical science. The latter, analytical science being the most critical for evidence.

Question 4: Can Blockchain deliver a guarantee of Food Provenance?

European flags on minced meat. International meat trade

No. This is confusing I know. Provenance refers to geographic source or origin and is determined by forensic science not software, GPS or hardware (see below traceability). Let me share a hypothetical example; lets say we have potatoes and carrots in Vietnam that go to market as ‘product of Vietnam’. In one possible scenario, bad actors could roll the veggies in dampened local dirt to enhance the illusion of being a local product. When the product is forensically tested, both the veggie species, and their carbon fingerprint proves they are indigenous to, and were grown in a particular region of China. This is food fraud and classified as an economically motivated adulteration where a cheaper product is sold as a more expensive premium local product. Blockchain, IoT, stickers/logos or barcodes on bundles of products will not solve this because human behaviour is the variable.

Analytical laboratories can address these issues as part of a regular audit of suppliers and supply chains. Similarly, forensic testing can determine if fish were wild caught or farmed. Companies doing exceptionally well at this today include Perth-based Source Certain and New Zealand-based Oritain, to name a few.

Question 5: What’s the difference between provenance, traceability and chain of custody?

Even the experts get these confused. Let me explain how I see it. Provenance is defined above as geographic source or origin and it is guaranteed only through the results of forensic testing of it’s carbon fingerprint. You will hear experts or software companies say they ‘track provenance’. In many cases what they really mean is classic supply chain traceability or in some cases, chain of custody. Classic traceability includes the source of the materials and is best interpreted as the ‘business or logistics source’. In my opinion, we should not call it tracking provenance as we are not necessarily tracking the true geographic source or origin per-se, we are tracking physical ‘movement’ from a business or logistics source through the supply chain. This draws an important distinction between classic product traceability and forensic product traceability of the geographic source or origin as defined by forensic testing of the products carbon fingerprint.

To help the discussion and align on terminology, see below definitions of food traceability extracted from Olsen and Borit (2013).

CODEX: Traceability is defined in the Codex Alimentarius Commission Procedural Manual (FAO/WHO, 1997) as “the ability to follow the movement of a food through specified stage(s) of production, processing and distribution ”.

ISO: Traceability defined in ISO 9000 and ISO 22005. ISO 9000 (ISO, 2000) as “The ability to trace the history, application or location of that which is under consideration”

The ISO 22005 (ISO, 2005 ) definition is word for word the same as the ISO 9000 definition, but ISO 9000 is a standard for quality management systems in general whereas ISO 22005 is a specific standard for traceability in the food and feed chain. ISO 22005 adds that “Terms such as document traceability, computer traceability, or commercial traceability should be avoided. ”

For all these ISO definitions (ISO 8402, ISO 9000, ISO 22005), there is an additional clause which states that when relating to products, traceability specifically entails “the origin of materials and parts, the processing history, and the distribution and location of the product after delivery”.

EU General Food Law (EU, 2002) defines traceability as “The ability to trace and follow a food, feed, food producing animal or substance intended to be, or expected to be incorporated into a food or feed, through all stages of production, processing and distribution ”.


The net-net, traceability includes the material origin. A brief note: within a supply chain, physical products are tracked-forward but traced-backwards and this bi-directional capability is generally referred to as traceability. The chart below is unpublished and from my academic research. It shows the nuances of information, product and assurance flows.


Chain of Custody (CoC)

CoC or cumulative tracking was an active discussion in pharmaceuticals in the early to mid 2000’s but seems to have lost some favour. CoC is critically and legally important in highly regulated sectors. For example in weapons, explosives, transport of bulk money, works of art etc. where exact time stamps of the product physical movement, locations and details of all transactions including the parties in physical custody must be tracked and registered. This is similar to a FedEx package delivery where very detailed information is available and signatures are required for acceptance from one party to another. This accumulation of data along the supply chain is sometimes referred to as similar to a ‘Russian doll’.

Example: Pharmaceuticals and Tobacco

Pharmaceuticals and tobacco are two sectors that are highly regulated to protect against many issues including illicit trade, counterfeit, human health and safety etc. What this means is that every dispensing unit of a drug and every pack of cigarettes must be globally and uniquely identified with a serial number and tracked at every stage in it’s supply chain (to the point of dispensing for drugs and to the last point before purchase for tobacco. Note, drugs are tracked to prescriptions and patients, tobacco is not tracked to smokers).

In the (old) chart below from GS1, CoC is represented by cumulative tracking in comparison to 1-up/1-downcentralized database control for closed networks and distributed databases; which we noted more than 15 years ago and is now similar to the current blockchain dialogue. The latest version of the various traceability models can be found in the GS1 Global Traceability Standard (2017).

Disclaimer: I was previously a senior vice president at GS1 Canada and Director of Product & Consumer Safety at GS1 Global office.

Food is regulated of course but not to the extent above that it requires serial number specificity (lot size 1). Generally, food is tracked by lot, batch or date code and a can of soda will have the same global trade item number (GTIN) as the same soda product next to it. The GTIN, while globally unique and aligned to the brand is not a serial number and is referred to as a product family or class code. With the increase in food fraud, there is now growing momentum to add a second data carrier to a food product with a serialized identifier and links to a product web page or product authentication tools. Note, date carrier is a ‘family name’ for all barcodes and RFID tags. Regulations may suggest the ‘data to be carried’ and the brand owner will then select the appropriate data carrier.

To visualize how a GTIN works in a food chain today, see the chart below from GS1 which can be found in the 2017 version of the Global Traceability Standard


On August 13th 2018, GS1 released a new standard called the GS1 Digital Linkstandard which will enable connections to all types of B2B and B2C information. This new standard is the foundational bridge between physical products and their digital twins.

That’s it for this post – your comments, feedback and opinions are highly valued and very important. Keep an eye out for upcoming posts on topics related to transparency, trust, credence, anti-counterfeit, traceability, product recall, blockchain, provenance and many more.

About the Author:

John G. Keogh is a sought-after speaker, advisor and researcher. Operating at the intersection of the Public + Private sectors globally, he provides confidential advisory, research & interventions across policy, operations, strategy and technology.

John holds a PG Dip. and an MBA in General Mgmt. He has an MSc (distinction) in Business and Management Research into Supply Chain Transparency and Consumer Trust. He is currently a part-time, associate researcher at Henley Business School, undertaking doctoral (DBA) research into food chain transparency and consumer trust. John plans to publish an ebook “Food Chain Transparency – what executives need to know” in 2018.

Photo by Martin Adams on Unsplash

Leave a Reply

Your email address will not be published. Required fields are marked *