ICP Introduces TEE Subnet To Enable Secure, Enterprise‑Grade On‑Chain Computation

In Brief

The Internet Computer’s approval of Proposal 140407 establishes its first TEE‑enabled subnet, introducing hardware‑level confidentiality and paving the way for secure, enterprise‑grade on‑chain computation.

Internet Computer Protocol announced that Proposal 140407 has been approved, establishing the network’s first TEE‑enabled subnet and marking a significant step toward what the project describes as “hardware‑rooted trust” for enterprise‑grade blockchain adoption

The upgrade introduces a new security model intended to address longstanding limitations in both cloud infrastructure and decentralized networks.

The newly activated subnet launches with a cluster of seven nodes and represents a shift from software‑based protections to a system in which confidentiality is enforced at the hardware level. For the first time on the Internet Computer, canisters operating within this environment can run in a state of full confidentiality, ensuring that internal data remains inaccessible not only to external observers but also to the nodes executing the code.

TEEs Introduce Hardware‑Rooted Confidentiality To Enable Secure On‑Chain Computation

Trusted Execution Environments, or TEEs, are designed to mitigate a core vulnerability in conventional computing models. Under standard conditions, data must be decrypted in a server’s memory during processing, creating a moment in which sensitive information can be exposed to malicious administrators or compromised infrastructure. A TEE, such as the AMD SEV‑SNP technology implemented in this subnet, isolates computation within a protected enclave inside the processor. This allows data to be decrypted only within the processor die, prevents the operating system or hardware owner from accessing the enclave, and enables remote attestation to verify that the code running inside has not been altered.

The introduction of TEEs is positioned as a major development for the Internet Computer, which already distinguishes itself by hosting full applications on‑chain. Until now, applications involving highly sensitive information—such as medical data, proprietary algorithms, or private communications—required trust in decentralized node providers. With TEE‑based execution, that trust requirement shifts from the operator to the hardware itself, opening the door to new categories of enterprise and privacy‑sensitive use cases.

Among the applications highlighted are confidential on‑chain AI models, where both user inputs and model parameters remain hidden from node operators, and enterprise deployments that must comply with strict data‑protection regulations such as GDPR or HIPAA. The new subnet is currently operating as a controlled test environment with seven nodes, fewer than the standard thirteen, due to the higher security guarantees provided by TEEs. Access is restricted while developers gather operational experience and prepare for broader availability.

According to the project’s roadmap, TEE‑enabled subnets are expected to become a standard option for developers. Future deployments may allow canisters to be launched on either public subnets or confidential TEE subnets depending on application requirements. The upgrade is described as a foundational step toward expanding the Internet Computer’s capabilities and offering a privacy‑preserving environment within its broader “world computer” architecture.