Institutions can ship on Canton Network without handing control to a single operator.
That is the goal.
In practice, many teams start with one participant node because multi-party governance can be complex to implement and maintain.
DecParty is BitSafe's approach to making that model practical in production. CBTC was the first production deployment.
The problem: single-operator shortcuts can struggle with scale
Canton Network gives institutions sub-transaction privacy and deterministic finality.
Multi-party control still takes real work to implement well.
Once an application starts moving real value, teams often run into the same constraints:
One operator becomes the default control point.
Adding additional parties turns into bespoke implementation work.
Governance becomes a mix of ad hoc process and operational tooling that is hard to keep consistent over time.
For institutional use cases, that usually becomes a scaling bottleneck.
What teams actually need
A production-ready Canton application needs two things at the same time:
Cryptographic enforcement over who can do what
Operational tooling for membership and change over time
Most teams get the first part.
They underestimate the second.
DecParty: multi-party governance infrastructure for Canton Network
DecParty is BitSafe's programmable multi-party governance system for Canton Network.
It enables a group of independent nodes, each operated by a different organization, to act as one governed party.
On-ledger actions require a configurable quorum. No single member can unilaterally mint, move assets, or change configuration.
What this enables
With DecParty, institutions and developers can:
Launch applications with distributed control from day one
Add or remove members without rewriting the system
Change quorum policies without creating governance chaos
Govern shared funds and operational workflows under explicit rules
This is the difference between a prototype and infrastructure that can keep running as participation grows.
Mental model
Think of DecParty as the operating layer for multi-party control on Canton Network.
It is designed to keep governance enforceable and maintainable, without adding process for its own sake.
How it works
At a high level:
Independent attestors form a party
A quorum policy defines approvals
Actions execute on-ledger only after the required approvals
Membership changes go through governed workflows
The design goal is simple: make multi-party control easy to reason about.
Proof in production: DecParty powers CBTC
CBTC is the first live application built on top of DecParty.
CBTC uses DecParty as its governance and coordination layer to distribute critical Bitcoin operations across multiple independent nodes.
The result is straightforward: no single entity can unilaterally mint or burn CBTC under the configured quorum rules.
Use cases
DecParty is a general governance primitive.
Token issuance on Canton Network
Any asset that requires governed minting and burning can use DecParty to avoid single-operator custody.
Vault governance
When multiple organizations jointly govern deposits, withdrawals, or parameters, DecParty keeps those actions under quorum control.
BTC on Canton
Liquidity pools and market infrastructure can use multi-party governance for fee distribution, parameter changes, and operator governance.
Credentials and access control
Distributed authority over issuance and access is only credible when membership and approvals are enforceable and maintainable.
Comparisons against institutional requirements
Most governance patterns were designed either for single-organization control or for public-chain environments. Institutional consortiums on Canton tend to require a different set of guarantees:
Enforceable control: Actions that move value or change configuration must be gated by explicit quorum rules.
Lifecycle management: Membership changes, key rotation, policy updates, and incident response need defined workflows.
Operational clarity: It should be clear who approved what, under which policy, and how that policy can evolve over time.
Institutional fit: Privacy and deterministic finality are table stakes. Governance needs to work across independent organizations with real operational constraints.
Multi-sig, DAOs, and MPC are well designed for their respective jobs, but they typically only cover part of the institutional governance lifecycle. DecParty is built to help institutions go further and scale multi-party control in production.
Multi-sig: Strong threshold approval. Often limited around membership lifecycle, workflow enforcement, and operational tooling at scale.
MPC: Strong distributed key control. Typically not a governance system by itself. It does not provide governed workflows, membership lifecycle management, or policy enforcement on-ledger.
DAOs: Useful for open, token-based coordination. Often not aligned with institutional governance models where participants are known entities, privacy matters, and governance needs to be enforceable under explicit operating procedures.
DecParty is designed for the full institutional lifecycle on Canton: enforceable quorum control combined with membership management and governed operational workflows.
What is next
DecParty is opening up to early partners and builders.
If you are building on Canton Network and want to talk about production-ready multi-party governance infrastructure, join the DecParty mailing list. You can also read our DecParty whitepaper here.
BitSafe builds decentralized, privacy-enabled infrastructure and compliant digital asset products on the Canton Network. As the team who brought Bitcoin to Canton, BitSafe's threshold-governed multi-sig infrastructure distributes custody and governance, eliminates single points of failure, and enables institutions and developers to launch trading venues, deploy vaults, and build compliant financial products across the ecosystem.
Website | Twitter (X) | LinkedIn | Telegram