Semantically-enriched blockchain audit anchoring for policy-as-code governance in heterogeneous cloud environments: implementation, evaluation, and regulatory mapping
摘要
Regulated organisations deploying workloads across multiple cloud providers face a compliance verification problem that existing tools address only partially. Policy-as-Code frameworks such as Open Policy Agent automate enforcement but record decisions in mutable logs that carry no cryptographic integrity guarantee. Permissioned blockchains such as Hyperledger Fabric provide tamper-evident storage but capture only that a transaction occurred, not whether it complied with any policy or what policy context governed it. The resulting enforcement-to-audit gap means that independently verifiable compliance evidence required by GDPR Article 5(2), HIPAA §164.312(b), Basel III Pillar II, and India’s Digital Personal Data Protection Act 2023 cannot be produced by current integrated systems. This paper describes, implements, and evaluates a semantic audit anchoring mechanism that bridges this gap. Every OPA policy decision is structured into a six-field semantic tuple