The framing you bring from public chains, that "permissioned" is a polite word for "centralised database with a hash function bolted on", is wrong, and it will hurt you in client meetings. Permissioned chains are not failed public chains. They are the design banks would have built if Satoshi had asked them what they wanted in the first place. The interesting question is never "is it decentralised enough". It is who can write, who can read, and who governs the set of writers. Once you internalise that, every other architectural choice on Canton, Hyperledger Fabric, R3 Corda, or DAML stops looking arbitrary and starts looking like a direct response to a regulatory obligation.

Definition

A permissioned blockchain is a ledger where participation in the validator set, and usually in the read set, is gated by some form of credential. The credential might be a contract signed with a consortium operator, a regulatory licence, a membership in an industry body, or a notary registration with a central securities depository (CSD). What matters is that no one writes to the ledger anonymously, and no one reads from it without an entitlement.

That is the technical definition. The governance definition is more useful. A permissioned chain is a ledger whose validator set is subject to off-chain accountability. If a validator misbehaves, you do not slash their stake. You sue them. You revoke their licence. You take them to a regulator. The cryptography sits on top of a contract stack, not the other way round. The BIS CPMI's 2024 tokenisation taxonomy lands in roughly the same place, treating the link between a digital representation and the legal claim as the load-bearing piece, with the chain's permissioning model a downstream consequence of where that link is enforced.

The spectrum

There is a spectrum here, and conflating the ends of it is the single most common mistake.

On one extreme you have a single-operator chain run by a bank for its internal balance sheet, which is functionally a database that happens to use Merkle trees and call itself a chain. On the other you have something like Canton (production worked example: Canton Network), with dozens of independent validator operators including custodians, exchanges, asset managers, and infrastructure providers, no single party able to censor or roll back, and a governance layer that looks more like ICANN than like a corporate IT department. The Quorum-derived permissioned EVM rail underneath Kinexys, and the Provenance Blockchain securitisation network, sit at intermediate points on the same spectrum. All are "permissioned". Treating them as the same category is like treating a Solana validator and an Ethereum L2 sequencer as the same thing because they both produce blocks.

The relationship to public chains is not adversarial. Most of the institutional projects that started on permissioned rails in 2018 to 2022 are now actively building bridges to public chains, either as settlement endpoints or as distribution venues for tokenised assets. The two stacks are converging, not competing. What permissioned offers is a perimeter inside which regulatory obligations can be discharged with cryptographic certainty. What public offers is global, censorship-resistant settlement. Most serious tokenisation programmes in 2026 use both, a pattern the BIS Annual Economic Report 2024 chapter on tokenisation describes as the unified-ledger direction of travel rather than a fork between two camps.

Why this framing matters

If you walk into a regulator briefing carrying the public-chain definition of decentralisation, you will spend the first half of the meeting arguing about a question the regulator does not care about, and the second half realising they have already approved three permissioned chains operating to a different definition. The right working assumption is that "permissioned" is a question about credentialing and accountability, not about the count of validators. A network with fifty independent validators across ten regulators is decentralised in every operational sense that matters for systemic-risk analysis. A network with three is a consortium with extra steps. The number is not the load-bearing piece. The off-chain accountability stack is.

The next part picks up the mechanics: how validators are selected and admitted, why deterministic Byzantine fault tolerant consensus is the default for institutional settlement rather than a stylistic choice, and what each consensus family actually buys you on the regulatory ledger.