IOTA has launched IOTA Audit Trails, an open-source tool designed to help organizations create verifiable histories of business records on the IOTA public ledger while keeping sensitive source data off-chain. The alpha release extends the IOTA Notarization toolkit from individual proofs into governed, ordered workflows that can be inspected by authorized parties across organizations.
IOTA Launches Audit Trails for Onchain Records
IOTA announced the launch on June 11, positioning Audit Trails as a response to a familiar enterprise problem: business records often move across databases, spreadsheets, internal logs, and exported reports that outside parties cannot independently verify. In an X post, IOTA framed the product around database-neutral verification, writing: “IOTA Audit Trails: because trust in business records shouldn’t depend on who controls the database. Today we’re launching a new open-source solution that lets any authorized party verify the full history of a workflow, without gatekeepers, intermediaries, or blind faith.”
👣 IOTA Audit Trails: because trust in business records shouldn’t depend on who controls the database. Today we’re launching a new open-source solution that lets any authorized party verify the full history of a workflow, without gatekeepers, intermediaries, or blind faith. 🧵⤵️ pic.twitter.com/vwiJjhJenY
— IOTA (@iota) June 11, 2026
The accompanying IOTA blog post describes Audit Trails as part of the IOTA Notarization toolkit and states that it is available as an alpha release with a Move package, Rust SDK, and WebAssembly bindings. The toolkit is intended to anchor “governed, ordered histories” onchain so records and the authority behind them can be verified independently. “Every business process leaves a trail. A product moves through suppliers, a clinical trial collects study events, a customs workflow gathers approvals, and a compliance team reviews the evidence behind a decision.”
The core claim is not that enterprises should place confidential files directly onchain. IOTA emphasizes that Audit Trails records hashes, events, metadata, and proofs needed for verification, while original business documents, medical records, proprietary reports, or personal data should remain off-chain. The blog states: “This approach gives organizations a verifiable record of existence, order, and integrity without exposing confidential source material. Public ledgers provide integrity and availability; application design must still handle privacy, encryption, and access to the underlying off-chain data.”
New Toolkit Anchors Business Workflows Onchain
Audit Trails turns an audit history into a shared onchain object with records stored in sequence. Each record can include text or binary data, optional metadata, and an optional tag, while the trail itself stores creation metadata, operational metadata, locking configuration, roles, capabilities, and tag rules. IOTA describes the product as useful when the question is not only whether data has changed, but also who added it, under what authority, in what order, and under which lifecycle controls.
The governance model is built around role-based access control. Roles define permission sets for actions such as adding records, deleting records, managing tags, updating metadata, configuring locks, issuing capabilities, or deleting the trail. Capabilities are onchain objects that grant a role for a specific audit trail and can be restricted to a wallet address or validity window, while record tags can organize entries by category and limit which roles may write to particular sections of the trail. “IOTA Audit Trails is designed for environments where different actors have different responsibilities. A product manufacturer may write lifecycle events, an auditor may inspect records, a compliance officer may manage retention rules, and a system operator may manage tags or metadata.”
For developers, IOTA is shipping the tool through three integration paths: Move smart contracts for onchain logic, a typed Rust SDK for backend integrations, and WebAssembly bindings for JavaScript and TypeScript applications. The repository includes examples for customs clearance, clinical trials, and digital product passports, and transaction construction is kept separate from submission so teams can connect their own wallet, signing, or gas-station flows. IOTA says the toolkit can support supply chains, compliance workflows, customs processes, IoT systems, and other settings where multiple parties need to verify a single ordered record history instead of reconciling separate logs after the fact.
IOTA Audit Trails is now available for teams to test through the IOTA Notarization tooling, with deployment options on IOTA Testnet or Mainnet when projects are ready to move beyond experimentation. The release focuses on a practical enterprise use case for public-ledger infrastructure: making workflow histories independently verifiable while leaving confidential business data under application-level privacy controls.
AI Transparency Note: This article was prepared with the assistance of an AI system based on the sources listed and was reviewed, edited, and approved by a human editor before publication. All quotes, data points, and factual claims are intended to be grounded in the cited source material; however, errors cannot be ruled out entirely.