Enterprise | 02/13/2026
Ledger Enterprise, New Capabilities, New Language
As Ledger Enterprise rolls out its 2026 roadmap, we’ve decided to publish a standardized update of our institutional ecosystem’s terminology.
As Ledger Enterprise rolls out its 2026 roadmap, we’ve decided to publish a standardized update of our institutional ecosystem’s terminology. To clarify the active use and specific parameters of each role and resource, we are moving away from legacy terms like “Vault”. This is part of our new, brand-wide terminology clarification for the three core offerings dedicated to professionals: Ledger Enterprise, Ledger Enterprise Tradelink, and Ledger Enterprise Multisig.
- The main shift: from “Vault” to Ledger Enterprise
We are officially retiring the term “Vault” as a standalone product name. While “Vault” served us well during our early years, our offerings now encompass a far broader suite of institutional services.
Moving forward, our core offering will be referred to as “Ledger Enterprise”.
Under this umbrella, we distinguish between three primary offers:
• Ledger Enterprise: Ledger flagship B2B SaaS platform, enhanced by dedicated hardware security, designed for institutions requiring maximum security, customizable governance, and scalable automation via API.*
• Ledger Enterprise Tradelink: A powerful pledge and settlement engine built on the Ledger Enterprise Platform, enabling businesses to securely leverage assets held in custody for off-exchange trading, collateralization, borrowing and lending, and yield generation— while substantially reducing third-party exchange counterparty risks.
• Ledger Enterprise Multisig: A 100% self-serve, multi-signature platform built on the Safe protocol** (smart contracts). It is designed for DAOs and corporate treasuries to manage shared funds with elite-level clarity and hardware-backed security.
Updating our terminology enables our language to catch up with our technology and demonstrate its full capability. It reflects a shift from passive custody to an active, programmable, and scalable enterprise ecosystem powered by Ledger.
- The Infrastructure (Hardware & Software)
• HSM (Hardware Security Module): FIPS 140-2 Level 3 certified hardware located on on-premise or in Ledger’s Secured Data Centers. For Ledger Enterprise clients, the HSM is the secure backbone of the platform where transactions are completed, private keys are protected, and governance rules are enforced.
• PSDs (Personal Security Devices): This term is specific to the Ledger Enterprise. It refers to physical hardware devices referred to as “signers” (such as the Ledger Stax™). While these are called “signers” in the consumer market (see below), they play a more complex role in B2B operations.
In this context, PSDs act as approval units within an aggregated signing process. Multiple PSD signatures must be compiled to satisfy a governance rule. Only once these approvals are collected does the Hardware Security Module (HSM) cryptographically sign a transaction. This adds additional layers of control and auditability that are mandatory for regulated institutions and businesses.
These industry leading secure hardware devices all run on the constantly updated, custom designed Ledger OSTM (formerly referred to as BOLOS: Blockchain Open Ledger Operating System). Ledger PSDs are embedded with a unique cryptographic certificate tied to each Enterprise Client. They provide:
- Strong cryptographic authentication, assigning each user a verifiable pseudonymized identity within the system to enforce granular, role-based permissions
- Clear Signing capabilities, enabling users to confidently review and approve transaction details on a Secure Screen display in human-readable format before approving and signing a request
- Cryptographic transaction approvals, enabling secure multi-authorization workflows (m-of-n) for critical operations on the Ledger Enterprise Platform
Signers: This is the term we use to refer to our hardware devices (such as Ledger StaxTM, Ledger FlexTM and Ledger Nano™ Gen5) because that’s what they empower users to do: sign transactions and protect their digital identity. These can be used in a multisignature setup to power Ledger Enterprise Multisig capabilities.
• Safe Protocol: The third-party EVM-first smart contract architecture upon which Ledger Enterprise Multisig is built. It empowers users to implement on-chain multi-signature logic. The Safe protocol sets the industry standard, but software-based interactions remain vulnerable to hacks. Ledger Enterprise Multisig closes this gap by adding a hardware layer that enforces Clear Signing, Transaction Check and secure key management, eliminating the specific attack vectors responsible for past hacks.
- Ledger Enterprise & Ledger Enterprise Multisig Core Features & Concepts
• Clear Signing: Ledger’s benchmark security feature. It displays critical transaction and governance details (recipient, amount, gas fees) in human-readable language directly on the Ledger touchscreen devices (AKA signers: currently Ledger StaxTM / Ledger FlexTM / Ledger NanoTM Gen5), ensuring “What You See Is What You Sign” (WYSIWYS).
• Confirmation Threshold: The predefined minimum number of Approver signatures (e.g. “2-of-3”) required for a transaction or governance change to execute.
• Collateral Accounts (Tradelink specific): Accounts where funds are secured using Ledger Enterprise Platform, allowing for secure trading within the Tradelink network without relinquishing custody to a third-party exchange. Learn more about Ledger Enterprise Tradelink.
• Governance: The software layer that enforces company policies (whitelists, amount limits, approval steps) at every step of a transaction’s lifecycle.
• Whitelist: A security rule that restricts transaction destinations to a list of pre-approved wallet addresses.
• Self-Custody: A founding principle where the client remains in control of their private keys at all times. Ledger never has access to client keys or shards, neither does any other third party. This is the core of your enterprise offer powering both Ledger Enterprise Platform and Ledger Enterprise Multisig.
- The Roles (Roles Based Governance Model)
• Administrators (Ledger Enterprise Specific): Administrators are responsible for defining the workspace governance, including managing users, accounts, and approval rules. Crucially, Administrators cannot perform transactions, ensuring a clear separation between governance configuration and asset movement.
• Operators (Ledger Enterprise Specific): Operators are responsible for initiating, reviewing, and approving transactions (such as transfers or staking) within the limits defined by the Administrators. This role includes both human users utilizing Personal Security Devices (PSDs) and API Operators for automated workflows.
• Approvers (Ledger Enterprise Multisig specific):. These are the individuals whose explicit signature is required to authorize and execute a transaction. They hold the physical Ledger device to sign the actual transaction.
• Proposers (Ledger Enterprise Multisig Specific): Users who can initiate and submit transactions for review but do not have the authority to approve or execute them. This role prevents a single person from both starting and finishing a transaction.
• Shared-Owners (Ledger Enterprise Specific): These individuals are responsible for generating and securely holding the shards of the Master Seed. They are critical for Disaster Recovery (reconstructing the seed if necessary) but do not access the platform for daily operations.
• Wrapping Key Custodians (Ledger Enterprise Specific): These individuals generate the Wrapping Key shards. These keys are used to encrypt the client’s Hardware Security Module (HSM) partition, providing an extra level of security.
- Comparison: Ledger Enterprise vs. Ledger Enterprise Multisig
| Feature | Ledger Enterprise (LE) | Ledger Enterprise Multisig |
| Architecture / Security Model | Hardware-based (HSM + PSD) | Smart-contract-based (Safe Protocol) + secure hardware signed (Ledger signers) |
| Governance | Enforced at the hardware/HSM and PSDs | Enforced on-chain via smart contracts |
| Hardware Devices Used | – Team members use PSD (Personal Security Devices) which are currently Ledger StaxTM – HSMs complete the transactions | Team members use secure Ledger touchscreen signers (Ledger StaxTM / Ledger FlexTM / Ledger NanoTM Gen5) to collectively complete transactions |
| Roles | Administrators Operators Share Owners Wrapping Key Custodians | ProposersApprovers |
| Ideal for | Regulated institutions, exchanges, banks, custodians, states, etc. & high-volume automation | DAOs, Crypto Native Startups, decentralized treasury management |
How to Use This Going Forward
This terminology update is intended to be a practical reference, not a one-time announcement.
You should use this language when:
- Evaluating or deploying Ledger Enterprise solutions
- Designing governance, approval flows, or operating models
- Communicating internally with security, legal, compliance, marketing, products or engineering teams
- Comparing Ledger Enterprise, Ledger Enterprise Tradelink, and Ledger Enterprise Multisig for specific use cases
If you are already a Ledger client, nothing about your security model or control changes—only the clarity of how we describe it.
Want to learn more about Ledger Enterprise? Request a call with our team.
Ready to start your multisig journey? Get started today.
*Ledger is a technology provider, not a financial advisor or regulated exchange.
**Safe smart contracts are provided by Safe Labs GmbH