Confidential Computing (CC) protects sensitive data while it is being used by running computations inside a Trusted Execution Environment (TEE) — the runtime equivalent of encryption at rest and TLS in transit. Two dynamics drive urgency: decentralized infrastructure owned by independent providers increases runtime exposure, and AI workloads for healthcare and other sensitive verticals demand it.

The recommended implementation path is MicroVMs via Kata Containers (with QEMU and KVM), allowing tenants to keep the existing containerized workflow while gaining per-container kernel isolation and TEE memory protection.

Deliverables include provider attribute changes to advertise TEE capability, SDL changes for tenants to request TEE providers, and a unified attestation + sealing/unsealing SDK that abstracts Intel TDX, AMD SEV-SNP, and NVIDIA NVTrust.

Decentralized infrastructure owned by hundreds of independent providers raises the bar for runtime data protection. Confidential Computing runs workloads inside hardware-enforced Trusted Execution Environments so that even providers cannot access tenant data or code.