Mike Bursell

Introduction

2026 feels like an important year for Confidential Computing – one of Gartner’s top strategic technologies for the year.  There are a number of trends and developments that are converging, suggesting that there are going to be major opportunities for the industry.  These include:

• Availability of hardware – CPUs and GPUs are now well-established in hyperscalers and data centres
• Visibility – the industry seems finally to be paying attention to the capabilities that Confidential Computing provides
• Growing interest from Regulators around data-in-use protection
• AI – realisation that AI needs protection
• Digital Sovereignty – growing concerns about protecting data, applications and AI/ML models from interference from non-local actors, including governments
• Distributed trust models, including Web3.

We are also seeing, as a Consortium, increased interest from demand-side, rather than supply-side.  Of course, defining “demand-side” can be quite tricky: to a chip vendor, a hyperscaler is demand-side, whereas to a hyperscaler, the term may be better applied to a bank, who, in turn, considers demand to rest with its business customers, who themselves have consumer customers!  Most important, from the CCC’s perspective, is that there is a developing “pull” for Confidential Computing, and we must position ourselves to service and encourage this.

In December, the Governing Board agreed a budget which aims to balance revenue against spending in 2026 – over the past few years, we’ve been spending into our reserves, which had grown quite large, in part because of reduced spending over the Covid years.  One of the impacts is on events, which the Outreach committee had already identified as an area of high spend but where the ability to track return-on-investment was low.  As a result, we will be doing careful targeting of which events we sponsor and get involved with this year, in particular considering how best to address the trends noted above and driving demand-side interest.

In another move to address and develop demand-side interest in Confidential Computing, the Governing Board has agreed to constitute a new Special Interest Group around Regulatory and Standards bodies.  This will concentrate on non-technical contacts and conversations with these bodies, leveraging expertise and links within Member organisations to influence work where Confidential Computing could and should be explicitly noted, recommended or even mandated.

Focus Areas

I expect to see three main areas of focus in the work that the Consortium undertakes during 2026.  In all three cases, there is a need for general evangelisation of Confidential Computing as a relevant technology and also for engagement with appropriate bodies and organisations.  I’m also sure there will be others that I’ve failed to identify, or whose importance has not yet registered.

Regulators

Government-backed regulatory bodies provide important checks and balances across many sectors and many jurisdictions.  They also often track emerging requirements and provide guidance on best practices that are expected to become mandated in the future.  An increasing realisation of the importance of protecting citizens’ and customers’ data in all states – in transit, at rest and in use – allows the CCC to position itself as a trusted advisor to bodies considering how best to provide guidance and, ultimately, regulations around using Confidential Computing as a technology to improve the protection of data, with its unique combination of performance, confidentiality and integrity.  

Given the growth in regulations around AI and digital sovereignty, the other two areas identified for focus, we can also expect to see overlap with activities in these contexts.

AI and Agentic AI

The last year or two has seen realisation of how important security is for AI, with proof of provenance often being equally important as the confidentiality and integrity of the systems that organisations are building and hosting, not to mention with which they are interacting.  The past few months, however, have seen the promise of Agentic AI becoming a major force in our day-to-day lives, with a rapid ramping up of technical work around how such agents will work.  All Agentic AI requires identity and, like human identity, this needs to be protected.  Confidential Computing provides opportunities to safeguard Agentic AI identity cryptographically, isolating the agent from its environment and attackers.  

Digital Sovereignty

As the global political climate has evolved and governments realise that their and their businesses’ and citizens’ applications, data and, ultimately, livelihoods are intimately wound up with the interests of the organisations hosting and storing the information and applications, there has been a move to try to move the hosting and processing of that information into the control of organisations that are locally managed or governed.  This is not just about protecting data, but also key intellectual property including AI/ML models.  Given the existing geographic distribution and deployment of computing resources, moving all processing within national boundaries is often challenging and may not even be sufficient, depending on the entities operating the computing resources.  Confidential Computing offers technical controls that allow for much greater assurances and transparency around digital sovereignty by isolating the processing of data and applications from the operating environment in which they take place.

Attestation

While confidentiality and integrity remain the first properties that most users initially associate with Confidential Computing, the value of attestation is often where long-term value is realised.  The Consortium already does a great deal of work around technical approaches around attestation, including engaging with standards bodies like the IETF on protocols and primitives.  We also have a number of open source projects which focus on or revolve around attestation. 

There continues to be a need for work around business models for attestation verification services (AVSs).  This includes consideration of revenue and charging models, policy management and devolution, trust transfer and also what types of bodies should be running an AVS in the first place: not-for-profits, silicon vendors, CSPs, ISVs, banks, governments, regulators or organisations themselves.  We can expect to see more conversation around these topics as we go through 2026.

Members

The beginning of 2026 sees the CCC with a healthy set of members across multiple geographic areas, of various sizes and in different industries and sectors.  As Confidential Computing grows through the year, we need to ensure not only that we are meeting the varying needs of existing members, but also showing and growing the benefits of membership to attract new members so that we can work to improve industry knowledge and adoption of Confidential Computing.  This means looking at new sectors (e.g. AI and Web3), crafting new messaging and materials (e.g. for regulators and governments) and adapting our messaging for those on the demand-side who need to find out more about the technologies in ways that suit them.

This all requires engagement by existing members, and I plan to find ways for members, both new and established, to engage in our activities in ways that are aligned with their interests and priorities, amplifying their efforts through our communal work.

Conclusion

2026 comes with many opportunities for Confidential Computing, and for the CCC to consolidate and grow our place in existing and new industries as a trusted and maturing technology.  The number of companies already using Confidential Computing is more than most people realise, as evidenced by the IDC’s report Unlocking the Future of Data Security: Confidential Computing as a Strategic Imperative (available on our White Papers & Reports page).  We at the Confidential Computing Consortium need to spread the news, while continuing to make the technologies as attractive and easy to use as possible and providing the primitives, protocols and open source projects that ease and encourage adoption.  I look forward to working with you and your colleagues as we tackle these tasks over the next twelve months.

This year has been a big one for the Confidential Computing Consortium, with a great deal of activity in the technical, outreach and governance spheres.  The most obvious difference was the Governing Board’s decision to appoint me as Executive Director.  I’ve been involved with the CCC since its inception in a variety of roles, from Premier member representative to Treasurer to General member representative to the Governing Board.  I’m delighted to be involved, working with the many members I already knew and getting to know those I didn’t, or who have joined recently.  Another major change was that our Chair of the GB since the foundation of the CCC in October 2019, Stephen Walli of Microsoft, stepped down, handing over to the previous vice-Chair, Ron Perez of Intel.  The transition was seamless, and we thank Stephen for his amazing leadership and service and Ron for his stepping up into the role.

Member survey

One of my first actions as Executive Director was to initiate a survey to help align the activities of the Consortium with members’ priorities.  This was backed up by conversations with various members and was extremely helpful in allowing me to decide where to be putting in the most effort.  The main priorities expressed were:

• End-User involvement
• Use cases
• Regulator/standards engagement
• Industry visibility
• Increased AsiaPac activity/involvement
• Member meet-ups
• Conference speaking

The Governing Board endorsed these and they have set the scene for the work we have been doing for the second half the year and will continue into 2024.  I am planning a similar survey next year.

TAC and SIGs

The Technical Advisory Council (TAC) continues to be well-attended and the venue for much discussion, generally meeting for two hours every two weeks.  We often host presentations from external bodies or projects which are relevant or technically adjacent to Confidential Computing.  Another important task that the TAC undertakes is working with open source projects which are interested in joining the CCC.  The TAC provides technical and governance oversight and support through the process, and we currently have seven projects, with another two close to admission and at least two more going through the process.  Having a strong ecosystem of open source projects is vital for the healthy growth of Confidential Computing and is one of the core aims of the CCC.

The TAC also administers and coordinates the activities of several Special Interest Groups (SIGs).  The number of these increased to three this year: the Governance, Risk & Compliance SIG (GRC), the Attestation SIG and the Linux kernel SIG.  This last (and newest) is intended to work with the Linux kernel community to shepherd in work from members and the community and to allow communication to avoid “surprise” architectural or design changes and ease acceptance of new CC-related work.

Another important decision which is related to the work of the TAC was the decision to recruit a Technical Community Architect (TCA) to help coordinate the work of the TAC, the SIGs and the open source projects as the work they do grows.  More news on this will follow very shortly.

Brief listing of activities through the year

The Confidential Computing Consortium was involved in many activities during the year, including sponsoring, attending or participating in conferences across Europe, North America and Asia Pacific.  The list below includes most of the significant activities.

Jan/Feb

FOSDEM – Brussels
State of Open Con – London

Mar/Apr

FOSS Backstage – Berlin and online
OC3 – online
Website refresh and update
Mike Bursell appointed as Executive Director 

May

Wikipedia entry created – Confidential computing

Jun/July

Inaugural Confidential Computing Summit (250 attendees) – recordings available on-demand) and Happy Hour – San Francisco

Aug/Sep

DEFCON – Las Vegas
Diana Initiative – Las Vegas
OSS EU – Bilbao
Kubecon Asia – Shanghai

Oct/Nov

LF Member Summit – Monterey
PET Summit Asia – Singapore

Dec

OSS Japan – Tokyo

New members

We are delighted to have welcomed the following new members in 2023:

• Acurast
• BeekeeperAI
• California Health Medical Reserve Corps
• Canonical Group Limited
• Cryptosat
• enclaive
• Hushmesh
• Samsung Electronics Co. Ltd
• SUSE LLC
• Spectro Cloud, Inc.

We have a number of other organizations currently considering membership, who we hope to welcome early in 2024.

Planning for 2024

As we move into 2024, we have lots of plans to continue promoting Confidential Computing globally.  Here are some areas in which you can expect to see movement:

• Clearly definition of the benefits of membership is available on the website
• Closer work with and support for start-ups in the ecosystem
• Lots of events, including an expanded Confidential Computing Summit 
• A marketing package for events to allow quicker and further reaching involvement for all members attending
• Work on use cases
• Appearance of our new Technical Community Architect

Final word

I would like to thank everyone who has been involved in the Confidential Computing Consortium and the larger ecosystem over the past twelve months.  In particular, thank you to all those who make the CCC work through their involvement with our various committees and SIGs.  I would also like to send our best wishes to Helen Lau from the Linux Foundation who has departed (for now, we hope!) on parental leave and to thank Ben Sternthal and Riann Kleinhans for their work in supporting our mission.  Finally, may I wish you all the best for the festive season and a prosperous New Year.

Mike Bursell
Executive Director, Confidential Computing Consortium