CBDCs

TL;DRWhy This Matters

Money has always been a technology. The cowrie shell, the gold coin, the paper note, the credit card — each represented not just a medium of exchange but a shift in who controls the ledger, who can see the transactions, and who can intervene in them. We rarely notice these shifts when they happen. They arrive dressed as convenience, as modernization, as efficiency. And then, one day, the old rules no longer apply.

We are living through one of those shifts right now. Across more than 130 countries, central banks are actively researching, piloting, or deploying central bank digital currencies — digital forms of sovereign money issued directly by a nation's monetary authority. Unlike the numbers you see in your bank account, which represent a private bank's promise to pay, a CBDC represents a direct liability of the central bank itself. This is a subtle but enormous distinction. It means the state, rather than a commercial intermediary, becomes the custodian of your money at the most fundamental level.

The decisions being made now are not merely technical. They are political, philosophical, and deeply personal. Should a currency be programmable? Should it expire? Should it be surveilled? Should it work offline? Each design choice encodes values — about privacy, about autonomy, about the proper relationship between citizens and the state. And unlike most policy decisions, the architecture of a monetary system is extraordinarily difficult to reverse once it is in place. Infrastructure, once built, shapes the world around it.

The stakes are not abstract. At their best, CBDCs could extend financial access to billions of people currently excluded from the formal economy, reduce the cost of cross-border payments, make monetary policy more precise, and undermine the criminal networks that rely on cash anonymity. At their worst, they could represent the most comprehensive financial surveillance infrastructure in human history — a system that makes every economic transaction visible to the state and, potentially, controllable by it. The question is not whether CBDCs are coming. The question is what kind they will be, and who will have decided.

The past decade has provided the pressure that is now producing this transformation. The rise of private digital payment systems — Alipay and WeChat Pay in China, M-Pesa in East Africa, Venmo and PayPal in the United States — demonstrated that digital money could work at scale, and that if central banks did not act, the infrastructure of modern commerce would be owned entirely by private corporations. Then came Bitcoin and the broader cryptocurrency ecosystem, which proved that a currency could exist without any central authority at all, and that people were hungry enough for monetary alternatives to accept extraordinary volatility and complexity to access them. Then came the COVID-19 pandemic, which accelerated the shift away from cash and made visible the limitations of existing payment systems for distributing emergency relief. The pressure is cumulative. The moment is now.

The Architecture of Digital Money

To understand what a CBDC is, it helps to understand what it is not. It is not cryptocurrency in the usual sense, though it shares some superficial features. Most cryptocurrencies — Bitcoin, Ethereum, and their descendants — are decentralized: no single entity controls the ledger, and transactions are validated by a distributed network of participants. A CBDC, by contrast, is fully centralized. The central bank controls the ledger. This is not a technical compromise; it is the point. Central banks need to be able to manage money supply, implement monetary policy, and comply with anti-money-laundering regulations. A monetary system you cannot control is, from a central bank's perspective, not a monetary system at all.

A CBDC is also not simply a digital bank account, though the distinction can be subtle. When you deposit money at a commercial bank, you are lending that money to the bank in exchange for a promise of repayment. The bank uses your deposit to make loans, invest in assets, and generate profit. If the bank fails, your deposit — up to insured limits — is protected by a guarantee scheme, but the underlying asset is a private bank liability, not a public one. A CBDC, by contrast, is a direct claim on the central bank, which cannot (in most institutional frameworks) go bankrupt in the same way a commercial bank can. This makes it, in theory, the safest possible form of money.

Retail CBDCs — the kind designed for use by ordinary citizens — are different from wholesale CBDCs, which are designed for transactions between financial institutions. Most of the public debate concerns retail CBDCs, since these are the ones that directly touch everyday life. A retail CBDC might live in a digital wallet on your phone, be held at the central bank directly, or be distributed through commercial banks acting as intermediaries. This two-tier distribution model, in which the central bank manages the back-end infrastructure while licensed banks and payment providers handle the customer interface, is the design most seriously under consideration in major economies. It preserves some role for commercial banks while giving the central bank ultimate control over the base money supply.

The most consequential technical decision in CBDC design is whether the currency is token-based or account-based. In an account-based system, your identity is directly tied to your balance — to spend money, you must authenticate yourself. In a token-based system, possession of a valid token is sufficient to transfer value, similar to how physical cash works. The distinction matters enormously for privacy. A fully account-based CBDC creates a comprehensive, real-time record of every transaction tied to every identity. A token-based system can be designed to allow for some degree of anonymity, at least for small transactions. Most CBDC proposals attempt to navigate between these extremes, offering tiered privacy: small transactions with limited surveillance, larger transactions with full identity verification.

China's e-CNY: The Most Advanced Experiment

No country has moved further, faster, or more deliberately than China. The e-CNY — also known as the Digital Currency Electronic Payment system or DCEP — has been in development at the People's Bank of China since at least 2014, making it the longest-running major CBDC project in the world. By 2020, it was in active pilot testing across multiple cities. By the time of the 2022 Beijing Winter Olympics, it was available to foreign visitors, representing a deliberate moment of global demonstration.

The e-CNY's design reflects China's particular political priorities with unusual clarity. The PBOC has described the system as having "controllable anonymity" — a phrase worth sitting with. What it means, as far as can be determined from official statements, is that individual transactions are private from other citizens and even from the banks and payment providers that distribute the currency, but fully visible to the central bank and, by extension, to the state. The government can see everything; citizens can see only their own activity. This is not accidental ambiguity. It is a deliberate architectural choice that reflects a particular theory of governance.

The e-CNY is designed to operate through a two-tier system: the PBOC controls the core ledger while commercial banks, tech firms, and payment providers build the consumer-facing interfaces. Notably, despite early discussion of blockchain or distributed ledger technology, the PBOC ultimately chose a centralized architecture. The reasons are practical — centralized systems are faster, easier to control, and do not require consensus mechanisms — but they also reflect the fundamental incompatibility between distributed trust systems and a state that prefers not to distribute trust.

What makes the e-CNY most significant — and most concerning to civil liberties analysts — is its potential integration with China's social credit system. While the precise relationship between DCEP and social credit remains officially unclear, the structural possibility is real: a programmable currency issued by a government that already ranks citizens by behavioral compliance could, in principle, be used to restrict the spending of those with low scores, reward compliant behavior with spendable credits, or simply make certain transactions impossible for certain people. Whether or not this is current practice, the architecture permits it. And architecture, in the long run, tends to be used for what it permits.

China's ambitions for the e-CNY extend beyond its borders. As part of the broader push to internationalize the renminbi, the e-CNY is being tested in cross-border payment corridors, particularly through a project called mBridge, which involves the central banks of Hong Kong, Thailand, the UAE, and China itself. The strategic logic is evident: if China can establish its digital currency infrastructure as the basis for regional and eventually global trade settlement, it can reduce dependence on the US dollar-denominated SWIFT messaging system and, over time, reshape the financial architecture of international trade.

Europe, the United States, and the Democratic Question

The European Central Bank has been among the most methodical and publicly deliberate actors in the CBDC space. The digital euro project entered its investigation phase in 2021 and has been subject to extensive public consultation — a process that revealed, among other things, that privacy was the single most important concern expressed by European citizens. This is not surprising in a region where financial privacy has deep cultural and legal roots, and where memories of surveillance states remain living history in several member countries.

The ECB's stated design principles for the digital euro include a strong commitment to privacy, with the goal of ensuring that the ECB and European governments cannot access individual transaction data for surveillance purposes. Whether this commitment will survive the implementation process — and the inevitable pressure from law enforcement and financial intelligence agencies seeking transaction data — remains to be seen. The gap between stated design principles and actual deployed systems is where most of the important politics will happen.

The United States has moved more cautiously than almost any other major economy, and the reasons are instructive. The Federal Reserve has been explicit that it would not proceed without clear legislative authorization from Congress, reflecting both institutional caution and the genuine political controversy surrounding the concept. American skepticism of a CBDC crosses conventional political lines in unusual ways: libertarian conservatives oppose it on grounds of financial surveillance; progressive critics worry about its implications for commercial banking and financial inclusion; and the financial industry — which profits handsomely from the existing payment infrastructure — has lobbied actively against it. The Federal Reserve Bank of Boston and MIT conducted a technical research project, Project Hamilton, that demonstrated the feasibility of a high-speed, high-volume digital dollar, but feasibility and political will are different things.

The deeper question the United States faces is strategic: if it does not develop a CBDC, it cedes the global conversation about standards, design principles, and interoperability to those who will. The dollar's role as the world's reserve currency is partly maintained through its dominance in global payment infrastructure. A world in which China's e-CNY and other CBDCs become the default infrastructure for international transactions is a world in which dollar dominance is structurally eroded, regardless of how many dollars are traded.

Programmability and the Question of Control

Of all the technical features of CBDCs, programmability is at once the most transformative and the most disturbing. A programmable currency is one in which rules can be encoded directly into the money itself — rules about who can spend it, when, where, on what, and for how long. This capability exists on a spectrum, from very basic (money that expires if not used by a certain date) to deeply invasive (money that cannot purchase certain goods, that tracks purchase categories in real time, or that automatically adjusts its value based on the holder's social or financial status).

The case for programmability is not trivial. Conditional cash transfers — government payments to low-income recipients that can only be spent on specific categories of goods — have been one of the more effective poverty-reduction tools of the past thirty years. Programmable money could make such programs more efficient and harder to defraud. Similarly, programmable money could automatically enforce tax compliance, reduce money laundering, and make monetary stimulus more targeted — sending money directly to people, with a built-in expiration date to encourage spending rather than saving, is precisely what several economists advocated during the COVID-19 crisis.

But programmability also means that whoever controls the programming controls what money can do. This is not a hypothetical concern. During the 2021 Canadian trucker protests, the Canadian government invoked emergency powers to freeze the bank accounts of donors to the protest movement — a move that, whatever one thinks of its political merits, demonstrated that digital financial infrastructure could be weaponized against political dissent. In a CBDC world with full programmability, such interventions could be instantaneous, comprehensive, and potentially automated. The difference between "fighting money laundering" and "suppressing political opposition" is often a matter of who is in power and what they choose to label as criminal.

This is where the debate about CBDCs connects to much older questions about the relationship between money, freedom, and power. Cash — physical, anonymous, bearer-instrument cash — has historically served as a kind of freedom of last resort: a means of transacting outside any monitored system, available to dissidents, to abuse survivors hiding assets from controlling partners, to people whose relationship with formal institutions is fraught or dangerous. The gradual elimination of cash, accelerated by both COVID-era hygiene concerns and the structural incentives of digital payment platforms, reduces this freedom. A world in which all transactions are digital is a world in which all transactions are, at least potentially, visible and controllable.

Financial Inclusion and the Optimistic Case

It would be unfair, and intellectually dishonest, to present CBDCs purely as instruments of control. The optimistic case deserves serious engagement, because it is serious.

Approximately 1.4 billion adults worldwide remain unbanked — without access to formal financial services of any kind. In sub-Saharan Africa, large parts of South Asia, and rural regions of even relatively wealthy countries, the infrastructure of commercial banking simply does not reach. Without a bank account, you cannot easily receive wages digitally, save money safely, access credit at reasonable rates, or participate in the formal economy in ways that build long-term wealth. Mobile money systems like M-Pesa in Kenya have demonstrated that digital financial infrastructure can reach populations that commercial banking never will — M-Pesa now handles transactions equivalent to a significant fraction of Kenya's GDP, for people who may never enter a bank branch.

A well-designed CBDC could extend this kind of access further. Because a retail CBDC is a direct liability of the central bank, it does not require a commercial banking relationship. In principle, every citizen could have a digital wallet holding state-issued digital currency, accessible via a basic smartphone or even a feature phone. Offline functionality — the ability to transact without an internet connection, using near-field communication or Bluetooth — is a design feature being actively explored by several central banks precisely because it addresses the reality that the populations most in need of financial access are often those with the least reliable connectivity.

CBDCs could also dramatically reduce the cost of remittances — the money sent by migrant workers to their families in their home countries. Currently, the global average cost of sending a remittance is around 6 percent of the transaction value, with some corridors charging much more. For families in low-income countries that depend on remittances as a significant portion of household income, this represents an enormous and largely invisible tax. A CBDC-based cross-border payment system could reduce this cost to near zero.

The tension between these genuine benefits and the surveillance and control risks is real and cannot be wished away by emphasizing one side. The same infrastructure that delivers financial access to unbanked populations also, if poorly designed or governed, delivers unprecedented visibility into their financial lives to whoever controls the system. This is not a reason to abandon the project, but it is a reason to be extraordinarily careful about design.

The Geopolitics of Digital Currency

The competition over CBDCs is not merely a domestic policy question in each country. It is rapidly becoming a significant front in the broader contest for technological and financial dominance that defines the current era of great power competition.

The current international monetary system is built on dollar primacy. The SWIFT messaging network, through which international financial institutions communicate transactions, is effectively denominated in American procedural and legal norms. The United States' ability to impose financial sanctions — cutting off countries, companies, or individuals from the dollar-based international payment system — depends on this infrastructure dominance. American sanctions against Iran, Russia, Venezuela, and others have been effective precisely because the alternatives to dollar-based international payment are costly and limited.

CBDCs threaten to change this. If China's e-CNY, or a basket of non-dollar CBDCs operating on interoperable infrastructure, becomes a viable alternative for international trade settlement, the leverage that dollar dominance provides to American foreign policy diminishes. This is not a secret concern among American policymakers; it has been stated explicitly in Congressional testimony, in Federal Reserve communications, and in the reports of think tanks close to the foreign policy establishment. The strategic stakes are high enough that some analysts argue the United States must develop a digital dollar not because it is good for the domestic economy, but because failure to do so cedes the global monetary architecture to others.

The Bank for International Settlements — often called the central bank of central banks — has been active in coordinating international research on CBDCs and, crucially, on interoperability between different national systems. The decisions made at this level are largely invisible to the public but enormously consequential: whether CBDCs from different countries can communicate with each other, and on whose technical standards that communication operates, will determine the structure of international finance for decades. This is standard-setting as geopolitics.

Smaller and middle-income countries face a particular dilemma. They lack the resources to develop sophisticated CBDC infrastructure independently, which means they may be tempted to adopt infrastructure developed by larger players — particularly China, which has been active in exporting digital payment infrastructure through its Digital Silk Road initiative. Adopting another country's monetary infrastructure means accepting, to some degree, that country's surveillance architecture, governance norms, and technical dependencies. This is a form of financial sovereignty that is difficult to quantify but easy to lose.

Privacy, Governance, and the Design of Trust

If there is a single thread running through all of the debates about CBDCs, it is the question of trust: who should be trusted with the architecture of money, under what constraints, and with what mechanisms for accountability?

The financial system we have now is not a privacy paradise. Commercial banks collect and share extensive transaction data. Payment processors build detailed behavioral profiles from spending patterns. Governments in most jurisdictions can access financial records with varying degrees of judicial oversight. The shift to digital payments over the past decade has already dramatically reduced financial privacy compared to a cash-based economy. A CBDC does not necessarily make this worse — but it concentrates the surveillance capacity in a single actor, the central bank, in a way that creates unique risks.

The privacy by design approach, advocated by some technologists and civil liberties organizations, argues that the architecture of a CBDC should make mass surveillance technically impossible, not merely legally prohibited. If the system is designed so that transaction data is cryptographically protected and can only be accessed with specific judicial authorization, then even if the political climate changes, the technical barriers remain. This is more robust than relying on legal protections that can be modified by future governments. The zero-knowledge proof — a cryptographic method that allows a party to prove something about a transaction (for instance, that it is above a legal threshold) without revealing the underlying data — is one technical tool that could, in principle, allow regulatory compliance without comprehensive surveillance.

The governance question is equally fundamental. Who sets the rules for a CBDC? Who can change those rules, and through what process? Who has oversight of the central bank's use of CBDC data? In democratic societies, these questions have at least formal answers through constitutional structures, legislative oversight, and judicial review. But the technical complexity of CBDC systems creates a significant accountability gap: the people making the consequential design decisions are often technical staff and contracted engineers whose choices are not subject to democratic deliberation, and whose implications are not legible to most elected officials.

Civil society organizations, academic researchers, and privacy advocates have been increasingly vocal about the need for public participation in CBDC design processes — not merely consultation after key decisions are made, but genuine input into the values and priorities that should govern design. This is happening, to varying degrees, in some jurisdictions. The European Central Bank's public consultation process is one model, however imperfect. The broader principle — that the architecture of public monetary infrastructure should reflect public values, not just technical efficiency — is one worth defending vigorously.

The Questions That Remain

The CBDC project is young enough, and the terrain uncertain enough, that some of the most important questions remain genuinely open. These are not rhetorical provocations but real unknowns that will shape how this story unfolds.

Can privacy-preserving CBDCs actually work at scale? The cryptographic tools that could, in principle, allow for transaction privacy while still enabling regulatory compliance — zero-knowledge proofs, secure multi-party computation, tiered anonymity systems — are technically feasible in laboratory conditions. Whether they can be deployed in a high-volume, real-time payment system serving hundreds of millions of users, while remaining genuinely privacy-preserving against a sophisticated state adversary, is not yet demonstrated. The gap between theoretical cryptographic privacy and the operational reality of deployed government infrastructure has historically been large.

Will CBDCs strengthen or weaken commercial banking? If citizens can hold their savings directly at the central bank, what happens to the commercial banks that currently hold those deposits and use them to make loans? Some economists worry about disintermediation — the risk that CBDCs trigger a mass movement of deposits from commercial banks to the central bank, starving the former of funding and destabilizing the credit system. Others argue this risk is manageable through design choices like holding limits and tiered interest rates. Neither view has been tested at scale in a major economy.

How will CBDC interoperability be governed, and by whom? The technical standards for how different national CBDCs communicate with each other will be as consequential as the standards themselves. Will they be set through multilateral institutions like the BIS or IMF, through bilateral agreements between major powers, or through the de facto dominance of whichever country deploys the most widely-used infrastructure first? The process by which these standards are established will either reproduce existing power structures or create opportunities to reshape them.

Could programmable money cross the line from policy tool to instrument of coercion, and how would we know? The distinction between legitimate use of programmability — conditional welfare payments, targeted stimulus, automated tax compliance — and coercive use, such as restricting spending based on political behavior or social compliance scores, depends on governance and intent, not on the technical architecture. In a democratic society with strong rule of law, the former might be achievable without enabling the latter. But the architecture does not enforce this distinction. What mechanisms, legal and technical, could provide robust safeguards, and who would enforce them when they were violated?

And perhaps most fundamentally: what do we lose if cash disappears entirely? Physical, anonymous, bearer-instrument cash has served for centuries as a kind of irreducible financial privacy, a transaction medium that requires no identity, no infrastructure, and no institutional permission. As digital payments become the norm and cash acceptance declines, the practical option of using cash is eroding even without any formal abolition. If CBDCs become the dominant form of money — and the design choices of central banks increasingly assume they will — what happens to the populations and the forms of human life that depended on the properties of cash that no digital system has yet fully replicated? This question does not have a technical answer. It has only a political one, and the political conversation has barely begun.