diff --git a/docs/private-networks/concepts/permissioning/onchain.md b/docs/private-networks/concepts/permissioning/onchain.md
index 9c67dcc9cee..129d56d2c42 100644
--- a/docs/private-networks/concepts/permissioning/onchain.md
+++ b/docs/private-networks/concepts/permissioning/onchain.md
@@ -48,7 +48,7 @@ Permissioning implements three allowlists:
 
 Account permissioning is incompatible with [random key signing](../../how-to/use-privacy/sign-pmts.md) for [privacy marker transactions](../privacy/private-transactions/processing.md).
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 
diff --git a/docs/private-networks/concepts/privacy/private-transactions/index.md b/docs/private-networks/concepts/privacy/private-transactions/index.md
index e817e3920f7..e01dc7fdaee 100644
--- a/docs/private-networks/concepts/privacy/private-transactions/index.md
+++ b/docs/private-networks/concepts/privacy/private-transactions/index.md
@@ -72,7 +72,7 @@ The following private transaction flow illustrates when nonce validation occurs:
 
 1. Submit a private transaction with a [nonce value](#private-transaction-nonce).
 1. The private transaction is distributed to all participants in the privacy group.
-1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file), the public nonce for that account is obtained and used for the PMT.
+1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts. If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated), the public nonce for that account is obtained and used for the PMT.
 1. The PMT is mined and included in the block.
 1. After the block containing the PMT is imported, and the PMT is processed, the private transaction is retrieved from the private transaction manager and executed.
 
diff --git a/docs/private-networks/how-to/configure/tls/client-and-server.md b/docs/private-networks/how-to/configure/tls/client-and-server.md
index a6cee37b354..055e22b5ff0 100644
--- a/docs/private-networks/how-to/configure/tls/client-and-server.md
+++ b/docs/private-networks/how-to/configure/tls/client-and-server.md
@@ -120,10 +120,10 @@ besu --privacy-tls-enabled --privacy-tls-keystore-file=/Users/me/my_node/keystor
 
 The command line:
 
-- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled) option.
-- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file) option.
-- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file) option.
-- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file) option.
+- Enables TLS with the server using the [`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled-deprecated) option.
+- Specifies the keystore using the [`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file-deprecated) option.
+- Specifies the file that contains the password to decrypt the keystore using the [`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file-deprecated) option.
+- Specifies the trusted servers using the [`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file-deprecated) option.
 
 <!-- Links -->
 
diff --git a/docs/private-networks/how-to/use-permissioning/local.md b/docs/private-networks/how-to/use-permissioning/local.md
index 53544af8770..2ae41d67873 100644
--- a/docs/private-networks/how-to/use-permissioning/local.md
+++ b/docs/private-networks/how-to/use-permissioning/local.md
@@ -100,7 +100,7 @@ Account allowlisting is at the node level. That is, each node in the network has
 
 Account permissioning is incompatible with [random key signing](../use-privacy/sign-pmts.md) for [privacy marker transactions](../../concepts/privacy/private-transactions/processing.md).
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 
diff --git a/docs/private-networks/how-to/use-privacy/flexible.md b/docs/private-networks/how-to/use-privacy/flexible.md
index c787822e9da..f645327db5e 100644
--- a/docs/private-networks/how-to/use-privacy/flexible.md
+++ b/docs/private-networks/how-to/use-privacy/flexible.md
@@ -34,7 +34,7 @@ We don't recommend creating flexible privacy groups in a chain with existing [of
 
 ## Enable flexible privacy groups
 
-Use the [`--privacy-flexible-groups-enabled`](../../reference/cli/options.md#privacy-flexible-groups-enabled) command line option to enable [flexible privacy groups](../../concepts/privacy/flexible-privacy.md). When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup), [`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup), and [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) methods for [offchain privacy groups](../../concepts/privacy/privacy-groups.md) are disabled.
+Use the [`--privacy-flexible-groups-enabled`](../../reference/cli/options.md#privacy-flexible-groups-enabled-deprecated) command line option to enable [flexible privacy groups](../../concepts/privacy/flexible-privacy.md). When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup), [`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup), and [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) methods for [offchain privacy groups](../../concepts/privacy/privacy-groups.md) are disabled.
 
 ## Simple flexible privacy group example
 
diff --git a/docs/private-networks/how-to/use-privacy/performance-best-practices.md b/docs/private-networks/how-to/use-privacy/performance-best-practices.md
index 55e7df8377f..f59d0a6c401 100644
--- a/docs/private-networks/how-to/use-privacy/performance-best-practices.md
+++ b/docs/private-networks/how-to/use-privacy/performance-best-practices.md
@@ -50,7 +50,7 @@ For performance and reliability it is advantageous to manage nonces in a statefu
 
 ### Use random senders for privacy marker transactions
 
-To avoid public nonce management, privacy marker transactions can be sent using a [random account per transaction](../../../private-networks/reference/cli/options.md#privacy-marker-transaction-signing-key-file). This option is only available for zero gas networks.
+To avoid public nonce management, privacy marker transactions can be sent using a [random account per transaction](../../../private-networks/reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated). This option is only available for zero gas networks.
 
 ### Avoid queuing transactions in Tessera
 
diff --git a/docs/private-networks/how-to/use-privacy/sign-pmts.md b/docs/private-networks/how-to/use-privacy/sign-pmts.md
index 9dbe134446c..9b77418cd64 100644
--- a/docs/private-networks/how-to/use-privacy/sign-pmts.md
+++ b/docs/private-networks/how-to/use-privacy/sign-pmts.md
@@ -14,7 +14,7 @@ Tessera-based privacy is deprecated in Besu version 24.11.0 and later. Please re
 
 :::
 
-You can sign privacy marker transactions (PMTs) with either a random key or a specified key. To sign privacy marker transactions with a specified private key, use [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) when starting Besu.
+You can sign privacy marker transactions (PMTs) with either a random key or a specified key. To sign privacy marker transactions with a specified private key, use [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) when starting Besu.
 
 :::note
 
@@ -24,13 +24,13 @@ The private key file can be the same file used by [`--node-private-key-file`](#n
 
 In networks where you pay gas, you must specify a key and the associated account must contain adequate funds.
 
-In [free gas networks](../configure/free-gas.md), to provide further anonymity by signing each privacy marker transaction with a different random key, exclude the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option when starting Besu.
+In [free gas networks](../configure/free-gas.md), to provide further anonymity by signing each privacy marker transaction with a different random key, exclude the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option when starting Besu.
 
 :::caution "Using account permissioning and privacy"
 
 You can't use [account permissioning] with random key signing.
 
-If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option and the corresponding public key included in the accounts allowlist.
+If using account permissioning and privacy, a signing key must be specified using the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option and the corresponding public key included in the accounts allowlist.
 
 :::
 
diff --git a/docs/private-networks/reference/api/index.md b/docs/private-networks/reference/api/index.md
index 7fcfe81d988..acfcd3d98c5 100644
--- a/docs/private-networks/reference/api/index.md
+++ b/docs/private-networks/reference/api/index.md
@@ -1809,7 +1809,7 @@ curl -X POST --data '{"jsonrpc": "2.0","method": "priv_getLogs","params":["vGy/T
 
 ### `priv_getPrivacyPrecompileAddress`
 
-Returns the address of the [privacy precompiled contract](../../concepts/privacy/private-transactions/processing.md). The address is derived and based on the value of the [`privacy-flexible-groups-enabled`](../cli/options.md#privacy-flexible-groups-enabled) option.
+Returns the address of the [privacy precompiled contract](../../concepts/privacy/private-transactions/processing.md). The address is derived and based on the value of the [`privacy-flexible-groups-enabled`](../cli/options.md#privacy-flexible-groups-enabled-deprecated) option.
 
 #### Parameters
 
diff --git a/docs/private-networks/reference/cli/options.md b/docs/private-networks/reference/cli/options.md
index f04a9b77f9f..72cb3377bf4 100644
--- a/docs/private-networks/reference/cli/options.md
+++ b/docs/private-networks/reference/cli/options.md
@@ -475,7 +475,7 @@ For proof-of-stake and proof-of-work networks, see
 [`--block-txs-selection-max-time`](../../../public-networks/reference/cli/options.md#block-txs-selection-max-time).
 :::
 
-### `privacy-enabled`
+### `privacy-enabled` (Deprecated)
 
 <Tabs>
 
@@ -515,13 +515,19 @@ privacy-enabled=false
 
 Enables or disables [private transactions](../../concepts/privacy/index.md). The default is `false`.
 
+:::caution
+
+Tessera-based privacy is deprecated in Besu version 24.11.0 and later. Please read this [blog post](https://www.lfdecentralizedtrust.org/blog/sunsetting-tessera-and-simplifying-hyperledger-besu) for more context on the rationale behind this decision as well as alternative options.
+
+:::
+
 :::important
 
 Using private transactions with [pruning](../../../public-networks/concepts/data-storage-formats.md) or [fast sync](../../../public-networks/reference/cli/options.md#sync-mode) is not supported.
 
 :::
 
-### `privacy-marker-transaction-signing-key-file`
+### `privacy-marker-transaction-signing-key-file` (Deprecated)
 
 <Tabs>
 
@@ -574,7 +580,7 @@ You must specify this option if you're using:
 
 If you do not specify this option (for example, in a free gas network), Besu signs each transaction with a different randomly generated key.
 
-### `privacy-multi-tenancy-enabled`
+### `privacy-multi-tenancy-enabled` (Deprecated)
 
 <Tabs>
 
@@ -614,7 +620,7 @@ privacy-multi-tenancy-enabled=false
 
 Enables or disables [multi-tenancy](../../concepts/privacy/multi-tenancy.md) for private transactions. The default is `false`.
 
-### `privacy-flexible-groups-enabled`
+### `privacy-flexible-groups-enabled` (Deprecated)
 
 <Tabs>
 
@@ -656,7 +662,7 @@ Enables or disables [flexible privacy groups](../../concepts/privacy/flexible-pr
 
 Deprecated syntax for this option is `--privacy-onchain-groups-enabled`.
 
-### `privacy-public-key-file`
+### `privacy-public-key-file` (Deprecated)
 
 <Tabs>
 
@@ -698,11 +704,11 @@ The [public key of the Tessera node](https://docs.tessera.consensys.net/).
 
 :::important
 
-You cannot specify `privacy-public-key-file` when [`--privacy-multi-tenancy-enabled`](#privacy-multi-tenancy-enabled) is `true`
+You cannot specify `privacy-public-key-file` when [`--privacy-multi-tenancy-enabled`](#privacy-multi-tenancy-enabled-deprecated) is `true`
 
 :::
 
-### `privacy-tls-enabled`
+### `privacy-tls-enabled` (Deprecated)
 
 <Tabs>
 
@@ -742,7 +748,7 @@ privacy-tls-enabled=false
 
 Enables or disables [TLS on communication with the private transaction manager]. The default is false.
 
-### `privacy-tls-keystore-file`
+### `privacy-tls-keystore-file` (Deprecated)
 
 <Tabs>
 
@@ -782,9 +788,9 @@ privacy-tls-keystore-file="/home/me/me_node/key"
 
 The keystore file (in PKCS #12 format) containing the private key and the certificate presented during authentication.
 
-You must specify `privacy-tls-keystore-file` if [`--privacy-tls-enabled`](#privacy-tls-enabled) is `true`.
+You must specify `privacy-tls-keystore-file` if [`--privacy-tls-enabled`](#privacy-tls-enabled-deprecated) is `true`.
 
-### `privacy-tls-keystore-password-file`
+### `privacy-tls-keystore-password-file` (Deprecated)
 
 <Tabs>
 
@@ -824,7 +830,7 @@ privacy-tls-keystore-password-file="/home/me/me_node/password"
 
 The path to the file containing the password to decrypt the keystore.
 
-### `privacy-tls-known-enclave-file`
+### `privacy-tls-known-enclave-file` (Deprecated)
 
 <Tabs>
 
@@ -864,7 +870,7 @@ privacy-tls-known-enclave-file="/home/me/me_node/knownEnclave"
 
 The path to the file containing the hostnames, ports, and SHA256 certificate fingerprints of the [authorized privacy enclave](../../how-to/configure/tls/client-and-server.md#create-the-known-servers-file).
 
-### `privacy-url`
+### `privacy-url` (Deprecated)
 
 <Tabs>
 
diff --git a/docs/private-networks/tutorials/privacy/index.md b/docs/private-networks/tutorials/privacy/index.md
index 2977d778415..871011924ca 100644
--- a/docs/private-networks/tutorials/privacy/index.md
+++ b/docs/private-networks/tutorials/privacy/index.md
@@ -363,14 +363,14 @@ besu --data-path=data --genesis-file=..\genesis.json --rpc-http-enabled --rpc-ht
 
 The command line specifies privacy options:
 
-- [`--privacy-enabled`](../../reference/cli/options.md#privacy-enabled) enables privacy.
-- [`--privacy-url`](../../reference/cli/options.md#privacy-url) specifies the Q2T server address of the Tessera node (`Q2T` in `tessera.conf`).
-- [`--privacy-public-key-file`](../../reference/cli/options.md#privacy-public-key-file) specifies the file containing Tessera node public key (created in [3. Generate Tessera Keys](#2-generate-tessera-keys)).
+- [`--privacy-enabled`](../../reference/cli/options.md#privacy-enabled-deprecated) enables privacy.
+- [`--privacy-url`](../../reference/cli/options.md#privacy-url-deprecated) specifies the Q2T server address of the Tessera node (`Q2T` in `tessera.conf`).
+- [`--privacy-public-key-file`](../../reference/cli/options.md#privacy-public-key-file-deprecated) specifies the file containing Tessera node public key (created in [3. Generate Tessera Keys](#2-generate-tessera-keys)).
 - [`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) includes `EEA` and `PRIV` in the list of JSON-RPC APIs to enable privacy JSON-RPC API methods.
 
 :::note
 
-Use the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file) command line option to sign [privacy marker transactions](../../concepts/privacy/private-transactions/processing.md) using a supplied key. The command line option is mandatory in privacy-enabled paid gas networks.
+Use the [`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file-deprecated) command line option to sign [privacy marker transactions](../../concepts/privacy/private-transactions/processing.md) using a supplied key. The command line option is mandatory in privacy-enabled paid gas networks.
 
 :::
 
diff --git a/docs/private-networks/tutorials/privacy/multi-tenancy.md b/docs/private-networks/tutorials/privacy/multi-tenancy.md
index 4afb36dccf0..200c93eaca1 100644
--- a/docs/private-networks/tutorials/privacy/multi-tenancy.md
+++ b/docs/private-networks/tutorials/privacy/multi-tenancy.md
@@ -156,9 +156,9 @@ The command line specifies privacy options:
 
 - [`--rpc-http-authentication-enabled`](../../../public-networks/reference/cli/options.md#rpc-http-authentication-enabled) enables authentication for JSON-RPC APIs.
 - [`--rpc-http-authentication-jwt-public-key-file`](../../../public-networks/reference/cli/options.md#rpc-http-authentication-jwt-public-key-file) specifies the Operator's [public key file](#1-generate-a-private-and-public-key-pair). Used to authenticate the [tenant JWTs](#6-generate-the-tenant-jwts).
-- [`--privacy-enabled`](../../reference/cli/options.md#privacy-enabled) enables privacy.
-- [`--privacy-url`](../../reference/cli/options.md#privacy-url) specifies the [Quorum to Tessera (Q2T)] server address of the Tessera node (`Q2T` in `tessera.conf`).
-- [`--privacy-multi-tenancy-enabled`](../../reference/cli/options.md#privacy-multi-tenancy-enabled) enables multi-tenancy.
+- [`--privacy-enabled`](../../reference/cli/options.md#privacy-enabled-deprecated) enables privacy.
+- [`--privacy-url`](../../reference/cli/options.md#privacy-url-deprecated) specifies the [Quorum to Tessera (Q2T)] server address of the Tessera node (`Q2T` in `tessera.conf`).
+- [`--privacy-multi-tenancy-enabled`](../../reference/cli/options.md#privacy-multi-tenancy-enabled-deprecated) enables multi-tenancy.
 
 :::note