Ledger launches on-premise HSM for institutional keys

Ledger has launched Ledger Enterprise HSM On-Premise for institutions that want to keep private keys on their own hardware. The product targets banks, sovereign wealth funds, regulated custodians and stablecoin issuers.

The system is designed to let institutions hold cryptographic keys in their own data centres or facilities, and within their own jurisdiction. Ledger will manage API connectivity, blockchain integration and platform updates, while the signing layer stays on the customer's premises.

The launch addresses a long-standing concern among large financial institutions over whether private keys can remain entirely in-house. That has been a barrier to wider adoption of digital asset infrastructure among entities with strict internal controls and regulatory obligations.

On-Site keys

The on-premise setup separates key management from day-to-day operations. Under this model, private keys are generated offline and used within certified hardware installed at the client's facility.

Each transaction requires hardware-based verification. Operators use a Ledger Stax device to confirm the destination and amount before approval, a process intended to reduce the risk of external tampering and internal error.

Ledger described the hardware module as FIPS 140-2 Level 3 certified. The system is aimed at institutions that need tighter control over cryptographic infrastructure, including central banks and other organisations with regulated financial responsibilities.

Security debate

The launch also reflects a broader debate in institutional digital asset custody over hardware security modules versus software-based models such as multi-party computation. Some providers distribute key material across cloud and software systems, while others argue that physical isolation offers regulated institutions a clearer line of control.

Ledger argues that software-centred security models are coming under greater scrutiny as cyberattacks become more automated and financial firms prepare for stricter operational resilience requirements. It linked those concerns to compliance demands under frameworks including Basel III and DORA.

That argument is likely to resonate most with institutions whose internal rules or public mandates prevent them from placing critical cryptographic assets in third-party cloud environments. Sovereign investors, banks and custodians have been among the groups most cautious about relying on external infrastructure for key storage.

"We've been in conversations with some of the most significant financial institutions in the world, and the discussion consistently reaches the same point: We cannot put our keys in someone else's cloud," said Sebastien Badault, Executive Vice President of enterprise at Ledger. "HSM On-Premise was built to meet that demand, enabling institutions to deploy enterprise-grade digital asset infrastructure with their keys in their own hardware, in their own facility, and under their own jurisdiction, while also benefiting from Ledger's broader platform capabilities."

Rollout plan

The first phase of the product is on track to be completed by the end of May 2026, with client integrations beginning in June. Ledger did not name any launch customers.

The introduction of an on-premise option suggests the market for institutional digital asset custody is fragmenting along regulatory and operational lines. Some customers may still prefer managed or cloud-connected systems, while others are seeking arrangements that keep the most sensitive layer of their infrastructure physically in-house.

For firms handling sovereign assets, regulated reserves or large-scale issuance programmes, the key question is often not access to digital asset technology but who controls the cryptographic keys and where they are kept. Ledger's new system is built around that distinction, with the signing layer remaining inside the client's facility.