Presidio Principles

Foundational Values for a Decentralized Future

16 Principles for Preserving & Protecting User Rights



Presidio Principles

16 Principles for Preserving & Protecting User Rights

The Presidio Principles aim provide creators of blockchain applications with a baseline for designing systems that preserve the rights of their participants.

Applications built on top of blockchain-based systems should preserve the following participant rights:

A participant should have access to information that would enable them to:

  • 1 Understand how a service is operated, including potential risks of the service, availability of source code, and the rules and standards upon which it is based.


  • 2 Understand the potential risks and benefits of a service’s use of blockchain technology.


  • 3 Understand system performance expectations and where the responsibility for service delivery lies.


  • 4 Understand the rights and obligations of different participants in the system.




A participant should be able to:

  • 5 Create, manage, and independently store cryptographic keys.


  • 6 Manage consent of data stored in third-party systems.


  • 7 Port data between interoperable systems or parts of a system.


  • 8 Revoke consent for future data collection system.


  • 9 Have access to information sufficient to facilitate system interoperability.




A participant should be able to:

  • 10 Assess if their data is at risk through appropriate disclosure procedures, which may include, but are not limited to, an examination of audit results, certifications, or source code.


  • 11Have their data protected in accordance with internationally recognized technical security standards.


  • 12Limit data collection to that which is necessary and data use to the purpose for which it was provided.


  • 13Verify – through third-party or self-created tools – that operations have been completed and confirmed in accordance with the system’s rules.




A participant should be able to:

  • 14 Access information needed to: (a) understand the system’s governance and rules and (b) pursue effective recourse mechanisms.


  • 15Opt-out of using applications that don’t treat data in accordance with internationally recognized governance and data protection standards.


  • 16Rectify demonstrably false, inaccurate, or incomplete data when necessary.


Want to learn more? Check out our case studies here.