The Network Selection DecisionChoosing Public, Permissioned, and Hybrid Ledgers for Regulated Assets

The choice of which blockchain network to run a tokenized asset on is frequently made the way one might choose a database, by comparing performance figures and picking the fastest. For a regulated asset this is close to the wrong method entirely, because the properties that matter for a regulated instrument have little to do with how many transactions a network can process.

A network is not only a place to record transfers. It is a set of dependencies an asset takes on and a control surface that determines what is possible and who decides. Running an asset on a network means depending on that network's finality behavior, its governance, its software and the people who can change it, its support for the custody and signing an institution requires, and its standing with regulators. These are the things that decide whether a tokenized regulated asset functions and remains acceptable over its life, and none of them is captured by a throughput number.

This report reframes network selection as the control and dependency decision it is. It explains why the performance benchmark is the wrong lens for regulated assets, sets out what an institution should evaluate instead, and compares public, permissioned, and hybrid networks on those terms. The argument is that the right network is the one whose dependencies and control surface an institution can accept and account for, given its specific asset, custody arrangement, and regulatory situation, and that this judgment rarely turns on speed. An institution that chooses a network on performance has answered a question that was not the important one.

The performance benchmark is seductive because it is concrete and comparable. One network processes more transactions per second than another, and the larger number looks like the better choice. For many applications, throughput genuinely matters. For regulated tokenized assets, it rarely does, and treating it as the decisive factor leads institutions to optimize something that was never their constraint.

Consider what actually limits a regulated tokenized instrument. The number of holders is bounded by eligibility, often to a modest set. The frequency of transfers is low compared with high volume trading or payments, because these are held instruments that change hands occasionally rather than continuously. The transaction volumes involved are well within the capacity of essentially any serious network. An instrument with a few hundred eligible holders trading periodically does not strain a network's throughput, so the network's throughput is not what determines whether the instrument works. What determines that is whether transfers reach finality in a way the institution can rely on, whether the network's governance is acceptable, whether the custody the institution needs is supported, and whether running on the network keeps the asset inside an acceptable regulatory perimeter.

The benchmark trap is therefore not just a minor misallocation of attention. It actively misdirects the decision, because the networks that score best on raw performance are not necessarily the ones that score best on the factors that matter for regulated assets, and may score worse. An institution that selects for speed can end up on a network whose governance it cannot accept, whose finality is weaker than it needs, or whose regulatory standing is uncertain, having optimized a dimension that was never going to be the binding constraint. The first discipline in network selection is to set the performance figures aside, confirm that any serious candidate has ample capacity for the actual load, and then decide on the factors that genuinely vary in consequence.

The grid sets out the factors that should drive network selection for a regulated asset, the question each poses, and the failure that follows from ignoring it. None of them is a speed measure.

Read together, the factors describe a control surface and a dependency profile rather than a performance specification. The decision is about what an institution is willing to depend on and what control it needs to retain, and the network that fits is the one whose answers to these questions the institution can accept for its specific asset.

Networks for regulated assets fall into three broad families, and each makes the trade among the factors above differently. The families are not strictly bounded, and specific networks vary, but the families capture the main shape of the choice.

Public networks are open, permissionless at the base layer, and operated by a broad and often decentralized set of participants. Their strengths are reach, neutrality, and the size of their surrounding ecosystem of tools, custody, and participants. Their challenge for regulated assets is control. Governance is diffuse, the institution has little influence over the network's evolution, and achieving the permissioning a regulated instrument needs requires building control at the asset layer on top of an open base. An institution choosing a public network gains ecosystem and neutrality and accepts that it does not control the network underneath.

Permissioned networks restrict participation to known, approved parties and are typically governed by a defined operator or consortium. Their strengths are control and accountability. The institution knows who runs the network, who can change it, and who participates, and the permissioning a regulated asset needs is native. Their challenge is the smaller surrounding ecosystem and the dependence on the governing operator or consortium, which is itself a concentration. An institution choosing a permissioned network gains control and accountability and accepts a narrower ecosystem and a dependency on whoever governs it.

Hybrid arrangements attempt to combine the two, for example by running regulated activity in a controlled environment that connects to or settles against a public network, or by using public infrastructure with permissioning layered over it. The aim is to capture the reach of public networks and the control of permissioned ones. The cost is complexity: a hybrid inherits considerations from both families and adds the connection between them as a new surface to secure and govern. Hybrids can be the right answer where an asset genuinely needs both reach and control, and they should be chosen knowing that the combination is more to design, operate, and defend than either pure approach.

Finality is the first factor because settlement of a regulated asset depends on it, and networks differ in how and when they provide it. The companion report on settlement finality treats the subject in depth; here the point is narrower, that the network's finality behavior is a selection criterion and should be examined as one.

Some networks reach a state in which confirmed transactions cannot be reorganized, providing a strong and relatively prompt finality. Others allow the recent past to be reorganized under certain conditions, so that finality is a matter of degree that strengthens as a transaction recedes. For a regulated asset settling meaningful value, this difference is material. A network with prompt, strong finality lets settlement complete with confidence sooner. A network whose recent history can be reorganized requires waiting for sufficient confirmation before value is safely released, and an institution must build that wait into its settlement design.

The selection question is whether the network's finality matches the settlement the asset requires. An instrument that settles infrequently and can tolerate a wait may be comfortable on a network with probabilistic finality. An instrument that needs prompt, confident settlement is better served by a network with strong finality. Neither is universally better; the fit depends on the asset. What an institution should not do is choose a network without understanding its finality behavior, because finality is the property on which settlement, the core function of the asset, depends, and discovering a finality mismatch after committing to a network is an expensive correction.

Governance is the factor institutions most often underweight, and it is among the most consequential, because the governance of a network is a dependency the asset inherits for its entire life. The question is simple to ask and revealing to answer: who can change the rules of this network, and what can they change.

Every network has a process by which its software is updated, its parameters adjusted, and its behavior evolved. On some networks this process is concentrated in a defined operator or consortium with clear authority. On others it is diffuse, spread across a broad set of participants with no single point of control. Each arrangement has consequences. A concentrated governance is accountable and responsive, and it is also a party the institution depends on and whose decisions it may not control. A diffuse governance is neutral and resistant to capture, and it is also a process the institution cannot influence and that may change the network in ways the institution did not want. There is no governance arrangement that removes the dependency; there are only different shapes of it.

For a regulated asset, the institution needs to understand this dependency and judge whether it is acceptable. A change to the network, an upgrade that alters behavior, a parameter change that affects finality or cost, a shift in who participates, can affect the asset whether or not the institution agreed to it. Knowing who governs the network, what they can change, how changes are made, and what recourse or notice the institution has is part of understanding what the asset depends on. An institution that has not asked the governance question has an unexamined dependency at the base of its asset, and the time to discover the shape of a network's governance is before committing an instrument to it, not when a change the institution did not expect arrives.

The last factor is whether running on a given network keeps the asset inside a regulatory perimeter the institution can accept. This is distinct from the asset's own regulatory treatment. It concerns whether the network itself, and the institution's use of it, sits comfortably with the institution's regulators and obligations.

Regulators form views about the infrastructure financial institutions use, and those views affect what an institution can do. A network that regulators regard as acceptable for regulated activity supports an asset that institutions can hold and transact without regulatory friction. A network that regulators view with caution, or that carries associations or characteristics regulators dislike, can make an otherwise sound asset difficult or impossible for regulated institutions to use, regardless of the asset's own merits. The network is part of the regulatory picture, and an institution should select one whose standing supports rather than undermines the asset's acceptability.

This connects to the broader dependency profile that network selection establishes. Running an asset on a network creates dependencies on the network's continued operation, its governance, the tools and custody around it, and its regulatory standing, and each dependency is a way the asset can be disrupted by something outside itself. The discipline is to map these dependencies explicitly and judge their concentration and fragility. A network with a single governing party is a concentrated dependency. A network whose custody ecosystem is thin is a constrained dependency. A network whose regulatory standing is uncertain is a fragile dependency. An institution should choose a network whose dependency profile it can accept and account for, and should know what it is depending on rather than discovering its dependencies when one of them fails. The network is the foundation the asset stands on, and what matters in a foundation is whether it holds, not how fast it runs.

Public network

An open, permissionless network operated by a broad, often decentralized set of participants, with a large surrounding ecosystem and diffuse governance.

Permissioned network

A network that restricts participation to known, approved parties and is governed by a defined operator or consortium.

Hybrid arrangement

A design that combines public and permissioned elements, seeking the reach of one and the control of the other at the cost of added complexity.

Control surface

The set of choices a network determines, including who can participate, what is visible, and who can change the rules.

Dependency profile

The set of things an asset relies on by running on a given network, and the concentration and fragility of each.

Finality

How and when a network makes a transfer irreversible, a core determinant of settlement reliability.

Governance

The process by which a network's software, parameters, and behavior are changed, and the parties with authority over it.

Permissioning

Control over who may participate in a network or an asset and what they can see or do.

Regulatory perimeter

The boundary of regulatory acceptability that an asset and the infrastructure it runs on sit inside or outside of.

Citation slots below mark claims and context that require source verification before this document is treated as externally citable. They are placeholders by design. This library does not assert sourced facts without sources.

1. 01

   Comparative analysis of finality and governance across public and permissioned network designs.

   Citation pending[Citation needed: technical and governance analyses of major networks]

2. 02

   Supervisory perspectives on the use of public versus permissioned infrastructure for regulated activity.

   Citation pending[Citation needed: regulatory guidance on distributed ledger infrastructure]

3. 03

   Industry experience with permissioned and hybrid networks for tokenized regulated assets.

   Citation pending[Citation needed: disclosed permissioned and hybrid network deployments]

4. 04

   Analysis of custody and tooling ecosystem support across networks.

   Citation pending[Citation needed: custody and infrastructure ecosystem surveys]

For adjacent BlockHedge work, see Settlement Finality and Atomic DvP for the finality behavior that network selection depends on, and The Intermediary Risk Layer for the connective dependencies that surround the network choice.