Building Permissioned Blockchains with Solana Permissioned Environments
/Research

Building Permissioned Blockchains with Solana Permissioned Environments

22 min read

Introduction

While Solana’s mainnet often takes center stage, it represents just one deployment of the broader Solana Virtual Machine (SVM). Underneath, Solana’s high-performance execution environment powers a growing ecosystem of private, permissioned appchains purpose-built for enterprise, regulatory, and application-specific use cases.

These deployments, known as Solana Permissioned Environments (SPEs), utilize the advanced capabilities of the SVM, including parallel execution, local fee markets, and token extensions, within controlled and customizable infrastructures. SPEs benefit from Solana’s high-performance and robust developer tooling while enabling fine-grained control over consensus participants, data visibility, and compliance frameworks. 

In contrast to public blockchains, SPEs offer the trust boundaries and governance flexibility required by sectors like banking, capital markets, payments, and real-world assets. In these domains, privacy, compliance, and counterparty risk management are non-negotiable.

Take Europe’s General Data Protection Regulation (GDPR) as an example: it strictly controls how and where European Personally Identifiable Information (PII) can be processed. Companies like Google and Meta have faced significant penalties for GDPR non-compliance. The bar is even higher for financial institutions, which are subject to closer scrutiny and stiffer fines. Additionally, regulators in non-EU jurisdictions may prohibit EU-based infrastructure from processing their citizens’ sensitive information, creating complexity that globally distributed permissionless chains may struggle to handle.

This creates a need for localized enforcement at the scheduler, runtime, or application layer, where regulated entities can comply with laws tied to licensure and jurisdiction. In this context, Know Your Customer (KYC) and Know Your Business (KYB) are table stakes. Institutions often require deeper integration with compliance frameworks such as Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and data residency controls. On public mainnets, even one non-consenting or unverified node can pose a liability, particularly when validators are distributed globally across legal jurisdictions and unbound to a unified compliance regime.

SPEs offer a compliance-friendly appchain architecture that enables institutions to meet regulatory requirements, reduce counterparty risks, and lower operational costs through auditable on-chain logic. As institutions look to adopt tokenized assets, programmable finance, and distributed infrastructure, Solana Permissioned Environments bridge the gap between blockchain innovation and enterprise-grade assurance.

This article offers a comprehensive exploration of SPEs and their benefits. It is organized into three core sections:

  • Overview of Solana Permissioned Environments – outlines the key distinctions between SPEs and Solana mainnet, emphasizing the enhanced flexibility and configurability SPEs provide for specialized deployments.
  • Solana Permissioned Environment Case Studies – showcases real-world examples of SPEs, detailing current production deployments and their application across various industries and use cases.
  • The Next Wave: SPEs for Digital Platforms – explores future directions and how SPEs could power the next generation of platform infrastructure.

Although the sections are designed to be read sequentially for a complete understanding, each is self-contained and can be read independently.

Overview of Solana Permissioned Environments

An SPE is a fully sovereign blockchain built on the Solana tech stack. It retains Solana’s core advantages, including high throughput, parallel execution, fast finality, low fees, and minimal environmental footprint while operating independently from Solana’s mainnet. Unlike rollups or batchers, SPEs and appchains do not rely on mainnet for data availability or settlement, enabling complete autonomy and configurability.

Because SPEs run on the Solana Virtual Machine (SVM), they benefit from the full suite of Solana’s open-source developer tooling. This includes cost-saving technologies like state compression and Solidity compatibility for cross-ecosystem portability, as well as enterprise-grade token standards like Token-2022, which is purpose-built for regulated environments. At the same time, SPEs offer a high degree of configurability, enabling tailored appchain deployments to meet the specific needs of a wide range of enterprise applications.

The table below highlights key differences between Solana mainnet and SPEs, demonstrating the customizable nature of permissioned environments.

Solana Mainnet

Solana Permissioned Environment

Gas Token

SOL

Customizable (e.g., stablecoin)

Blockspace

Shared

Dedicated

Block times

~400 ms

Customizable 

(within technical limitations)

Validator Set

~1,300 globally 

distributed validators

Self-operated/curated

Access

Permissionless, open to anyone

Typically permissioned

Composability

Fully composable with the broader Solana ecosystem

Isolated, non-composable with Solana mainnet applications

Governance

On-chain voting + 

Off-chain social consensus

Customizable by the 

environment operator

Visibility

Public and transparent

Can be private or restricted

Security Model

Economic security via staked nodes and decentralized consensus

Security defined by the operator
(may not rely on staking)

Upgrade Process

Coordinated through core development teams and validator set consensus

Guided by the

environment operator

Validator Clients

Agave, Jito, Firedancer
Mods must maintain consensus compatibility

Forks open to 

custom modification

Interoperability

Robust selection of 

bridging providers

Requires custom bridges 

or connectors

Let’s examine each of these factors individually.

Gas Token

With public blockchains, native tokens typically serve as economic incentives and an anti-spam mechanism, with users paying gas fees to transact. These tokens are publicly tradable and typically volatile in price. In contrast, Solana Permissioned Environments (SPEs) support highly customizable transaction fee logic that better aligns with enterprise requirements.

  • Some SPEs eliminate end-user transaction fees entirely, relying instead on gas tokens with no economic value as purely access control tools for transaction submission or validation rights.
  • Micro-fees can be implemented for specific functions, such as API metering or rate limiting, providing flexibility without compromising usability or compliance. 
  • Another approach is to use enshrined gasless relayers, which can cover transaction costs, removing the need for regulated entities to hold volatile crypto assets on their balance sheets.

Block times

Solana’s standard block time is approximately 400 milliseconds. However, with SPEs, block times are more configurable and can be tuned based on the deployment's specific performance, hardware, and network requirements. For example, Iron, a stablecoin infrastructure provider, configures its Iron Chain SPE with a ~2-second block time to accommodate the atomic execution of complex cryptographic operations.

Validator set control

SPEs offer granular control over the network’s validator set and physical infrastructure, allowing operators to design their networks according to specific trust, compliance, and operational requirements. Validators can be self-hosted for maximum control or delegated to a trusted consortium of partners with clearly defined roles. Through validator whitelisting, operators ensure that all participants are known, vetted, and compliant with relevant regulatory standards. SPEs can be deployed in local environments for testing and development, within custom infrastructure, or through SPE service providers like Helius, who offer managed node deployment and operational support.

Access

SPEs provide control over who can access and interact with the network, enabling deployments tailored to a wide range of regulatory, geographic, and security requirements. Operators can implement geofencing, compliance gating, or custom access logic at the smart contract level. SPEs can be configured as fully private, opt-in public, or hybrid environments, depending on the desired level of openness. 

In short, SPEs empower you to define and enforce precise participation rules, ensuring that only authorized and compliant entities can interact with the network.

Composability

SPEs generally operate as isolated appchains, separate from Solana mainnet and other networks. This means they lack native composability with applications or liquidity on mainnet. However, SPEs can support mirrored deployments of public Solana programs, allowing developers to replicate mainnet functionality within a controlled, private setting. Programs can be trivially cloned between environments, and when sourced from battle-tested mainnet implementations, they offer strong reliability and security assurances.

Governance

On Solana's mainnet, governance is driven by a combination of on-chain stake-weighted voting and off-chain social consensus formed through public forums and community discussions. 

In contrast, SPEs offer flexible governance models. They can be centrally managed by a single environment operator or jointly controlled by a consortium of trusted entities. This allows for implementing administrative features such as emergency pause mechanisms, custom governance hooks, and restricted minting policies tailored to the environment's specific needs.

Visibility

Solana mainnet is an open and transparent network where data is publicly accessible by default. Privacy-enhancing solutions like Confidential Transfers and Arcium can add layers of confidentiality where needed. In contrast, SPEs can be configured to offer fine-grained control over data visibility, restricting access to authorized participants. This capability is essential for regulated financial institutions, where confidentiality is a strict compliance requirement, especially in cross-border and inter-institutional transactions.

Security Model

Solana mainnet operates under a delegated Proof-of-Stake (PoS) model, where participants stake SOL to validators, providing economic security and aligning incentives for honest behavior. 

In contrast, SPEs offer flexible security configurations. Operators can choose from a range of consensus mechanisms—or even forego staking entirely—depending on the specific requirements of their use case, such as performance, trust assumptions, or regulatory constraints.

Upgrade Process

Solana’s core development teams regularly release updates to the open-source client software. Consensus-breaking changes are introduced via scheduled feature gate activations, ensuring coordinated network upgrades. As new feature gates are enabled, the network's minimum supported version—the version floor—is raised to reflect the release containing those features. 

With SPEs, upgrade control rests with the operator. They can decide when, or if, to adopt new features and may choose to implement only critical security patches while foregoing broader protocol changes to maintain stability or meet compliance requirements.

Validator Clients

Solana's mainnet supports three validator clients: Agave, Jito, and Firedancer. While operators frequently customize these clients, modifications are constrained to ensure compatibility with the network’s consensus rules.

SPEs, however, expand the boundaries of customization. Because they operate independently of Solana’s mainnet, SPEs allow deep modifications to core validator software and protocol parameters. Operators can increase transaction size limits, disable voting transactions entirely, or adjust system behavior to fit application-specific needs.

Interoperability

SPEs are generally designed to operate in isolation, providing secure, controlled environments. However, SPEs can connect to Solana mainnet or other blockchain networks when interoperability is required through cross-chain messaging and bridging solutions such as Wormhole or LayerZero. These tools enable messaging, asset transfers, data sharing, and program interactions across environments.

Levels of Integration

SPEs can be adopted with various levels of complexity and customization to meet an organization’s specific use case and technical requirements. It's helpful to view SPE implementation as a progression through distinct, non-exclusive levels of integration. This approach allows organizations to start with a minimal appchain setup and scale over time as their use cases mature and their technical capabilities grow.

Level 1: Native Tokenization

The most accessible entry point into SPE integration is issuing and managing custom tokens representing, for example, real-world assets, stablecoins, digital rights, or credits. This approach is ideal for organizations seeking to leverage Solana’s high throughput and low fees for straightforward tokenization use cases. Implementation is simple, relying on the well-established Solana Program Library (SPL) token standard and existing tooling.

SPEs can further enhance this model through Solana Token Extensions, which introduce advanced capabilities critical for enterprise and regulated environments. 

These include:

  • Built-in privacy controls for confidential transfers
  • Permanent delegation mechanisms for custodial or managed accounts
  • Native metadata support for asset identification
  • Stablecoin configuration tools for issuer-controlled monetary policy

Such features allow SPEs to support sophisticated and compliant financial applications without requiring custom program development. 

Furthermore, multiple top security firms, including Halborn, Zellic, NCC, Trail of Bits, and OtterSec, have thoroughly audited Solana Token Extensions.

Level 2: Leveraging Existing Solana Programs

Organizations can enhance SPE functionality by deploying and integrating open-source, battle-tested Solana programs. These pre-built modules, some of which are found in the Solana Program Library, facilitate more complex operations with minimal development overhead.

Examples include token escrow, vesting schedules, governance modules, and decentralized exchanges. This level offers a strong balance between functionality and ease of implementation.

Level 3: Developing Custom Programs

Custom programs offer complete flexibility for organizations with specific business logic, compliance requirements, or advanced functionality needs. This level allows you to design and deploy bespoke on-chain applications, integrate advanced privacy features, enforce regulatory policies, or even implement custom consensus rules.

Developing custom programs requires expertise in Solana development, including the Solana runtime and managing the program lifecycle. Programs, while typically written in Rust, can be in any programming language that targets LLVM's BPF backend, including C and C++. This unlocks the full potential of SPEs as highly tailored, sovereign environments built to exact specifications.

Solana Permissioned Environment Case Studies

This section explores prominent examples of SPEs, showcasing the diverse use cases and specialized requirements they serve. These case studies highlight real-world examples of how SPEs as permissioned appchains can be tailored for high-performance, application-specific demands.

  • Spherenet: A next-generation payments protocol developed by Sphere, built to support fast, programmable, and compliant digital payments.
  • Pythnet: A decentralized price oracle network operated by Pyth, designed to aggregate real-time price data securely.
  • Iron Chain: A global network providing crypto-friendly, regulated banking and payment rails across multiple jurisdictions.
  • Solstice: A tokenized asset network by Rimark, focused on bringing real-world assets onto the blockchain in a secure, scalable environment.
  • Powerledger: A DePIN (Decentralized Physical Infrastructure Network) project enabling peer-to-peer electricity trading with localized energy markets.
  • Alphaledger: A financial infrastructure platform pioneering the tokenization of municipal debt.
  • Koii: A decentralized compute network optimized for distributing tasks and rewards.

Together, these implementations illustrate the flexibility and power of SPEs to deliver custom consensus, access control, and economic models across various use cases and requirements.

Spherenet (Sphere)

Spherenet, developed by Sphere in collaboration with Anza, is a purpose-built SPE designed to meet the complex demands of financial institutions. Positioned as a compliance-first, payment-focused distributed ledger, Spherenet offers a regulated, privacy-preserving alternative to public blockchain networks, bridging the gap between traditional financial systems and blockchain-enabled infrastructure.

At its core, Spherenet is a dedicated account-to-account ledger tailored for regulated entities to conduct international payments with speed, transparency, and trust minimization. It leverages the performance of the SVM while incorporating fundamental changes to governance, consensus, and compliance to ensure compatibility with global financial regulations, particularly for cross-border transactions in emerging markets.

Natively Compliant Ledger Architecture

Spherenet enforces a mandatory account classification standard that allows granular classification of active accounts—for example, by jurisdiction. This enables the automatic enforcement of local and global compliance requirements and payment logic, ensuring that regulated institutions fully comply with relevant laws without the need for complex external tooling.

Permissioned Validator Set and Federated Governance

The validator set is permissioned and curated, with the Sphere Foundation initially managing participation. Over time, this control will be handed over to a federated governance model that includes geographically distributed institutional partners. To ensure separation of concerns, validators focus on maintaining the network’s technical integrity and performance, while governance takes on responsibility for key executive and regulatory decisions—including handling compliance escalations.

Selective zkTLS Enforcement

To support European data sovereignty requirements, Spherenet facilitates the enforcement of zkTLS (Zero-Knowledge Proof over TLS) by its European partners, making it as seamless as possible for them to meet regulatory obligations, while avoiding unnecessary overhead for participants in other jurisdictions.

Gasless Transactions and Sanction Screening

Enshrined gasless relayers allow entities to transact without holding volatile assets, reducing treasury management burdens. In addition, native sanction screening, automated AML/KYC processes, and suspicious activity reporting are built into the transaction lifecycle.

Bridging and Funding Mechanisms

Spherenet includes support for bridging stablecoins between internal and external networks through fulfillment auctions and a prover-attestation model. This enables fiat on-ramps to interact securely with the digital ledger while maintaining auditability.

Pythnet (Pyth)

Pythnet was the first Solana Permissioned Environment (SPE) to launch in production. Purpose-built for the Pyth Network, it serves as a secure, high-performance computation layer for aggregating real-time price data from diverse financial data providers.

Operating as an application-specific blockchain (appchain), Pythnet enables Pyth to combine individual price submissions into a single, trusted aggregate for each feed. This aggregation process ensures that accurate, reliable, and up-to-date pricing information is available across all supported platforms and blockchains.

At the time of writing, Pythnet delivers 1,374 price feeds spanning crypto, equities, FX, commodities, and rates, distributing this data to over 100 blockchains and platforms, including OpenBB and TradingView.

Why Pyth Chose a Solana SPE

Several factors influenced the decision to build Pythnet on a permissioned version of Solana:

  • Low latency: Solana’s 400ms block times enable Pythnet to produce high-frequency price updates with minimal delay.
  • Flexibility and control: especially regarding gas configuration and the cost of deploying applications.
  • Strong developer community: Solana is known for its strong, collaborative developer community; Pythnet benefits from this wealth of shared knowledge and open-source tooling.

Consensus & Governance

Pythnet runs a proof-of-authority (PoA) consensus model, operated by a trusted set of validators, each representing a data provider in the Pyth ecosystem. While only permissioned entities can publish data, the resulting price feeds are publicly accessible, enabling broad reuse.

Governance is managed by the Pyth Data Association DAO, which oversees the delegation of validator roles to data providers based on stake, reputation, and operational reliability.

To control participation, Pythnet uses a native token called PGAS, which is required to pay for transaction fees within the environment. PGAS functions as an access control token rather than a tradable asset. Its sole purpose is to gate publishing and validation rights.

Iron Chain (Iron)

As an API-first stablecoin infrastructure platform, Iron is building a global network of crypto-friendly banking and payment rails designed to bridge the gap between traditional finance and on-chain finance. At the heart of Iron’s architecture is Iron Chain, a purpose-built SPE. In a media interview, Iron Founder and CEO Max von Wallenberg shared the rationale behind choosing an SPE, stating:

“We today don’t see any other chain or environment that can give us enterprise-grade performance + concealed token standards (out of the box) + high throughput + fast settlement time + an accessible team like the Solana Foundation.”

Iron Chain is designed to solve one of the most pressing challenges for institutional adoption: confidential and composable transactions. Iron Chain supports confidential on-chain activity while preserving atomicity and interoperability. This is enabled through confidential transfers and Fully Homomorphic Encryption (FHE), which allows for secure and private computation without sacrificing composability. 

Validators in Iron Chain are required to run GPU-enhanced setups to support computationally heavy FHE operations. Accordingly, Iron Chain uses longer block times of around 2 seconds (compared to Solana mainnet’s 400ms) to allow for the atomic execution of advanced cryptographic operations. Iron is also developing a bridge to facilitate seamless liquidity transfer between Solana mainnet and Iron Chain, ensuring tight alignment with the broader Solana ecosystem.

In March 2025, MoonPay, a leading crypto onramp and payments infrastructure provider, acquired Iron in a deal valued at over $100 million. This strategic acquisition strengthens MoonPay’s position as a frontrunner in enterprise-grade stablecoin solutions.

Solstice (Rimark)

Rimark’s Solstice Protocol redefines how deposit tokens are issued, processed, and reconciled through a hybrid architecture that bridges traditional banking systems and decentralized finance. 

Built on a foundation of quantum-resilient cryptography, the Solstice Protocol enables real-time, secure, and compliant settlement across both on-premise infrastructure and decentralized networks. At the core of the protocol lies a dual-component design:

Solstice Core

An air-gapped, on-premise system deployed within banks for transaction initiation, processing, and cryptographic signing. Core enforces data sovereignty and ensures operational security using post-quantum cryptography.

Transactions initiated within Solstice Core are subject to a multi-layered cryptographic stack:

Solstice Network

A decentralized settlement layer built using an SPE. It manages global reconciliation, liquidity, and external-facing financial operations.

The Solstice Protocol’s integrated post-quantum cryptographic primitives ensure that all assets, messages, and financial interactions remain secure in the face of quantum computing advancements.

Powerledger

Powerledger is a pioneering Decentralized Physical Infrastructure Network (DePIN) project that enables peer-to-peer energy trading and real-time tracking of environmental assets.

Initially launched as an SPE in July 2023, Powerledger migrated to Solana mainnet in late 2024, bringing its energy-focused applications to the broader public chain ecosystem.

Powerledger supports high-frequency micro-transactions with low fees, critical for real-time energy marketplaces. Through a transparent and efficient system, users can track energy consumption, trade renewable energy certificates, and manage carbon credits. 

Its platform is used by utilities, governments, and large corporations worldwide to trace and trade every kilowatt hour of energy, giving individuals and institutions more control and visibility over energy flows.

Powerledger chose Solana because of its energy-efficient proof-of-stake architecture, which aligns with its mission to build a sustainable digital infrastructure. Solana’s low-energy footprint and high throughput make it an ideal foundation for a platform that aims to modernize global energy systems without contributing to the problem it seeks to solve.

Alphaledger

Alphaledger is a U.S.-based blockchain startup pioneering the tokenization of real-world assets, with a strong focus on municipal debt. As a vertically integrated platform with a registered broker-dealer and transfer agent, Alphaledger enables the compliant issuance and management of blockchain-based securities. The company gained industry recognition by issuing the first U.S. municipal bond on a blockchain using its own permissioned infrastructure. To date, it has supported over $800 million in asset tokenizations. Alphaledger recently completed a $9.5 million Series A round led by EJF Capital, following a $6 million seed round in 2021.

In early 2025, Alphaledger joined Solana Incubator Cohort 2 to explore how Solana’s high-performance blockchain can support secure, scalable municipal bond tokenization in a permissioned environment. Their integration of traditional finance workflows with blockchain infrastructure positions Alphaledger as a bridge between established financial markets and emerging on-chain ecosystems. 

With SPEs, Alphaledger aims to decentralize access and ownership of municipal debt while maintaining the compliance and control needed for regulated asset issuance.

K2 (Koii)

Koii is a decentralized, community-owned infrastructure layer that transforms idle consumer compute into a robust hosting and application development network. Targeting the growing demand for decentralized, censorship-resistant services, Koii enables many applications, from decentralized streaming platforms and AI-driven search engines to social media alternatives free from centralized control. By tapping into the underutilized capacity of everyday consumer hardware, Koii offers a novel approach to DePIN, driving both efficiency and equity in the digital economy. 

At the heart of Koii’s infrastructure is K2, its blockchain settlement layer designed as a high-speed messaging hub for the network. Built on a customized, permissioned implementation of the Solana Virtual Machine (SVM), K2 leverages Solana’s core innovations—including Proof of History, rapid finality, and high throughput—to support a global mesh of distributed compute devices. Building on Solana’s proven architecture, K2 inherits a suite of secure, battle-tested core programs and standard Solana open-source tooling, such as block explorers.

The Next Wave: SPEs for Digital Platforms

Leading global brands and platforms have already embraced Solana, recognizing its speed, scalability, and low-cost infrastructure:

These developments reflect a rising wave of institutional confidence in Solana’s infrastructure. SPEs have the potential to build on this momentum, providing even greater control, scalability, and customization for the world’s largest digital platforms.

Applications built on SPEs can support:

  • Efficient global treasury management and FX conversions
  • High-frequency payments (e.g., ticketing, subscriptions, usage-based pricing)
  • DRM licensing, asset gating, and entitlements
  • Microtransaction-driven marketplaces for digital goods or game economies

All with predictable, sub-second performance. Below are a few examples of how SPEs could unlock new capabilities:

Netflix or Spotify

  • Store subscription entitlements or DRM as tokenized licenses, and reduce costs paid to centralized storage providers or CDNs.
  • Launch region-specific reward programs with built-in transfer rules.
  • Introduce web3-native engagement features—without wallet complexity.

Steam or Epic Games

  • Sell game licenses as programmable assets.
  • Allow developers to share revenue via tokenized royalties.
  • Bridge in-game assets to Solana mainnet when desired.
  • Get ahead of the web3 gaming curve without tarnishing or interfering with existing web2 models.

Amazon or Shopify

  • Use SPEs for high-volume, low-fee payments.
  • Track digital goods inventory and logistics.
  • Enable merchant-specific loyalty points or rewards with token extensions.

With each case, businesses retain complete control over their infrastructure while benefiting from Solana’s performance and developer tooling.

Permissioned SVM L2s

Beyond standalone SPEs, there is also growing interest in permissioned SVM-based Layer 2 solutions. These typically operate with a single sequencer but maintain a strong connection to Solana mainnet for liquidity access and ecosystem collaboration. 

In this model, Solana mainnet serves not just as a settlement layer for security, but also as a functional extension of the L2 environment. Thanks to Solana’s low fees, it's practical to bridge assets and perform swaps between the L2 and mainnet, enabling richer functionality that might be difficult to implement in isolation. With no historical rollbacks and upcoming consensus improvements that aim for single-confirmation finality, Solana mainnet offers a robust foundation for secure L2 settlement.

Conclusion

This article provided a comprehensive overview of SPEs, highlighting their flexibility and configurability for tailored enterprise deployments and appchains. We examined real-world use cases, showcasing SPEs already operating in production across diverse industries. Finally, we looked ahead to how SPEs could serve as the foundation for the next generation of platform infrastructure, powering scalable, secure, and customizable digital experiences.

If you're a large business dealing with payments, licensing, or real-time customer entitlements, Solana SPEs are built for you. Whether you’re a streaming service, commerce platform, gaming network, or even a fintech looking for stablecoin rails, the tools are here, and the playbook is ready. 

Want help deploying an SPE or exploring the architecture? Reach out to us directly. Let’s build the future of real-world, scalable applications on-chain.

Many thanks to Scott Manson, the Sphere team, Matt Sorg, OxIchigo and Brady Werkheiser for reviewing and contributing to this work.

Additional Resources

Related Articles

Subscribe to Helius

Stay up-to-date with the latest in Solana development and receive updates when we post