THE LINUX FOUNDATION PROJECTS

Data is only as
safe as how it’s
being processed

Confidential Computing protects data while it’s in use — Closing a data security gap that storage and network encryption leave exposed. The Confidential Computing Consortium (CCC) is the organization dedicated to advancing and standardizing the technology.

See What It ProtectsFor Developers & Technical Teams
40+ Member Organizations
CCC Member Landscape
Benefits of Confidential Computing

Who needs to understand this — and why now

Most executives have secured data at rest and in transit. Confidential Computing closes the third gap: data while it’s being actively used by AI, analytics, and cloud workloads.

CEO / Board

Protect the business from liability you don’t know you have

When sensitive customer or financial data is processed in the cloud, it’s briefly decrypted. That gap is your regulatory exposure — and your AI vendor’s attack surface. Confidential Computing (CC) closes it.

CFO / CCO / Legal

Turn compliance from friction into a competitive advantage

GDPR, HIPAA, SOC 2, PCI-DSS — all assume your data is exposed during processing. CC makes compliance by design achievable, reducing audit burden and the cost of breach response.

CDO / Head of Partnerships

Share data to create value — without giving it away

Joint AI models, cross-institution fraud detection, collaborative clinical trials — all require data sharing that today creates unacceptable risk. CC enables multi-party collaboration with verifiable trust.

CTO / Architects

Trusted Execution Environments (TEEs) in production

Hardware-enforced enclaves (Intel TDX, AMD SEV, ARM TrustZone) create isolated execution contexts where even the hypervisor and cloud provider can’t inspect running workloads. CCC maintains the open standards making these interoperable.

CISO / Security Teams

Shrink your attack surface to hardware-root-of-trust

Limit privileged access exposure, insider threats, and hypervisor vulnerabilities in a single architectural move. CC moves trust anchors into silicon, anchor confidentiality in hardware-backed isolation.

Developers

Build on open specifications, not proprietary lock-in

The CCC maintains open-source SDKs, attestation specifications, and frameworks (Enarx, Gramine, Open Enclave) so your CC implementations are portable across hardware and cloud providers.

Industry Use Cases

How can your organization benefit
from Confidential Computing?

Move fast on AI without increasing systemic risk

“We can grow digital finance without fear.”

Banks face extreme regulatory pressure, growing fraud vectors, and mounting dependency on AI — all while handling the most sensitive financial data on earth. Cloud migration requires new set of data security standards by the inability to process data without exposure.

  • Secure fraud detection across institutional networks
  • Collaborative risk modeling without raw data sharing
  • AI model training on customer data without exposure
  • Cloud migration with regulatory defensibility
  • Lower breach probability, safer fintech partnerships

Read the banking use case →

Save lives without compromising privacy

“Unlock life-saving insights while safeguarding patient trust.”

Healthcare sits at the sharpest edge of the data privacy paradox: the more data shared between hospitals, labs, and pharma companies, the faster lives are saved — but patient privacy and data sovereignty laws make that sharing impossible today.

  • Hospitals collaborate without sharing raw patient records
  • AI diagnostics trained without exposing personal health data
  • Cross-border pharmaceutical trial data analysis
  • Regulatory compliance by design (HIPAA, GDPR, DPDP)
  • Faster drug discovery with fewer ethical compromises

Read the healthcare use case →
Read the pharmaceutical use case →

Compete while respecting users

“Power precision advertising in a privacy-first era.”

Third-party cookies are gone. Privacy regulation is tightening globally. The $600B digital advertising industry needs a new infrastructure for audience measurement and targeting — one that can’t be built on shared user-level data.

  • Advertisers and publishers match audiences without exposing user data
  • Clean rooms become verifiable and tamper-resistant
  • Data collaboration without leakage
  • Enables post-cookie targeting at scale
  • Preserves monetization models · Maintains advertiser trust

Read the AdTech use case →

Deploy AI in government without sovereign risk

“Serve citizens better without exposing state data.”

Government agencies need AI to operate efficiently but cannot use commercial cloud without risking exposure of national security data, citizen records, or critical infrastructure intelligence. Data Sovereignty requires verifiability via attestation.

  • AI workloads run in sovereign, hardware-isolated enclaves
  • Multi-agency data sharing with cryptographic audit trails
  • Classified data processing in commercial cloud
  • Supply chain integrity verification for critical software
  • Zero-trust architecture anchored to hardware root of trust
⚠️ The AI Era Demands Stronger Data-in-Use Security

AI is Accelerating the Urgency of Data-in-Use Protection

AI models can now autonomously discover thousands of vulnerabilities and complete sophisticated multi-step network attacks. The window to harden your data processing architecture is narrowing.

Read the Report

87%

of organizations with inadequate protection against outside attackers, directly threatening AI models and inference pipelines

44%

of organizations merging sensitive datasets for AI without the in-use encryption to protect them during computation

83%

organizations exposed to insider threats, a critical vulnerability when proprietary models and training data sit in unprotected memory

Working Groups

How the CCC advances Confidential Computing ecosystem

The CCC operates through focused working groups where engineers, architects, and policy makers from member organizations collaborate on open specifications, implementations, and advocacy.

Technical Advisory Council
The Technical Advisory Council (TAC) oversees the technical direction of the CCC, manages open source projects, evaluates new proposals, and ensures interoperability across hardware architectures. It’s the engine of technical collaboration.

Open Standards · Attestation · Interoperability · Architecture Review

Special Interest Groups
Special Interest Groups (SIGs) go deep on specific problem spaces — from attestation and governance, risk & compliance (GRC) to Linux kernel integration and trusted workload identity. Each SIG produces specifications, reference implementations, and educational materials.

AI/ML Security · Supply Chain · Multi-Party Compute · Attestation Services

Outreach Committee
Expanding CC awareness beyond technical audiences — developing business cases, industry messaging, community events, and educational resources that help decision-makers in regulated industries understand and adopt CC technology.

Business Cases · Industry Events · Education · Marketing

Regulatory & Standards Special Interest Group
Engaging regulators, standards bodies, and policymakers to ensure CC-aligned requirements appear in compliance frameworks, procurement requirements, and legislation globally — from NIST to EU AI Act to DPDP.

NIST · EU AI Act · Procurement · Regulatory Engagement

Explore All Working Groups
Projects

Open source innovation for confidential computing.

Certifier Framework For Confidential Computing

The Certifier Framework for Confidential Computing consists of a client API called the Certifier API and server-based policy evaluation server called the Certifier Service.

Learn More · GitHub

COCONUT-SVSM

The COCONUT-SVSM is an implementation of a Secure VM Service Module for confidential computing virtual machines (CVMs).

Learn More · GitHub

dstack

dstack is a developer-friendly and security-first SDK that simplifies the deployment of arbitrary containerized applications into Trusted Execution Environments.

Learn More · GitHub

Enarx

Enarx provides a platform abstraction for Trusted Execution Environments (TEEs) enabling creating and running “private, fungible, serverless” applications.

Learn More · GitHub

Gramine

A particular use case for Gramine is Intel Software Guard Extensions (SGX), where applications do not work out-of-the-box. Gramine solves this problem, with the added security benefits. Gramine can serve as a compatibility layer on other platforms.

Learn More · GitHub

Islet

Islet is an open-source software project written in Rust that enables confidential computing on ARM architecture devices using the ARMv9 CCA. The primary objective of Islet is to enable on-device confidential computing and protect user privacy on end user devices.

Learn More · GitHub

Keystone

Keystone is an open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture. Our goal is to build a secure and trustworthy open-source secure hardware enclave, accessible to everyone in industry and academia.

Learn More · GitHub

ManaTEE

ManaTEE is an open-source project for easily building and deploying data collaboration framework to the cloud using trusted execution environments (TEEs). It allows users to easily collaborate on private datasets without leaking privacy of individual data.

Learn More · GitHub

Occlum

Occlum makes running applications inside enclaves easy. It allows one to run unmodified programs inside enclaves with just a few simple commands. And Occlum is open-source and free to use.

Learn More · GitHub

Open Enclave SDK

Open Enclave SDK is an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction.

Learn More · GitHub

SPDM Tools

This project provides a Rust language implementation of SPDM, IDE_KM and TDISP. These protocols are used to facilitate direct device assignment for Trusted Execution Environment I/O (TEE-I/O) in Confidential Computing.

Learn More · GitHub

Veracruz

Veracruz is a research project exploring the design of privacy-preserving distributed systems. Veracruz uses strong isolation technology and remote attestation protocols to establish a “neutral ground” within which a collaborative, multi-party computation between a group of mistrusting principals takes place.

Learn More · GitHub

Veraison

Project Veraison builds software components that can be used to build an Attestation Verification Service.

Learn More · GitHub

VirTEE

VirTEE is an open community dedicated to developing open source tools for the bring-up, attestation, and management of Trusted Execution Environments.

Learn More · GitHub

Resources

Start where you are

Guide · Business Leaders
📋

The Executive’s Guide to CC

Board-ready framework for understanding the regulatory, financial, and competitive implications of data-in-use risk.

Read Guide

Technical Spec

📄3 Degrees of Confidential Computing

The security benefits of Confidential Computing increase with the level of integration.

Read Technical Spec

Read More Documentation

Featured Blog
🔬

Sweden’s DPA Issues Guidance on Trusted Execution Environments

Report represents a significant step forward for Confidential Computing adoption across regulated industries.

Read Blog Post

Read More Blogs

Membership

The organizations protecting tomorrow's data are building the ecosystem today

Join the Confidential Computing Consortium to collaborate on open source projects, protocols and frameworks, and give your customers the credibility signal of CC-aligned architecture.

Apply for MembershipDownload the membership overview