CBAM Supplier Attestation

Chain country, origin, and carbon-intensity attributes required by EU CBAM as cryptographic attestations — without exposing supplier raw data or trade secrets.

Manufacturing exporting to the EU · Steel, aluminum, cement, fertilizer · Multi-tier supply chain · Trading houses and brokers 5 min read

live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist

01 · WHO IT'S FOR

Who this is for.

Your business exports to the EU, or sits inside the EU as an importer for products in CBAM-covered categories. The 2026 reporting cycle is no longer a forecast — auditors are starting to ask for evidence, and your suppliers are starting to ask why they have to share more than they used to.

Regulatory-affairs leads at manufacturers exporting steel, aluminum, cement, or fertilizer to the EU
Procurement leads gathering CBAM evidence from upstream suppliers, including multi-tier suppliers they don't directly contract with
Risk and trade-compliance owners balancing supplier confidentiality against EU regulatory exposure

02 · THE SHIFT

Hand over the source, or just the facts?

Without Lemma

Hand over the raw source

production data, cost and supplier-internal dealings

↓ all of it reaches the AI / outside

With Lemma

Share only the proven facts

meets CBAM-required country, origin and carbon-intensity attributes

✓ ZK VALID

↓ only the necessary facts

Each tier of the chain — the smelter, the rolling mill, the trader, the importer — issues attestations for the attributes CBAM actually checks: country of production, carbon intensity, the regulatory regime the attribute was measured against. The attributes are signed against each supplier's reference data (production logs, energy mix, monitoring system output), but the proof reveals only the attribute, never the underlying source.

Downstream parties verify the attestation directly. A trader chaining steel from a smelter to an EU importer doesn't need the smelter's production data — it needs proof that the smelter's reported carbon intensity holds under CBAM's measurement scheme. When that proof is a ZK attestation rather than a PDF, the trader can compose it with their own attestation and pass a single chained proof to the importer.

The result is that CBAM evidence becomes a cryptographic chain instead of a document-discovery exercise — and each link controls exactly what flows downstream.

See the technical details ↗

03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method	Pass without exposing	Independent verification	Tamper-proof
Access control only	△	✗	✗
Masking / anonymization	△	✗	✗
Encryption only	✓	✗	✗
Lemma (ZK proof)the only one with all 3	✓	✓	✓

04 · HOW IT WORKS

How it works

Tell us where your CBAM evidence is concentrating risk today — which category, which supplier tier, which counterparty disclosure conversation has stalled. We'll explore together whether per-attribute attestation could fit. No supplier data or production methodology required.

05 · RELATED

Related use cases

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Regulatory Attribute in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →