A clear consensus is taking shape in the privacy technology market: the winner is not the most cryptographically rigorous approach, but the one that can be embedded into enterprise infrastructure without destroying product economics. That is why, in 2026, confidential computing looks like the clear frontrunner. The segment's market is already valued at $42.7 billion, and Gartner has placed it among the key technology trends.
This is no longer a niche story reserved for "especially sensitive" scenarios, it is becoming part of the baseline enterprise stack. Companies want to use external infrastructure, data, and models simultaneously, but without fully surrendering on the question of trust. Confidential computing offers a practical compromise: not eliminating trust, but relocating it into a hardware-protected environment.
That is precisely what the market is buying today.
Why Confidential Computing Is Ahead
Enterprise demand almost always chooses acceptable implementation cost over theoretical purity. If protection requires rewriting pipelines, paying a high latency penalty, or sacrificing quality, mass adoption will not follow. If privacy can be obtained almost as an infrastructure feature, scaling becomes achievable.
This is the source of confidential computing's success. For business, the model is straightforward: data and models are processed in an isolated environment, without being exposed to the cloud provider or platform operator. Against the backdrop of heavier cryptographic approaches, this looks like the best available compromise.
But this is precisely where the central uncomfortable question begins.
The Win Is Real. The Full Decoupling Is Not
Confidential computing has won the round, but it has not resolved the trust problem definitively. It does not eliminate the trust boundary, it shifts it toward the hardware vendor, the implementation, and the supply chain. That is a far less comfortable story than the market tends to present.
There have already been grounds for caution: side-channel vulnerabilities have been found in Intel SGX, and extraction attacks have been demonstrated against AMD SEV. This is why the current dominance of confidential computing looks simultaneously deserved and fragile: it is the most practical path to privacy in the enterprise, but it rests on the assumption that the hardware trust boundary will not develop a serious crack.
The history of security tends to punish precisely this kind of excess confidence.
Finland Showed: The AI Act Is No Longer a "Future Problem"
A separate signal came from Europe. In January, Finland became the first EU member state with fully operational AI Act enforcement authority. Against this backdrop, it is particularly striking that more than half of organizations still lack a systematic inventory of their AI systems, and many compliance teams continue to count on a possible extension via the Digital Omnibus until December 2027.
That bet is growing riskier. The AI Act is already transforming from a "horizon" norm into an enforceable regime. For ML teams, this means that privacy-preserving architecture can no longer be deferred: organizations will need to understand in advance which systems are in use, what personal data flows through them, and what protective measures can be demonstrated in a verifiable form.
The implication for AI startups is equally practical: the cost of informality is rising. If a company cannot explain where sensitive data travels and how exactly it is protected, this will look worse both in enterprise sales and in due diligence. Differential privacy, federated learning, and confidential computing are therefore increasingly becoming not merely technical choices, but compliance instruments.
Federated Learning Has Also Left the Mode of Promises
Against this backdrop, the Lilly TuneLab + Benchling case is particularly instructive. Eli Lilly's platform, built on research investment exceeding $1 billion, is now integrated with Benchling: more than 1,300 biotech companies can run Lilly's models for drug development, returning individual results via federated learning, while partners' data remains local and Lilly's proprietary data stays closed.
This is an important signal for the entire PPML market: federated learning increasingly looks not like a research idea or a pilot, but like a working platform model for sensitive industries.
FHE Inference Is Becoming More Visible. But This Is Still Not a Market Inflection
A telling signal of the week: the launch by Niobium Microsystems of The Fog, a cloud service that executes AI workloads on data that remains encrypted throughout computation; decryption keys stay with the client, and the provider itself never sees the plaintext. This is an important sign that FHE is gradually moving out of the zone of laboratory demonstrations and toward production platforms.
But it is too early to speak of a market inflection point. The Fog relies on the mistic Core FPGA accelerator, and the claimed twofold advantage over GPUs in fully homomorphic encryption workloads has not yet received independent verification; Niobium is simultaneously developing an ASIC in collaboration with SEMIFIVE and Samsung Foundry. It is therefore more accurate to interpret what is happening as a step toward the maturation of the field, rather than as a moment when FHE has already begun rewriting the rules of the market.
The market logic here is simple: FHE will gain strength where the level of distrust is too high even for a hardware trust boundary. But in mainstream enterprise workloads, confidential computing remains the more convenient option for now. In other words, FHE inference is not a reshuffling of the chessboard, it is the reinforcement of an important direction alongside TEEs, not instead of them.
What This Means for PPML
Strip away the noise, and the picture is clear enough.
First, privacy-preserving ML is moving out of its research reservation and becoming part of practical architecture in sensitive use cases. Second, the leader is not the most rigorous approach, but the most deployable, today that is confidential computing. Third, this leadership has a weakness: it rests on trust in hardware. And finally, regulators are beginning to generate demand not for "privacy in general," but for demonstrable, verifiable protective measures.
Conclusion
Confidential computing has genuinely won the current round. It aligns best with the real logic of enterprise adoption: clear integration, low friction, and acceptable economics. But treating this as a definitive victory would be premature.
In security, the winner is rarely the one who declared the problem solved. The winner is usually the one who understands more precisely where the trust boundary lies, and what an error in drawing it actually costs.
Sources
Gartner Top Strategic Technology Trends 2026
Niobium Launches The Fog — SiliconANGLE
Niobium Press Release — PRNewswire
Homomorphic Encryption in LLM Pipelines: Why It Doesn't Work — Protecto
Benchling + Lilly TuneLab — Benchling News
Lilly TuneLab Launch — TipRanks
EU AI Act Compliance Guide 2026 — SecurePrivacy
EU AI Act: 6 Steps to August 2, 2026 — Orrick
EU AI Act Compliance Timeline — GDPR Register
Confidential Computing Market Forecast — Fortune Business Insights
