Please see the original interview on SafetyDetectives.
In a world where trust in data is becoming as important as the data itself, SafetyDetectives sat down with Robert Zapfel, Co-Founder of iov42, to explore how his company is reshaping the way global supply chains handle compliance, transparency, and risk. Zapfel’s journey into tech began at age 10 and spans decades of innovation—from early entrepreneurship in Austria to global infrastructure projects in Africa and India, and now to building identity-centric digital ecosystems.
Founded in 2016, iov42 aims to solve one of today’s biggest challenges: how to share and verify information in a secure, reliable, and privacy-preserving way. In our conversation, Zapfel explains how their flagship platform, Interu, helps companies meet complex regulatory demands like the EU Deforestation Regulation (EUDR), why AI in risk assessment must be handled with care, and how verifiable identities and data provenance are transforming supply chain accountability.
Can you introduce yourself and tell us a bit about your background and what led you to co-found iov42?
I’ve been fascinated by computer science since I was about 10 years old, starting with pocket calculators and later moving on to early home computers. At 14, I built my first accounting software and ended up selling it to tax consultants in Austria, which became my first taste of entrepreneurship.
In 1989, I founded my first company and went on to launch several ventures, including a mobile payment system that expanded to 88 countries. After selling that business, I set up a venture capital firm and worked on projects across India and Africa, building remote telecom and telemedicine infrastructure.
Around 2013, I started focusing on FinTech and blockchain. Back then, most blockchain projects were about creating new Altcoins, which I felt didn’t solve real problems. Over many discussions—some sketched out on pub napkins in Vienna—we came up with the idea that a distributed ledger should be identity-centric. That vision led to co-founding iov42 in 2016 to help organisations build trust through verifiable identities and claims.
What are the main services offered by iov42?
iov42 was born out of a bold vision: to unlock the potential of secure, transparent, and trustworthy data sharing across the world’s most complex industries. Over the years, our team has brought together diverse perspectives and deep technical expertise to reimagine how organisations manage and share data.
To address the challenges of fragmented and opaque data systems, we initially built our own distributed ledger technology (DLT). This work established iov42’s reputation for building solutions that prioritise trust, security, and data integrity. Today, iov42 offers a range of services designed to simplify the complexities of trust and empower organisations to operate transparently and efficiently. Our main services include:
Traceability and compliance through Interu: Building on iov42’s heritage in trusted data sharing, we developed Interu, an industry-leading supply chain traceability product. Designed to bring clarity and integrity to global supply chains, Interu allows businesses to confidently collect, store, manage, and share due diligence information to verify and track materials back to source. Whether it’s helping companies comply with regulations like the EU Deforestation Regulation (EUDR), providing consumers with confidence in the products they buy, or improving operational efficiencies and cutting costs, Interu demonstrates how traceability drives compliance, transparency, and sustainability – all while supporting global trade and market access.
Ultimately, while our early DLT innovations shaped our approach to building trusted digital ecosystems, our focus today is on delivering practical, user-centred solutions like Interu that make secure and transparent data sharing a reality across industries.
How does Interu help Operators and companies stay compliant with deforestation regulations like the EUDR?
Interu enables Operators and companies to comply with deforestation regulations like the EUDR by:
- Collecting, verifying, and storing the due diligence data required to prove supply chains are deforestation-free.
- Providing tools for end-to-end traceability, mapping materials and products to their precise geolocations and checking them against deforestation risk datasets.
- Streamlining workflows, through our integrations with TRACES NT and other best-of-breed technology providers like Orbify, it is easier for companies to prepare due diligence statements and respond quickly to regulators or audits.
Compliance isn’t just about ticking a box – it’s about demonstrating responsibility and protecting market access.
You’ve raised concerns about using AI for risk assessment in supply chains. What do you see as the biggest dangers, especially when safety and compliance are on the line?
AI offers exciting possibilities for supply chains, but there are real limitations and dangers when it comes to compliance and safety-critical decisions. One of the biggest risks is that AI models are only as good as the data they’re trained on or analysing. In many supply chains, data is incomplete, unverified, or inaccurate, and if you feed that into AI, you risk automating flawed conclusions.
Another danger is over-reliance on AI outputs. There’s a tendency to treat AI recommendations as objective truths, when in reality, models are non-deterministic, opaque, based on mathematical probabilities, can make mistakes, hallucinate results, or produce answers without meaningful explainability. For deforestation compliance, for example, if a company uses AI to assess sourcing risk but the underlying data isn’t robust, they could unknowingly place non-compliant goods on the market.
Finally, there’s the challenge of accountability. When a decision is made by an AI, who takes responsibility if something goes wrong? Without clear governance frameworks, companies could find themselves exposed legally and reputationally. The EU-AI act makes a “human oversight” mandatory for high-risk businesses, like finance and medicine. So, regulation has caught up and prohibits “autopilots” in critical applications.
In short, AI should be seen as a powerful tool to support expert decision-making, not replace it. It’s essential to combine AI insights with high-quality, verified data and human expertise to ensure supply chains remain safe, compliant, and trusted.
What role does verifiable identity and data provenance play in reducing supply chain risk and improving accountability?
They’re absolutely foundational. Verifiable identity ensures you know who or what you’re dealing with – whether it’s a person, an organisation, or a dataset. Data provenance ensures you know where your information comes from and how it’s been handled along the way.
Together, they:
- Allow organisations to trust the data they’re using for decisions.
- Improve accountability because bad actors can’t hide behind anonymity or altered records.
- Enable faster, more reliable compliance processes, as everything is traceable and auditable.
Without verifiable identity and data provenance, supply chains remain vulnerable to fraud, errors, and hidden risks.
Looking ahead, how do you see the intersection of AI, regulation, and supply chain safety evolving — and how is iov42 positioning itself for that future?
AI is already transforming compliance. Large language models fine-tuned on regulatory texts can certainly help with supply chain comprehension and analysis under regulations like the EUDR, cutting manual effort substantially.
But regulation is catching up fast. The EU AI Act classifies opaque, “black-box” risk scoring, like automated agentic AI classifications, as high-risk, which means supply chain models need to be explainable and backed by immutable evidence trails. Service providers using verifiable-by-design solutions like Interu can turn compliance from a cost centre into a competitive edge.
Data and trust in that data is key to the successful application of AI and so we have built a foundation on collecting, securing and distributing data. Looking forward, we see great potential for AI – and other technologies around cryptographic trust – in the following areas:
- Compliance automation: Embedding GenAI copilots that interact with suppliers, identify missing due diligence sections, and highlight anomalies to human reviewers—aligning with the EU AI Act’s “co-pilot, not autopilot” (human oversight) approach.
- Risk analytics: Replacing ‘static’ rules with AI agents that monitor real-time signals—like tariff updates or satellite deforestation alerts—and trigger proactive flags and reports.
- Privacy-preserving data sharing: Expanding our platform to cover product integrity and AI supply chain security, positioning Interu as the trust layer connecting certifiers, operators, and regulators.
- Unified compliance: Interu acts as a single evidence base, enabling operators to meet AI Act, EUDR, and DPP (Digital Product Passport) requirements through one dataset, one audit trail, and one portal.
- AI governance: Continuous monitoring modules check risk classifications, track model drift, and raise alerts if thresholds are crossed.
- Zero-knowledge proofs: To help specifically with trust in data, we see a future where suppliers can prove compliance (for example, that plantation coordinates are in deforestation-free zones) without disclosing sensitive raw data.
Ultimately, we see AI and cryptographic trust working hand in hand to make supply chains safer, more transparent, and easier to audit—without compromising privacy or accountability.
***
About the Author
Shauli Zacks is a content editor at SafetyDetectives.
He has worked in the tech industry for over a decade as a writer and journalist. Shauli has interviewed executives from more than 350 companies to hear their stories, advice, and insights on industry trends. As a writer, he has conducted in-depth reviews and comparisons of VPNs, antivirus software, and parental control apps, offering advice both online and offline on which apps are best based on users' needs.
Shauli began his career as a journalist for his college newspaper, breaking stories about sports and campus news. After a brief stint in the online gaming industry, he joined a high-tech company and discovered his passion for online security. Leveraging his journalistic training, he researched not only his company’s software but also its competitors, gaining a unique perspective on what truly sets products apart.
He joined SafetyDetectives during the COVID years, finding that it allows him to combine his professional passions without being confined to focusing on a single product. This role provides him with the flexibility and freedom he craves, while helping others stay safe online.