Decentralisation is one of the most talked-about features of distributed ledger technology – yet it is frequently one of the most misunderstood. The parameters of what determines decentralisation are hotly contested and it is often presented as a binary state: something that either exists fully or not at all.
Distinguishing features that make DLTs attractive for different use cases, such as permissioning, are used to determine nebulous outcomes, such as demarcating degrees of ‘control’. However, the specific outcomes that decentralisation intends to achieve are seldom articulated with clarity or consistency. This often means that productive debates about current infrastructure and the regulatory responses required are displaced by teleological ones.
We’ll take a look at why decentralisation is a concept that captures people’s minds, what permissioning actually involves and why more nuance is needed to understand the functional objectives of each. By addressing these questions, we aim to challenge the notion that permissioned systems are at odds with the principles of openness, transparency and distribution that underpin DLTs.
What is decentralisation meant to achieve?
The modern financial system is inherently centralised, relying on a few large institutions to provide liquidity, credit and manage risk within a complex environment. But building a system atop these key players results in them having disproportionate power – often leading to inefficiencies, exclusion, censorship and systemic vulnerabilities – especially when they’re considered ‘too big to fail’.
By providing a peer-to-peer data structure in which recorded data is immutable, verifiable and tamper-proof, public blockchains were designed to address some structural shortcomings of intermediation. Their open-base nature intended to break down ossified access barriers and promote greater resilience by eliminating single sources of failure.
In practice, decentralised finance is less about the number of nodes or the anonymity of node operators, but more about whether any single actor or colluding group can dominate the system, censor it or take it offline. It’s also about advancing transparency, access and technical integrity and resilience. Mitigating that single-actor risk can take a variety of forms and context often dictates what the most appropriate form is.
Permissioned and permissionless networks
Permissioning refers to the rules governing who can participate in running the infrastructure of the network. In permissioned networks, participation may be limited based on factors such as identity verification, organisational reputation or a formal approval process. In contrast, permissionless networks allow anyone to join in running the infrastructure of the network without meeting specific criteria. Open participation is often associated with decentralisation, but just because a network is permissioned doesn’t mean the structural consequences result in centralised control.
If decisions about who joins or how the network evolves are made collectively, transparently and without any one actor or colluding group holding veto power, this constitutes a decentralised governance model.
Conversely, a network might be permissionless in theory but effectively centralised in practice if one group controls the majority of nodes, dominates development and holds disproportionate sway over the community. For example, although Bitcoin is often held up as the gold standard of decentralisation, most mining activity occurs through large, centralised pools that are governed by single entities who permit entry to the pool, and the final deployment of code updates to Bitcoin Core is done through a quite small group of maintainers.
Permissioning can actually support decentralisation by protecting against malicious capture or concentration of physical and operational resilience risks. In a fully permissionless network, there might be limited safeguards to prevent a coordinated group from gradually (or even suddenly) gaining disproportionate influence. In contrast, a well-governed permissioned network can leverage appropriate, consensual gatekeeping mechanisms to mitigate this risk and help maintain a balanced, decentralised system.
A spectrum, not a status
It’s more helpful to think of decentralisation as a spectrum and to focus on the direction of travel. Is a network moving towards broader distribution and transparency? Or is it entrenching control in fewer hands? Responsible decentralisation doesn’t require the absence of structure. It requires designing systems that distribute control intentionally, verifiably and resiliently. That may well include permissioning mechanisms that are themselves governed in a decentralised way.
This distinction between permissioned and centralised networks matters, particularly as regulatory and institutional thinking still defaults to outdated binaries (permissionless equals risky and unregulated; permissioned equals safe but centralised). These frameworks don’t reflect how networks are built today and they also don’t provide a useful lens for assessing systemic risk, resilience or trustworthiness.
Decentralisation isn’t static either. It can evolve. Some networks begin by being more centralised, with a limited set of governance participants but become more decentralised over time as their governance matures, new participants join and the technology scales. Others might move in the opposite direction, especially if participation narrows or core infrastructure becomes concentrated in or dependent on a small group.
Evaluating decentralisation
Assessing decentralisation should focus on real-world factors. Who has decision-making power? Can that power be exercised unilaterally? Is governance transparent and auditable? Are the actors independent or capable of colluding? Can new participants join and under what conditions? Are there inefficiencies or single points of failure within the system?
These questions get to the heart of how network operations are distributed and how much risk is concentrated. Rather than relying on rigid definitions or control thresholds, a more effective approach is to assess decentralisation based on how power is constrained in practice. That means looking at governance design, decision-making processes and infrastructure resilience – not just technical participation rights or token issuance models.
Risk management and regulatory compliance
Decentralised permissioned networks offer a compelling response to regulatory concerns around governance, security and risk management. By distributing decision-making authority across a diverse and independent set of participants, these networks reduce the concentration of power that can lead to single points of failure or abuse. Decentralisation ensures that no single actor can unilaterally control the network. Rules-based governance processes such as on-chain voting or multi-party consensus further enhance accountability and auditability, giving regulators greater confidence in the integrity, security and robustness of the system.
Ultimately, decentralisation and permissioning are not opposites. They are different dimensions of network design. When done right, they can complement each other, offering both openness and accountability, resilience and order. Moving away from simplistic classifications allows for more flexible infrastructure models as well as better policy discussions, regulatory understanding and efficiently designed networks.
In short, permissioned networks can be decentralised. Permissionless networks can be centralised. The only way to know the difference is to look closely at how power is distributed – and how it’s kept in check.
Nilmin Rubin is Chief Policy Officer and Isadora Arredondo is Global Policy Director at Hedera.
Join OMFIF on 11 June to explore the HKMA’s initiatives to develop Hong Kong’s tokenisation market.
Interested in this topic? Subscribe to OMFIF’s newsletter for more.