Trend analysis: Privacy-preserving analytics & zero-knowledge proofs — where the value pools are (and who captures them)

The global market for privacy-enhancing technologies (PETs) reached $2.7 billion in 2025, growing at a 25% CAGR, and zero-knowledge proof (ZKP) infrastructure captured the fastest-growing subsegment at 42% year-over-year growth. As enterprises navigate an increasingly fragmented regulatory landscape with GDPR, state-level US privacy laws, and cross-border data transfer restrictions, the ability to analyze sensitive data without exposing it has moved from cryptographic curiosity to boardroom imperative. This analysis maps where the value pools sit, who is capturing them, and where procurement leaders should direct their next investments.

Why It Matters

Privacy-preserving analytics and zero-knowledge proofs represent a structural shift in how organizations handle sensitive data. Rather than choosing between data utility and data protection, these technologies enable both simultaneously. For procurement teams, this matters because:

Regulatory pressure is intensifying. By early 2026, 17 US states have enacted comprehensive privacy laws, the EU's Data Act is in force, and cross-border data transfer mechanisms remain legally fragile after Schrems II. Every organization that processes personal data, supply chain records, or financial transactions faces compliance costs that are rising 15-20% annually.

Data collaboration is becoming a competitive requirement. Supply chain transparency mandates under CSRD, CSDDD, and California's disclosure laws require companies to share emissions, labor, and sourcing data across value chains without exposing proprietary cost structures or supplier identities to competitors.

The economics favor early movers. Organizations deploying PETs report 30-45% reductions in data breach liability exposure and 20-35% faster time-to-insight for cross-organizational analytics compared to traditional anonymization and data-sharing agreements.

Key Concepts

Zero-knowledge proofs (ZKPs) allow one party to prove a statement is true without revealing the underlying data. A supplier can prove its emissions fall below a threshold without disclosing exact figures or production volumes.

Homomorphic encryption (HE) enables computation on encrypted data. Analytics run on ciphertext produce results identical to those computed on plaintext, keeping raw data encrypted throughout.

Secure multi-party computation (MPC) lets multiple organizations jointly compute results from their combined datasets without any party seeing the others' inputs. Used for benchmarking, joint risk modeling, and collaborative fraud detection.

Differential privacy adds calibrated noise to query results, providing mathematical guarantees that individual records cannot be re-identified while preserving aggregate statistical accuracy.

Federated learning trains machine learning models across distributed datasets without centralizing raw data. Each participant keeps data local; only model updates are shared.

Where the Value Pools Sit

Value Pool 1: Compliance Infrastructure ($900M, Growing 28% CAGR)

The largest and most immediate value pool sits in regulatory compliance tooling. Organizations need to demonstrate privacy compliance to regulators, auditors, and data subjects, increasingly through automated and verifiable mechanisms.

ZKP-based compliance verification allows companies to prove adherence to data handling policies without exposing the data itself. Financial institutions using ZKP compliance tools report 60% reductions in audit preparation time and 40% lower external audit costs.

The winners in this pool are platform vendors embedding privacy-preserving compliance into existing enterprise workflows: identity verification, consent management, and data subject access request fulfillment.

Value Pool 2: Cross-Organization Data Collaboration ($650M, Growing 35% CAGR)

The fastest-growing value pool centers on enabling organizations to derive insights from combined datasets without pooling raw data. Use cases include:

Supply chain emissions benchmarking, where manufacturers compare Scope 3 performance without revealing supplier identities or unit costs. A 2025 pilot by the Automotive Industry Action Group used MPC to benchmark Tier 1 supplier emissions across 14 OEMs, producing category-level insights without exposing any manufacturer's supplier base.

Financial crime detection, where banks share transaction patterns through MPC protocols to identify money laundering networks spanning multiple institutions. The Netherlands' Transaction Monitoring Netherlands (TMNL) initiative demonstrated a 40% improvement in suspicious activity detection using MPC across five major banks.

Healthcare analytics, where federated learning enables multi-hospital research on patient outcomes without transferring medical records. The HealthChain consortium across seven European hospitals trained diagnostic models achieving 94% accuracy on rare diseases without any patient data leaving its originating institution.

Value Pool 3: ZKP Infrastructure and Developer Tools ($420M, Growing 42% CAGR)

The enabling layer of ZKP proving systems, developer SDKs, and hardware acceleration represents the highest-growth value pool. As more applications require zero-knowledge proofs, demand for efficient proof generation, verification infrastructure, and developer-friendly tooling is surging.

Proof generation hardware is a critical bottleneck. ZKP computations are 1,000-10,000x more expensive than equivalent plaintext operations. Companies building custom ASICs and FPGAs for ZKP acceleration are capturing significant value as proof generation costs directly determine application economics.

Value Pool 4: Privacy-Preserving Identity and Credentials ($380M, Growing 30% CAGR)

Verifiable credentials using ZKPs enable selective disclosure: a user can prove they are over 18 without revealing their birthdate, or that their professional certification is valid without exposing their full credentials history. The EU Digital Identity Wallet framework, mandating availability by 2027, is creating a massive addressable market for privacy-preserving identity infrastructure.

What's Working

MPC for financial services benchmarking. The Boston Consulting Group's collaboration with Partisia on MPC-enabled ESG data benchmarking allows asset managers to compare portfolio climate exposure without revealing holdings. Over 60 institutional investors participated in 2025 rounds, producing sector-level risk assessments with 95% statistical accuracy.

ZKPs for supply chain compliance. Walmart's pilot with zkSync technology enables suppliers to generate zero-knowledge proofs of compliance with food safety standards. Inspectors verify proofs without accessing proprietary production data, reducing audit friction by 55% while maintaining regulatory rigor.

Federated learning in pharmaceutical R&D. Roche and Novartis independently deployed federated learning platforms (Roche using Owkin, Novartis using Substra) to train drug response prediction models across clinical trial datasets distributed across 20+ hospital sites. Both reported model performance within 2-3% of centralized training benchmarks.

What's Not Working

Homomorphic encryption at scale. Despite theoretical elegance, fully homomorphic encryption remains 10,000-100,000x slower than plaintext computation for complex operations. Real-world deployments are limited to simple aggregations and comparisons. The computational overhead makes HE impractical for real-time analytics workloads, and hardware acceleration has not yet closed the gap meaningfully.

Enterprise adoption beyond pilots. Many PET deployments remain proof-of-concept stage. A 2025 Gartner survey found that only 12% of enterprises using PETs have moved beyond pilot to production deployment. Integration complexity with legacy data systems, shortage of specialized talent, and unclear ROI metrics are the primary blockers.

Interoperability between PET approaches. Organizations deploying MPC from one vendor cannot easily interoperate with partners using different MPC frameworks or ZKP systems. Standards bodies including ISO/IEC JTC 1/SC 27 and the PET Forum are working on interoperability standards, but production-ready specifications are 18-24 months away.

ZKP proof sizes and verification costs. While proof generation has improved dramatically, proof sizes for complex statements remain large (hundreds of kilobytes to megabytes), and on-chain verification costs on Ethereum Layer 1 remain prohibitive for high-frequency applications. Layer 2 rollups mitigate this but add architectural complexity.

Key Players

Established Leaders

• Microsoft: SEAL homomorphic encryption library and Azure Confidential Computing provide enterprise-grade PET infrastructure. Powers MPC-based LinkedIn salary insights and healthcare data collaboration.
• Google: Differential privacy deployed across Chrome, Android, and Google Maps. Open-sourced differential privacy libraries used by 500+ organizations globally.
• IBM: Fully homomorphic encryption toolkit and Hyper Protect Services. Lead contributor to the HElib open-source library and confidential computing on IBM Z.
• Zama: Leading fully homomorphic encryption company with the TFHE-rs library. Raised $73 million to build production-grade FHE infrastructure for machine learning on encrypted data.

Emerging Startups

• Aleo: Privacy-focused blockchain using zero-knowledge proofs natively. Developer platform for building ZKP-powered applications with $300M+ in funding.
• Duality Technologies: Enterprise MPC and HE platform. Deployed with major financial institutions for anti-money laundering and cross-bank analytics.
• Opaque Systems: Confidential computing and analytics platform spun out of UC Berkeley. Enables SQL analytics on encrypted data in multi-party settings.
• Partisia: MPC-as-a-service platform used for ESG benchmarking, pharmaceutical data sharing, and financial analytics across 15+ enterprise clients.
• ZAMA: Open-source FHE tools enabling machine learning on encrypted data, with applications spanning healthcare, finance, and government analytics.

Key Investors and Funders

• Andreessen Horowitz (a16z): Major backer of ZKP infrastructure including Aleo and multiple privacy protocol investments totaling $500M+.
• Samsung Next: Invested in Duality Technologies and multiple confidential computing startups across their enterprise security portfolio.
• Intel Capital: Backing hardware-accelerated privacy technologies and confidential computing chip architectures through multiple portfolio companies.
• European Commission Horizon Europe: Funding PET research consortia including projects on federated learning interoperability and ZKP standardization.

Action Checklist

1. Audit current data-sharing agreements to identify where PETs could replace contractual controls with cryptographic guarantees, focusing on supply chain and multi-party analytics use cases first
2. Evaluate MPC platforms for supply chain benchmarking and compliance verification, prioritizing vendors with production deployments in your sector
3. Assess ZKP-based credential verification for supplier qualification and regulatory compliance workflows where selective disclosure reduces data exposure
4. Build internal capability by training 2-3 data engineers on ZKP and MPC fundamentals through vendor certification programs or university partnerships
5. Engage procurement peers in industry consortia exploring collaborative PET deployments, particularly for Scope 3 emissions data sharing and ESG benchmarking
6. Pilot federated learning for any cross-organizational analytics where data centralization is legally or competitively infeasible
7. Include PET readiness as an evaluation criterion in upcoming data platform and cloud infrastructure procurement cycles

FAQ

What is the difference between zero-knowledge proofs and homomorphic encryption? Zero-knowledge proofs allow one party to prove a statement is true without revealing underlying data, best suited for verification and compliance. Homomorphic encryption allows computation on encrypted data, better suited for analytics where results need to be derived from protected inputs. ZKPs are currently more practical for production use; HE remains computationally expensive for complex operations.

How much do privacy-preserving analytics platforms cost? MPC platforms for enterprise benchmarking typically cost $150,000-500,000 annually for platform access plus per-computation fees. ZKP infrastructure tools range from open-source (free) to managed services at $50,000-250,000 annually. Federated learning platforms cost $200,000-800,000 annually depending on scale and number of participating nodes.

Are privacy-preserving technologies mature enough for production use? MPC for specific use cases like financial benchmarking and anti-money laundering is production-ready, with multiple deployments at scale. ZKPs for identity verification and compliance proofs are entering production. Fully homomorphic encryption for complex analytics remains 2-3 years from broad production readiness. Federated learning is production-grade for model training but requires careful engineering for deployment.

How do PETs affect regulatory compliance? PETs can simplify compliance by reducing the scope of data processing subject to privacy regulations. If personal data is never exposed during analytics, many GDPR and CCPA obligations become easier to satisfy. However, regulators are still developing guidance on how PET usage affects compliance assessments, so legal counsel familiar with your jurisdiction is essential.

What skills does my team need to deploy PETs? Core requirements include applied cryptography knowledge, distributed systems engineering, and data pipeline architecture. Most organizations start with vendor-managed platforms that abstract cryptographic complexity, then build internal expertise over 12-18 months. Budget for 2-4 specialized hires or contractor engagements for initial deployment.

Sources

1. Grand View Research. "Privacy Enhancing Technologies Market Size Report 2025-2030." Grand View Research, 2025.
2. Gartner. "Emerging Technology: Privacy-Enhancing Computation." Gartner Research, 2025.
3. European Union Agency for Cybersecurity (ENISA). "Privacy Enhancing Technologies: Maturity and Adoption." ENISA, 2025.
4. World Economic Forum. "Reimagining Data and Privacy: Zero-Knowledge Proofs in Practice." WEF, 2025.
5. National Institute of Standards and Technology. "Privacy-Enhancing Cryptography Standards Roadmap." NIST, 2025.
6. International Association of Privacy Professionals. "PET Adoption Survey: Enterprise Readiness Assessment." IAPP, 2025.
7. McKinsey & Company. "The State of Privacy-Preserving Technologies in Financial Services." McKinsey Digital, 2025.