Three category errors the blockchain industry is still making about privacy

Antoine Hello, Director, Business Development, at Zama says the industry has correctly identified privacy as the next big battleground, but has fundamentally misunderstood who the buyer is, what technology they need, and where compliance should sit.

Over the last year or so, regulators, infrastructure providers and the most influential investors in the industry have all agreed on one thing: confidentiality is essential for tokenisation and onchain finance to scale. 

That part is no longer up for debate, and more importantly, the industry’s actions now reflect this. The Ethereum Foundation has stood up a privacy team. Paxos has shipped a private, compliant stablecoin. The Office of Foreign Assets Control has lifted sanctions on Tornado Cash. Apex Group, an administrator of $3.5 trillion in assets, has committed to $100 billion in tokenized assets on a confidentiality-native ledger by June 2027.

What is up for discussion, however, is what privacy actually means in practice – and it’s this part that’s still rife with misunderstandings. In fact, much of the architecture being prescribed around this is fundamentally wrong, with many of the firms making the loudest predictions not even involved in building the answer.

In and amongst this grey area, three particular category errors inside the current privacy stack keep cropping up. Each sits in a distinct layer – how information is revealed, how private data is used and where compliance responsibilities sit – and each has already cost real money,  all while being repeated in 2026:

1. Assuming the primary buyer is the end user: First up is the fact that while much of the industry’s privacy infrastructure has been built around the idea that consumers will actively seek out private transactions and would be willing to change their wallets, networks or behaviour in exchange for greater privacy. As time has gone on, we’ve realised they’re not. In practice, most people repeatedly prioritise convenience, liquidity and low costs over confidentiality. 

Instead, the most important privacy buyers are institutions looking to bring existing financial activity onchain. A trading desk cannot expose its order flow to competitors. A corporate treasury team cannot operate with all balances and transactions visible to the market. A fund administrator cannot manage large-scale tokenised assets if every position is publicly queryable. For these organisations, confidentiality is not a feature that improves the user experience. It’s a prerequisite for participation.

The privacy thesis itself is proving correct, but what’s changed is our understanding of who is willing to pay for it and why.

1. Assuming privacy is about selective disclosure, when institutions need computation: Next up is assuming privacy is simply about revealing less information. ZKPs, for example, are an extraordinary technology, excellent for selective disclosure, such as proving someone has passed a KYC check without revealing their documents, or proving solvency without revealing every position on a balance sheet.

But this only solves part of the privacy challenge. While proving something about data is useful, many real-world institutional workflows require more than proof, they require computation. Organisations need to calculate, aggregate and process encrypted information across multiple parties while keeping the underlying data private. Selective disclosure is therefore not the end goal but one capability within a broader privacy architecture. As tokenisation matures, the systems that succeed will be those that allow encrypted data to be actively used, not simply hidden and selectively revealed.

1. Assuming compliance should be built into the protocol itself: Finally, the third is the idea that we should push compliance into the protocol via deposit screening, withdrawal screening, and selective de-anonymization. And it makes sense, to an extent. It gives regulators a controlled view, users a privacy default and the protocol a way to demonstrate good faith, and on paper, it’s one of the more thoughtful attempts to balance competing demands.

However, it’s aged badly in production for one key reason: once a protocol has the ability to decrypt transactions, that capability becomes one of the most valuable assets in the system. Regulators will want access to it, attackers will want to compromise it, even future policymakers may seek to expand its use beyond its original purpose. This twists the debate from one that’s just about privacy, to one that’s about who controls the keys, who decides when decryption is justified, and what happens when political, legal or commercial priorities change over time.

And that’s why the architecture that will hold up under regulatory and adversarial pressure has no decryption capability at the protocol level. Instead, compliance is delegated to the token issuer, which already carries the regulatory burden, already has KYC obligations, and is already the entity that regulators can subpoena directly. And decryptions, where they happen, are publicly verifiable, meaning abuse can’t be silent. It’s a structural property of the system, and it’s the property that decides whether the architecture survives the next ten years of policy change.

The reason the canonical privacy thesis still gets the architecture wrong is that the firms publishing it are largely pattern-matching from a portfolio that was assembled when privacy was a values argument addressed to retail. The 2021 bets shaped the mental model. The mental model still treats privacy as a feature consumers choose, on a chain consumers select, with compliance bolted on as a protocol module.

But, if the analysis above is right, with the privacy stack stratifying into three layers – disclosure, computation and policy – then the winners will look very different from the names currently being highlighted in 2026 outlooks.