The transition from 5G to 6G is way more than a speed upgrade; it is a fundamental architectural shift. Future networks will be highly decentralized and multi-stakeholder, spanning multi-vendor RANs, globally distributed AI, IoT/V2X ecosystems, and edge clouds.
In such a network, will centralized trust anchors remain viable?
Nope. Traditional PKIs and single-operator Certificate Authorities cannot scale across heterogeneous trust domains. 6G therefore demands a decentralised, zero-trust continuum - a model endorsed by 3GPP, the European Commission, and NIST SP 800-207. Blockchain and Distributed Ledger Technology (DLT) are among the most important cryptographic trust fabrics that make this possible.
Figure 1 - Blockchain-Enabled Trust Fabric across the Full 6G Ecosystem: core, O-RAN, edge, IoT, and AI layers.
Permissioned Ledgers in Telecom Architecture
When blockchain is applied to telecoms it is typically realized through Permissioned Distributed Ledgers (PDLs). Unlike public blockchains, PDLs restrict participation to known, authorised entities - mobile operators, infrastructure vendors, cloud/edge providers, and regulators. ETSI describes them as environments in which every participant is validated by an authority and access control is enforced at the ledger level. In a simpler manner, PDLs strike a balance between decentralization and operational control.
This design gives telecom networks exactly what they need: consensus-driven trust without a central authority. Only authorised actors can validate transactions, minimising data exposure. Consensus mechanisms such as proof-of-stake or Byzantine fault-tolerant protocols deliver higher throughput and lower latency than public chains. The result is a shared, immutable ledger spanning multiple operators and domains - providing cryptographic assurance and full auditability for every recorded action.
Key properties that make PDLs fit for telecom include (1) authorized-only participation (ensuring regulatory compliance), (2) append-only immutability for critical operations such as subscriber updates and slice assignments that nobody can quietly edit after the fact, (3) smart-contract automation of cross-domain agreements without needing intermediaries, and (4) privacy-preserving mechanisms like zero-knowledge proofs that let stakeholders verify credentials without without handing over the underlying data.
The open source ecosystem backing this is already mature. LF Decentralized Trust (LFDT) frameworks - Hyperledger Fabric for channel-based permissioned ledgers, Besu for EVM-compatible chains, Hyperledger Indy/Hyperledger AnonCreds/OWF’s ACA-Py for decentralised identity, and Hyperledger Cacti for cross-ledger interoperability - give real implementations production-grade technologies to build 6G trust fabrics.
Identity and Authentication via SSI in 6G
A cornerstone use case is Self-Sovereign Identity (SSI). Instead of relying on centralized SIM/HLR credentials, devices and network functions manage their own on-chain identities. ETSI GS PDL 027 defines a User-Centric Digital ID (UCDID) scheme for telecom, where each UE or NF (network function) holds a blockchain registered Decentralized Identifier (DID) implementable using Hyperledger Indy.
In practice: the device generates a key-pair and DID, receives signed credentials from trusted issuers (e.g., the operator), and stores its public key and revocation status on the ledger - while the private key stays off-chain. When attaching to any RAN or service, the device proves identity via a signed credential or zero-knowledge proof, without contacting its home HLR.
Figure 2 - UCDID structure as defined by ETSI GS PDL 027.
The privacy advantages are substantial: users can hold multiple DIDs and selectively disclose only the attributes required (subscription class, enterprise role, etc.). Operators can query the PDL to verify a DID or check revocation without a round trip to another domain's HLR. In effect, SSI on PDL replaces static global identities with cryptographic credentials under user control.
Blockchain for O-RAN Management and Orchestration
Open RAN architectures multiply trust zones: multi-vendor xApps run on disaggregated RICs and the RAN itself can be a neutral-host shared among operators. Blockchain can secure this environment in three complementary ways.
- RAN Infrastructure Registry. Operators jointly record RAN assets, slice definitions, and licensed spectrum on a shared Hyperledger Fabric ledger. Other operators query this registry to orchestrate roaming UEs or deploy slices, without trusting a single operator's database.
- xApp Authentication and Policy Logging. Third party xApps register their code identity on the PDL and receive verifiable credentials. The SMO/RIC consults the ledger before allowing an xApp to execute. All RIC policy changes are written on-chain, creating independent intent logs that make conflicting commands detectable and resolvable.
- AI/ML Model Provenance. ML models and O-RAN software are hashed with checksums stored on-chain. A RAN controller can verify a downloaded model's authenticity before use; smart contracts can enforce that only models signed by accredited issuers are installed, creating a fully auditable provenance chain for RAN intelligence.
Blockchain for Data Sharing and Auditability
6G will generate enormous volumes of data across UEs, IoT, V2X, digital twins, and edge apps, all flowing across multiple trust domains. PDLs act as a trust and control plane - not storing raw data, but anchoring immutable metadata: ownership, usage rights, timestamps, hashes, and data origin.
Smart contracts enforce policy-based sharing with granular access control, automatically verifying jurisdiction, purpose, and temporal constraints before granting access to off-chain data. Immutable access logs enable operators to demonstrate regulatory compliance and support forensic analysis - without depending on any single database. Crucially, latency-sensitive data flows remain direct between devices and edge nodes; hashes and policy events are anchored to the PDL asynchronously to preserve 6G performance.
Federated Learning and Decentralized AI
6G's AI story depends heavily on federated learning - training models across distributed devices without centralizing raw data. The appeal is obvious. The problems are less talked about: how do you verify contributions, incentivize honest participation, and prevent poisoned updates from corrupting a shared model when participants belong to different organizations and trust domains? Blockchain handles all three:
Traceability. Model updates and training metadata get hashed on-chain, creating a forensically verifiable audit trail. If a poisoned or corrupted update enters the system, you can trace it back to its source and roll back. Every training step - which data was used, what parameters were submitted - becomes verifiable on the PDL.
Incentives. On-chain token systems reward devices that contribute quality data or model updates. GR PDL 021 specifically notes that pairing a PDL with a token mechanism creates an incentive structure that aligns economic motivation with collaborative training. Participants who misbehave or contribute low-value updates simply don't get rewarded.
Trustless aggregation. A smart contract defines the FL round - aggregation method, participant set, validation rules - and enacts the consensus-based update automatically once all proofs are submitted. No central aggregator, no single point of failure. RAN controllers and network functions verify on-chain digests to confirm models are current and came from legitimate training rounds.
How Telecom Standards Are Adopting Blockchain
What separates a promising research idea from something that actually lands in deployed networks is standardisation. And on that front, the blockchain-in-telecom story has moved considerably faster than most people outside the standards world realize.
ETSI's ISG PDL - the most focused effort. The ETSI Industry Specification Group on Permissioned Distributed Ledgers has been the primary venue for turning PDL concepts into formal telecom specifications. It started with architectural studies - GR PDL 021 remains the key document mapping how DLT slots into 3GPP network architectures - but has since produced binding specs covering specific deployment areas. GS PDL 027, published in 2025, defines the SSI and UCDID scheme described in this post. GS PDL 033 addresses AI/ML model provenance and O-RAN security. GS PDL 025 covers network slicing and spectrum sharing. GS PDL 011 and 012 deal with smart-contract-based service automation. The group is still active - work items on cross-domain data governance (GS PDL 034) and non-repudiation evidence (GR PDL 014) are in progress.
ITU-T Study Group 13 - the global layer. ITU-T has been building out the complementary international framework. Y.2345 and Y.2348 define use cases and requirements for DLT-based network slicing and resource sharing. Y.3081 establishes the formal requirements for blockchain integration in 5G/6G environments. X.1413 addresses the security governance framework. And a draft supplement under SG13-TD487/WP3 - focused specifically on network resource sharing with DLT for large-scale deep learning - shows how the standards work is now extending into AI-native network operation, not just connectivity.
3GPP - from study to requirement. 3GPP's involvement is significant because it directly shapes what ends up in deployed network equipment. SA3 and SA6 have been studying blockchain for IoT and V2X authentication scenarios for several release cycles. More concretely, Rel-20 workshop inputs - the early framing for 6G architecture - explicitly call out DLT as a required component for multi-party IoT/V2X services. That's not a suggestion; it's a design requirement going into the specification process.
O-RAN Alliance - securing the open RAN. The O-RAN Security Focus Group has active study items on distributed identity for O-RAN components. Given that xApp authentication and RAN asset registries are now concrete security requirements in the O-RAN architecture, the direction of travel toward PDL-based solutions is increasingly clear. Studies referencing blockchain-native RAN operations - including BE-RAN and TrustORAN - have been submitted as input to these groups.
NIST SP 800-207 - the zero-trust foundation. While not a telecom-specific standard, NIST's Zero Trust Architecture publication underpins the architectural rationale for much of this. The “never trust, always verify” principle it formalizes is precisely what PDL-based identity and policy enforcement implements at network scale - and it's the framework that both the European Commission and NGMN cite when describing the trust model for 6G.
Taken together, these aren't isolated standards efforts. They're converging on a shared model: PDL-based components as first-class elements in 6G reference architectures, covering identity, orchestration, AI governance, and data exchange - integrated through ETSI PDL building blocks and 3GPP/O-RAN extension points.
Blockchain Applications in 6G - Key Use Cases and Standards
|
Application Area |
Where |
Blockchain / PDL Role |
Criticality in 6G |
Standards / Projects |
|
Identity, Authentication & Trust Anchors |
UE identity, NF identity, RAN nodes (RU/DU/CU), xApps/rApps, operators, vendors, verticals |
Stores DIDs & Verifiable Credentials, replaces centralized PKI/HLR/HSS, enables SSI |
Multi-operator, multi-vendor, zero-trust environment; authentication without a single home network |
ETSI PDL, GS PDL 027; ITU-T Y.3081; NGMN; PRIVATEER |
|
Secure Mobility & Roaming |
Inter-PLMN roaming, multi-domain handovers, IoT/V2X/UAV mobility |
Shares public keys & credentials across domains, decentralized roaming authentication |
Ultra-dense roaming, private/emergency networks, intermittent home connectivity |
ETSI GR PDL 021; ITU-T; 3GPP SA3/SA6 (studies) |
|
Network Slicing & Resource Sharing |
Cross-operator slicing, RAN pooling, spectrum sharing, neutral-host RAN |
Smart contracts encode slice lifecycle & SLAs, consensus on resource ownership |
Slices span multiple administrative domains, no trusted central orchestrator |
ITU-T Y.2345; ITU-T Y.2348; ETSI GS PDL 025; ETSI GS PDL 024; 6GENABLERS |
|
Data Collection, Sharing & Auditability |
Charging records, KPIs, telemetry, SLA metrics across Core–RAN–Edge |
Tamper-proof shared logs, off-chain data anchoring via hashes, verifiable access records |
Multi-party service chains, automated billing, zero-trust observability |
ETSI GR PDL 021; ETSI GS PDL 013; ETSI GS PDL 022; ITU-T Y.4560; ITU-T Y.4561 |
|
Infrastructure & Asset Registry |
RAN nodes, CN functions, MEC/O-Cloud resources, digital twins |
Decentralized catalog of infrastructure & capabilities, verifiable discovery |
Disaggregated O-RAN, dynamic federation, prevention of false claims |
ETSI GR PDL 021; ETSI GS PDL 024; O-RAN Alliance studies |
|
O-RAN Management & xApp Security |
Near-RT RIC, Non-RT RIC, xApp/rApp lifecycle |
Registers xApp identities, logs RIC decisions, enables conflict detection |
Third-party xApps untrusted by default; AI-driven control loops need accountability |
O-RAN Alliance security work; ETSI GS PDL 032; ETSI GS PDL 033; academic research |
|
AI/ML Model Supply Chain Security |
RAN AI, Core AI, security AI, edge inference models |
Anchors model hashes, tracks provenance, enforces authorized deployment |
AI becomes a primary attack surface in AI-native 6G |
ETSI GR PDL 032; ETSI GS PDL 033; ITU-T Y.Suppl.94; EU SNS research |
|
Federated Learning & Decentralized Intelligence |
Cross-operator FL, edge-device learning, collaborative AI |
Records training contributions, detects poisoned updates, enables incentives |
Central aggregators don’t scale; participants belong to different trust domains |
ITU-T Y.Suppl.94; ETSI GR PDL 021; SNS JU projects |
|
Automated Orchestration & Zero-Touch Provisioning |
Slice lifecycle, O-Cloud provisioning, RAN auto-configuration |
Smart contracts automate orchestration, immutable deployment logs |
Human-driven orchestration cannot scale; AI-native automation needs trust |
ETSI GS PDL 011; ETSI GS PDL 012; ETSI GS PDL 033; RIGOUROUS / iTrust6G |
|
End-to-End Security & Zero-Trust Enforcement |
Cross-domain access control, continuous verification, forensics |
Distributed trust anchors, immutable audit trails, eliminates SPOFs |
Explicit zero-trust requirement; continuous verification over static trust |
ETSI GR PDL 030; ITU-T X.1413; NGMN 6G Trustworthiness; NIST SP 800-207; PRIVATEER |
|
6G Resource Marketplaces |
Trading slices, leasing spectrum, sharing compute & edge services |
Brokerless marketplaces, automated contracts & settlements |
Dynamic multi-stakeholder ecosystems, need transparent governance |
6GENABLERS; PRIVATEER; ITU-T Y.2345; ITU-T Y.2348 |
|
SLA Monitoring & Enforcement |
Cross-domain services, roaming, vertical services |
On-chain SLA definitions, KPI verification, automated penalties |
Manual SLA enforcement infeasible in 6G scale |
ETSI GS PDL 033; ETSI GR PDL 021; 6GENABLERS; EU SNS |
|
Spectrum Sharing & Dynamic Access |
Licensed/shared spectrum, sub-THz, local spectrum |
Transparent spectrum grants, fraud-resistant leasing |
Dynamic spectrum access across operators and regions |
ETSI GR PDL 021; ETSI GS PDL 025; ITU-T Y.2345; ITU-T Y.2348 |
|
Edge Computing Trust & Coordination |
MEC nodes, edge AI services, local breakouts |
Lightweight PDL nodes, trusted coordination & logging |
Ultra-low latency + decentralized ownership |
ETSI GR PDL 030; ETSI GS PDL 025; ITU-T Y.2348; academic research |
|
Digital Twins & Network State Integrity |
Network digital twins, operational state models |
Immutable twin state anchoring, traceable updates |
Accurate twins required for AI-native optimization |
ETSI GR PDL 021; ITU-T Y.2345; ITU-T Y.2348 |
|
Trustworthy Data Spaces & Cross-Domain Data Governance |
Telco, vertical, cloud, and regulator data spaces |
Provides provenance, access policy enforcement, and interoperable trust infrastructure for data sharing. |
Important for cross-domain data exchange where multiple parties need auditability and policy control. |
ETSI GS PDL 034 (planned); ETSI GS PDL 013; ETSI GS PDL 022; ITU-T Y.4560; ITU-T Y.4561 |
|
Non-Repudiation & Compliance Evidence |
Security operations, lawful logging, dispute resolution, audit trails |
Captures tamper-evident evidence for actions, decisions, and approvals across domains. |
Important where operators must prove who did what, when, and under which policy. |
ETSI GR PDL 014; ITU-T X.1413; ETSI GS PDL 030 |
|
IoT / oneM2M Service Layer Trust |
oneM2M IoT service layer, constrained devices, cross-domain IoT services |
Uses PDL to register identities, manage service access, and share trusted state in IoT layers. |
Important because 6G will connect massive IoT and service-layer ecosystems at scale. |
ETSI GS PDL 028; ITU-T Y.4560; ITU-T Y.4561; ITU-T Y.Suppl.88 |
Table 1 - core application areas where blockchain is being formalized in 6G standards, with the key standards body references for each.
Where This Is Heading
This isn't theoretical anymore. ETSI's ISG PDL has been producing formal specifications with GS PDL 027 on SSI published in 2025 and architectural reports mapping DLT into 3GPP networks already out. 3GPP Rel-20 inputs are explicitly calling for DLT in IoT/V2X multi-party services. The O-RAN Security Focus Group has active study items on distributed identity.
EU SNS-JU projects are running working prototypes: PRIVATEER on privacy-first decentralized trust, 6GENABLERS/UNICO on DLT-anchored resource marketplaces with smart-contract-automated cross-provider service agreements, and RIGOUROUS/iTrust6G on decentralized security orchestration with cross-domain credential sharing. These aren't white-paper exercises - they're actual running systems.
On the open source side, the LF Decentralized Trust opendecentra-nextg lab has alreadydemonstrated a permissioned ledger overlay running on a real free5GC 5G Core using Hyperledger Fabric - decentralizing traditionally centralized core functions like NF registration, OAuth2 token state and revocation, while staying compatible with existing 3GPP SBA interfaces.
Production-grade integration isn't just theoretically possible; it's been built. If you'd like to get involved and help with this, check out the opendecentra-nextg lab repo on Github.
Conclusion
Blockchain isn’t a buzzword play in the 6G context. Permissioned distributed ledgers give future networks something they genuinely need and can't get from centralized architectures: a way to establish shared consensus, maintain tamper-resistant records, and verify identity across organizational boundaries - without any single party holding the keys.
Self-Sovereign Identity, cross-domain orchestration, AI accountability, data governance - these aren't separate problems that happen to share a solution. They're facets of the same underlying challenge: but how do you build trust into a network that nobody fully owns or controls?
For anyone designing next-generation network architectures, the practical implication is direct. PDL components - decentralized identity registries, smart-contract policy engines, immutable audit layers - need to be in both core and RAN environments from the ground up. Not added later when something breaks. This isn't an upgrade to existing systems. It's part of what makes 6G and O-RAN ecosystems actually work.