Previous Article in Journal
Central Bank Digital Currencies and Cross-Border Digital Payments: A Systematic Review in a Fragmented Global Financial Environment
Previous Article in Special Issue
Cryptocurrency Adoption in Central and Eastern Europe: Psychological Decision-Making Mechanisms, Motives, and Barriers from a Qualitative Perspective
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
FinTech
Volume 5
Issue 2
10.3390/fintech5020051
fintech-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Trust, Privacy, and Adoption: A Global Policy Framework for Central Bank Digital Currencies

by
Alam Ahmad
Department of Finance, College of Administrative and Financial Sciences, Saudi Electronic University, Jeddah Campus, Jeddah 22384, Saudi Arabia
FinTech 2026, 5(2), 51; https://doi.org/10.3390/fintech5020051
Submission received: 29 March 2026 / Revised: 14 May 2026 / Accepted: 21 May 2026 / Published: 2 June 2026
(This article belongs to the Special Issue Cryptocurrency and Digital Cash)
Browse Figures
Versions Notes

Abstract

Central Bank Digital Currencies (CBDCs) have transitioned from theoretical concepts to operational realities across multiple jurisdictions. While they promise improved payment efficiency and financial inclusion, public trust, privacy, and user adoption have emerged as the critical determinants of success. Users fear that CBDCs could enable government surveillance, while regulators require sufficient oversight to prevent illicit finance, which creates a fundamental tension between privacy and compliance. This paper addresses the question: how can policymakers craft a global policy framework for retail CBDCs that balances user privacy and trust with necessary regulatory oversight, in order to maximize public adoption? Employing a structured narrative synthesis of peer-reviewed empirical literature and case analysis of four major CBDC implementations, the Bahamas Sand Dollar, Nigeria’s eNaira, China’s e-CNY, and the proposed digital euro, the study develops a seven-component global policy framework organized across four architectural layers. We additionally formulate seven testable propositions linking each framework component to adoption and trust outcomes, providing a structured agenda for future quantitative research. Evidence from randomized survey experiments shows that strong privacy safeguards raise adoption willingness by up to 60, underscoring that privacy is not merely a civil liberty concern but a prerequisite for widespread CBDC success. The comparative cross-case assessment suggests that broader alignment with the proposed framework components appears conceptually consistent with more favorable trust and adoption patterns across the cases examined.

1. Introduction

Central Bank Digital Currencies (CBDCs), digital forms of sovereign money issued by central banks, are rapidly transitioning from exploratory projects to operational reality. As of 2025, over 95% of central banks globally are engaged in CBDC research, and surveys indicate that up to 24 countries could have a retail CBDC in circulation by the end of 2030 [1,2]. Nations including the Bahamas, Nigeria, and the Eastern Caribbean Currency Union have already launched retail CBDCs, while China’s digital yuan (e-CNY) is in an advanced pilot reaching over 260 million users, and the Eurozone is progressing toward a possible digital euro by 2028. Motivations are diverse: emerging economies emphasize financial inclusion and payment resilience, while advanced economies focus on monetary sovereignty as cash use declines and private stablecoins proliferate [2].
Despite this momentum, a fundamental challenge has emerged. A CBDC, by its nature, enables granular data collection on transactions in a way that physical cash does not [3]. If poorly designed or mismanaged, this capability creates serious risks to financial privacy, potentially enabling unwarranted government surveillance of citizens’ spending behavior [4]. As the International Monetary Fund (IMF) explicitly warns, ‘CBDC data use could pose risks to privacy, which, in turn, can undermine the trust in central bank money’ [5]. Such concerns are not abstract; they directly determine whether people will adopt a CBDC. In the European Central Bank’s (ECB) 2021 public consultation, the largest CBDC survey conducted in a major jurisdiction, where 43% of respondents identified privacy as the most important feature of a potential digital euro, far exceeding security (18%) or cross-border usability (11%) [6].
At the same time, central banks and governments have legitimate obligations to ensure CBDCs cannot facilitate money laundering, terrorist financing, tax evasion, or sanctions circumvention [7]. Anti-money laundering (AML) and countering the financing of terrorism (CFT) regulations require some degree of transaction transparency. Balancing these regulatory imperatives with individuals’ right to financial privacy is the fundamental design challenge of the CBDC era [8]. If a CBDC offers full anonymity comparable to cash, it may facilitate criminal abuse at scale; if it offers no privacy, it risks rejection as an instrument of surveillance [9]. The challenge is to find a solution where privacy and regulatory utility coexist, a mutually beneficial outcome that neither sacrifices civil liberties nor enables illicit finance [5] (Murphy, 2024).
This paper addresses the core research question: How can policymakers craft a global policy framework for retail CBDCs that balances user privacy and trust with necessary regulatory oversight, in order to maximize public adoption? Despite a rapidly growing literature on CBDC design, no existing framework integrates privacy-by-design principles, legal governance mechanisms, privacy-enhancing technologies, and international coordination into a globally applicable standard supported by formally testable research propositions [10]. This paper aims to fill that gap. Our contribution is threefold: (1) a structured narrative synthesis of the empirical literature linking privacy to CBDC trust and adoption; (2) a seven-component, four-layer global policy framework derived inductively from that synthesis and comparatively assessed across four cross-national case studies; and (3) seven testable research propositions broadly consistent with measurement models, providing a rigorous agenda for future empirical research.
The remainder of the paper proceeds as follows. Section 2 describes the methodology. Section 3 reviews the background on global CBDC development and adoption drivers. Section 4 examines privacy concerns and their impact on public trust. Section 5 analyzes how privacy and regulatory oversight can be reconciled, drawing on four case studies. Section 6 presents the global policy framework and linked research propositions. Section 7 discusses implementation challenges. Section 8 presents limitations and directions for future research. Section 9 concludes with policy recommendations.

2. Methodology

2.1. Research Design and Literature Search

This study employs a structured narrative synthesis combined with comparative case analysis to develop a conceptual and policy-oriented framework for trustworthy retail Central Bank Digital Currency (CBDC) design. The methodological approach follows the principles of narrative synthesis outlined by Popay et al. and Rodgers et al. [11,12], which are particularly appropriate for interdisciplinary research domains characterized by heterogeneous evidence, diverse methodological traditions, and evolving policy environments. Unlike formal systematic reviews or meta-analyses, the objective of this study is not to estimate pooled quantitative effects, but rather to integrate fragmented evidence from economics, finance, information systems, public policy, law, and digital governance in order to derive a theoretically grounded and policy-relevant framework.
The literature search was conducted between [Month Year] and [Month Year] using three major academic databases: Scopus, Web of Science, and Google Scholar. Additional institutional and policy documents were identified through targeted searches of publications issued by the Bank for International Settlements (BIS), International Monetary Fund (IMF), European Central Bank (ECB), Financial Action Task Force (FATF), World Bank, G7, Organisation for Economic Co-operation and Development (OECD), and selected national central banks.
The search strategy employed combined Boolean keyword structures integrating themes relating to CBDCs, privacy, trust, governance, regulation, adoption, and digital payment systems. Representative combined search query included:
((“central bank digital currency” OR “CBDC”) AND (“privacy” OR “data protection” OR surveillance))”
Or
((“central bank digital currency” OR “CBDC”) AND (“trust” OR adoption OR acceptance OR “user intention”))
Or
((“central bank digital currency” OR “CBDC”) AND (“privacy-by-design” OR “privacy enhancing technolog*” OR “zero knowledge proof” OR ZKP))
Or
((“central bank digital currency” OR “CBDC”) AND (governance OR regulation OR “AML” OR “KYC” OR “financial inclusion”))
The search focused primarily on studies published between 2018 and 2025, reflecting the rapid acceleration of global CBDC development during this period. Earlier foundational studies were included selectively where conceptually relevant to privacy governance, digital payments, or monetary system design.
To improve transparency and reproducibility, explicit inclusion and exclusion criteria (Table 1) were applied during the screening process. Included sources comprised: (1) peer-reviewed journal articles; (2) working papers and conference papers from recognized institutions; (3) official reports, consultation papers, and technical publications from central banks and international organizations; and (4) empirical, theoretical, policy, and comparative studies directly related to CBDC privacy, trust, adoption, governance, financial inclusion, or regulatory architecture. Excluded materials included non-English publications, opinion articles lacking analytical content, cryptocurrency-only studies unrelated to sovereign digital currencies, duplicate records, and publications with limited relevance to retail CBDC governance.
The literature identification and screening process proceeded in four stages. First, an initial database search yielded approximately 317 records. Second, duplicate and clearly irrelevant records were removed following title and abstract screening. Third, a full-text eligibility assessment was conducted based on thematic relevance to CBDC privacy, trust, governance, adoption, and regulatory design. Finally, approximately 100 sources were retained for the final narrative synthesis and comparative analysis. Figure 1 presents a PRISMA-style overview of the literature search and screening process adapted for narrative synthesis research.
Given the interdisciplinary and policy-oriented nature of the topic, quality appraisal was conducted using a relevance-and-credibility approach rather than formal risk-of-bias scoring. Priority was given to peer-reviewed empirical studies, highly cited conceptual contributions, official institutional publications, and sources with direct analytical relevance to CBDC privacy and adoption dynamics. Particular emphasis was placed on methodological rigor, institutional credibility, policy significance, and cross-jurisdictional applicability.
The retained literature and case evidence were subsequently coded thematically using an inductive comparative approach. Recurrent themes relating to privacy-by-design, legal safeguards, institutional trust, tiered data access, privacy-enhancing technologies, transparency and communication, operational resilience, and international coordination were identified iteratively across the literature and case evidence. These themes were then consolidated into higher-order conceptual categories through repeated cross-case comparison and triangulation with existing institutional principles proposed by the BIS, IMF, FATF, G7, and ECB. This iterative synthesis process ultimately informed the derivation of the paper’s seven-component, four-layer policy framework.

2.2. Case Study Selection and Comparative Analytical Approach

To complement the narrative synthesis, this study incorporates a comparative case analysis of four prominent retail CBDC initiatives: the Bahamas Sand Dollar, Nigeria’s eNaira, China’s e-CNY, and the proposed digital euro. The cases were selected purposively rather than randomly in order to capture substantial variation across governance structures, institutional trust environments, privacy architectures, regulatory philosophies, economic development levels, and CBDC implementation stages. The intention of the case comparison is interpretive and illustrative rather than statistically representative [11,12].
The Bahamas Sand Dollar was selected as the world’s first nationwide retail CBDC implementation and as an example of a small-island developing economy emphasizing financial inclusion and payment resilience. Nigeria’s eNaira represents a large emerging economy characterized by comparatively lower institutional trust, financial inclusion challenges, and controversial implementation dynamics linked to cash-shortage policies [13]. China’s e-CNY was included because it constitutes the world’s most technologically advanced large-scale CBDC pilot operating within a highly centralized governance and surveillance environment [14,15]. The proposed digital euro represents an advanced democratic regulatory context characterized by strong privacy legislation, institutional accountability, and extensive public consultation mechanisms. Collectively, these four cases provide analytically useful variation across political systems, privacy models, and stages of CBDC development [16,17].
The comparative analysis focused on seven framework dimensions derived from the literature synthesis: (1) privacy-by-design architecture; (2) legal and regulatory safeguards; (3) tiered and proportionate data access; (4) deployment of privacy-enhancing technologies; (5) public transparency and stakeholder engagement; (6) security and operational resilience; and (7) international coordination and standards alignment. Evidence for each dimension was obtained from central bank publications, policy reports, technical documents, consultation papers, institutional analyses, and peer-reviewed academic literature.
The case assessment presented in Section 6.3 is designed as an interpretive comparative mapping exercise rather than a formal quantitative index. Accordingly, the scoring symbols (✓, ~, ✗) represent broad qualitative judgments based on publicly available evidence rather than precise numerical measurements. A score of ✓ indicates substantial evidence that a framework component is explicitly addressed within the CBDC design or governance structure; ~ indicates partial or evolving implementation; and ✗ indicates limited evidence, absence, or design characteristics inconsistent with the framework principle. The assessment is intended to facilitate conceptual comparison across cases rather than establish definitive rankings or causal relationships [18,19].
Importantly, adoption indicators across the four cases are not directly equivalent and should therefore be interpreted cautiously. The Bahamas and Nigeria provide observable usage and wallet activation data from live retail deployments, whereas China’s e-CNY primarily provides pilot-scale transaction and wallet statistics within a state-managed ecosystem. By contrast, the digital euro remains at the preparatory and legislative stage and therefore lacks realized adoption outcomes. Consequently, the comparative analysis does not seek to establish empirical causality between framework compliance and adoption performance. Rather, it aims to explore whether broad patterns observed across the cases appear conceptually consistent with the trust, privacy, and adoption relationships identified in the literature synthesis.
Given the limited number of cases, differences in political and economic contexts, and uneven availability of comparable public data, the case analysis should be interpreted as exploratory and theory-building in nature. The primary purpose of the comparative assessment is therefore to illustrate the practical relevance of the proposed framework across diverse CBDC environments and to identify dimensions suitable for future empirical investigation as additional CBDC adoption data become available globally.

2.3. Framework Derivation and Proposition Development

The seven-component policy framework was derived inductively from the literature synthesis and case analysis, then illustratively assessed against existing international standards [5]. Following Whetten’s [19] framework-building logic, we formulate one testable research proposition for each framework component. Each proposition identifies a directional relationship between the component and adoption or trust outcomes, specifies a mediating or moderating mechanism, and indicates an appropriate econometric measurement strategy. An expanded illustrative implementation matrix translating the proposed framework components into potential governance mechanisms, institutional actors, and indicative policy outcomes is provided in Appendix A Table A2. The propositions constitute directional hypotheses, not confirmed empirical findings, providing a roadmap for future quantitative testing as more CBDCs launch and panel data accumulate.

2.4. Limitations of Methodology

As a narrative synthesis, this paper cannot produce precise effect sizes or confirm causal claims. Case study evidence is drawn primarily from early-stage pilot data, limiting generalization. The literature reviewed is predominantly English-language and draws heavily from Western institutional sources, underrepresenting Global South perspectives. These limitations are addressed in detail in Section 8.

3. Literature Review: CBDC Development, Trust, and Adoption

3.1. The Global Rise of CBDCs and the Trust Imperative

The rapid global expansion of CBDC programs has been driven by a convergence of motivations. The Bank of International Settlements reports that over 95% of central banks are actively investigating CBDCs, with pilot projects having tripled in three years. Central banks view CBDCs as essential to preserving the ‘fundamental anchor of trust in the monetary system’ as digital transactions replace cash and private stablecoins expand [20]. Trust in central bank money has traditionally rested on value stability, legal backing, and universal acceptance. With CBDCs, technological trust factors enter the equation: users must trust the digital system’s reliability, security, and integrity. A CBDC perceived as prone to outages, hacks, or data abuses will rapidly lose public confidence. The BIS reports (BIS 2023a) [2] accordingly identify information security and operational resilience as non-negotiable prerequisites for any credible CBDC. Furthermore, building trust is paramount for CBDC adoption, as evidenced by studies indicating that household acceptance is significantly influenced by institutional trust and confidence in the currency’s underlying system [21]. This heightened reliance on trust necessitates transparent policymaking, robust privacy-by-design principles, and clear communication regarding data collection and protection practices to foster public confidence in CBDCs as tools of empowerment rather than control [22].

3.2. User Adoption Drivers and Barriers

User adoption ultimately determines a CBDC’s policy success [23]. A systematic review of 78 adoption studies identifies a consistent set of determinants. On the positive side, users may adopt CBDCs for convenience, lower transaction costs, offline payment capability, and financial inclusion, particularly access to cheaper cross-border remittances. On the barrier side, privacy concerns are the most consistently identified deterrent across studies, followed by low institutional trust, cybersecurity fears, and limited public awareness. Auer et al. [24] establish that institutional trust in the central bank is a significant moderator of adoption intent across country contexts, while Bijlsma et al. [25] suggest through a survey experiment that privacy is the strongest stated preference, with loss of privacy perceived as the primary cost of CBDC adoption.
The pivotal experimental evidence is provided by Choi et al. [26] whose randomized controlled experiment across the euro area and the United States found that presenting a CBDC with strong privacy safeguards raised adoption willingness by up to 60%. Critically, the experiment also found that communicating privacy features to users had an independent positive effect on adoption willingness, separate from the features themselves, suggesting that transparency about privacy design is itself a trust-building mechanism. These findings are summarized in Table 2 alongside other key empirical studies informing this paper.

3.3. Privacy Concerns and Their Dimensions

Privacy in payments refers to the ability to transact without unnecessary disclosure of personal information. Cash currently provides the benchmark; physical cash leaves no digital record linking a transaction to a specific identity [27]. CBDCs, depending on design, could either approximate cash’s privacy or centralize personal financial data to an unprecedented degree [3]. Public anxiety about CBDC privacy operates along three analytically distinct dimensions.
First, mass surveillance fears: concerns that every transaction could be recorded, enabling intrusive monitoring of spending habits, political affiliations, or religious activity. These fears are not abstract. Critics have characterized poorly designed CBDCs as constituting ‘the end of financial privacy [28]. Second, cybersecurity risk: concentrating sensitive personal financial data in a central system creates a high-value target for malicious actors; high-profile data breaches across sectors have amplified public awareness of this risk [4]. Third, custodianship distrust: surveys consistently indicate that citizens trust commercial banks more than government agencies with personal financial data, partly due to concerns about government intent and political use of financial information [25]. The interaction of these three dimensions explains why privacy concerns operate as a threshold condition: unless users are satisfied on all three counts, adoption intent remains low regardless of other CBDC benefits [29].

3.4. Privacy-by-Design as a Foundational Response

The concept of privacy-by-design (PbD), developed by Cavoukian and published in a book edited by Yee et al. [30] and codified in the European Union’s General Data Protection Regulation, advocates embedding privacy into system architecture from the outset rather than treating it as an afterthought (EU, 2016). In a CBDC context, PbD implies data minimization, default privacy protections, and end-to-end security throughout the information lifecycle. Murphy [5] articulates seven PbD principles specifically for CBDCs: proactive privacy anticipation; privacy as the default setting; privacy embedded rather than integrated; full functionality without unnecessary trade-offs; end-to-end security; visibility and transparency enabling external verification; and user-centricity giving individuals control over their data. Implementing these principles constitutes a credible signal to the public that privacy is taken seriously and the experimental evidence reviewed above suggests that this signal directly translates into higher willingness to adopt [31] (Elliott et al., 2022).
Kyriazis et al. [32] examine how traditional banking intermediaries and emerging financial technologies interact under conditions of financial stress, with particular attention to institutional trust, financial-system transformation, and technology adoption dynamics. This perspective is relevant to the present study because it reinforces the importance of institutional credibility and governance structures in shaping the acceptance of digital financial innovations.
The main empirical findings identified in the literature are summarized in Table 3, while Table 4 positions the present study relative to existing CBDC governance frameworks.

4. Conceptual Framework: The Privacy-Trust-Adoption Conceptual Chain

Drawing on the literature synthesis, Figure 2 presents the conceptual model that underpins this paper’s framework. CBDC design quality, operationalized as compliance with the seven framework components proposed in Section 6, operates through two parallel mediating pathways: (1) technical privacy, encompassing privacy-by-design implementation, deployment of privacy-enhancing technologies, and tiered data access mechanisms; and (2) institutional privacy, encompassing legal safeguards, judicial oversight, and accountability mechanisms. These two mediating channels generate user-level perceptions of privacy protection and institutional trustworthiness, respectively, which jointly determine CBDC adoption intent. The model identifies three moderating variables: transparency and communication (Component 5), security and resilience (Component 6), and international coordination (Component 7), which amplify or constrain the effectiveness of the privacy design components. Table 5 presents selected retail CBDC projects, and their privacy design approaches across different jurisdictions and Table 6 summarizes selected privacy-enhancing technologies discussed in the CBDC literature and highlights their potential governance relevance, technical maturity, and implementation challenges within emerging digital currency ecosystems.
This model makes several theoretical contributions. First, it distinguishes between technical privacy and institutional privacy as analytically separable mechanisms. It is evident that the eNaira case indicates that technical tiering without institutional accountability produces trust failure [13], while the e-CNY case illustrates that technical sophistication without legal safeguards is insufficient for global applicability [42]. Second, the model situates transparency as a moderator rather than a direct antecedent, consistent with [26] experimental finding that communicating privacy features has an independent effect separate from the features themselves. Third, the inclusion of international coordination as a boundary condition reflects the gravity-model logic underlying Proposition 7: jurisdictions’ adoption benefits from high-privacy CBDC design are partially attenuated by cross-border regulatory arbitrage when international standards are absent [43].
In particular, unlike Kyriazis et al. [32] which focus on competition between banking intermediaries and emerging technologies under financial stress conditions, our paper develops a dedicated policy framework for CBDCs, specifically addressing the privacy–trust–adoption nexus, and provides a seven-component architecture with formally specified research propositions. Furthermore, our study integrates technical, legal, institutional, and international dimensions into a unified framework, which has not been addressed in prior literature.

5. Case Evidence: CBDC Privacy Design and Adoption Outcomes

5.1. Balancing Privacy with Regulatory Oversight

AML/CFT regulations under the Financial Action Task Force (FATF) framework require transaction transparency and Know Your Customer (KYC) verification. Full anonymity in a widely used CBDC could enable large-scale financial crime, making complete anonymity untenable as a design choice [44]. However, it is critical to distinguish between data required for compliance and general mass surveillance (Figure 3). Existing financial systems provide an established precedent that commercial banks collect identity information and monitor for suspicious transactions, but do not expose customer activities publicly, and law enforcement requires legal authorization to access detailed records [45]. A well-designed CBDC can operate on analogous principles where data collected proportionately, held securely by intermediaries, and disclosed to authorities only under defined legal processes [5,46].
Tiered KYC structures allow high privacy for low-value transactions, while higher transaction amounts require progressive identity verification [47]. Privacy-enhancing technologies (PETs) protect user data during transactions, and tools such as Zero-Knowledge Proofs enable compliance without revealing personal information [48]. In addition, pseudonymous token systems conceal real identities on the core ledger, although licensed intermediaries can access user identities when necessary [49]. Table 6 presents these approaches as implemented (or planned) across the four case study CBDCs, alongside their adoption and trust outcomes.

5.2. Cross-Case Analysis

5.2.1. Bahamas Sand Dollar

The Sand Dollar’s tiered KYC model grants partial anonymity at Tier I (phone verification, small value cap) and requires full KYC for Tier II, protecting privacy by routing all data through licensed financial institutions rather than concentrating it at the central bank [50]. This design has not generated major privacy controversies. However, adoption remains very low, at approximately $2.1 M in circulation (0.5% of cash) after three years, with roughly 120,000 wallets among a population of 400,000 [35,51]. The primary barriers appear to be convenience and merchant acceptance rather than trust per se, suggesting that once baseline privacy is credibly established, other adoption barriers become binding [52].

5.2.2. Nigeria eNaira

Nigeria’s eNaira offers the paper’s most instructive cautionary case [38]. Despite a technically tiered four-wallet design, the Central Bank of Nigeria failed to communicate privacy protections clearly to the public [53,54]. This omission, compounded by coercive cash-scarcity policies intended to accelerate CBDC adoption, created a severe institutional trust deficit. One year after launch, 98.5% of wallets had never been used, and only 0.5% of Nigerians had adopted the eNaira [55]. The case indicates three critical lessons: technical design cannot substitute for institutional trust-building; coercive adoption strategies are counterproductive; and privacy communication is an independent determinant of adoption, not merely a secondary consideration [53].

5.2.3. China e-CNY

China’s ‘controllable anonymity’ model is technically sophisticated, commercial banks handle KYC at the wallet level, the People’s Bank of China (PBoC) sees only anonymized inter-institutional flows in normal operation, and de-anonymization requires activation of dedicated back-end infrastructure [14]. As of late 2025, the system has processed more than 3.4–3.48 billion transactions, with a cumulative value exceeding 16.7 trillion yuan (approximately $2.3–2.4 trillion), reflecting rapid growth and an increase of more than 800% since 2023. The user base has expanded to hundreds of millions of wallets, supported by integration with major payment platforms and deployment across more than 20 pilot regions. However, its international credibility rests on a fragile institutional foundation; without judicial independence or robust civil liberties protections, users have no reliable legal assurance that state de-anonymization capability will be constrained by law [15]. International observers and human rights organizations note the surveillance potential as a serious concern. The case of e-CNY illustrates that technical privacy without institutional accountability fails the standard required for a globally applicable framework [56].

5.2.4. Digital Euro

The proposed digital euro benefits from the strongest institutional privacy framework of the four cases. GDPR compliance is legally mandated; the ECB has committed publicly to minimizing central-bank data visibility and European Parliament scrutiny provides democratic accountability over design choices [16]. The ECB’s 2021 consultation, which placed privacy at the top of public priorities, has directly shaped design decisions, including the proposed offline payment capability and pseudonymous token architecture [57]. While no adoption data yet exists, the euro area’s strong privacy culture and robust legal framework position it well to serve as a global standard, provided that technical design delivers on institutional commitments [58]. Recent legislative progress in 2025–2026, including the Council’s agreement on the digital euro framework, reinforces its role in enhancing strategic autonomy, payment system resilience, and monetary sovereignty [17]. At the same time, the ECB has advanced into the next technical preparation phase, targeting a potential issuance around 2029, with pilot testing expected as early as 2027, contingent on regulatory approval.

6. A Global Policy Framework for Trustworthy CBDCs: Components and Propositions

6.1. Framework Architecture

Building on the literature synthesis and case analysis, this section presents a seven-component global policy framework for retail CBDCs. The framework is organized across four architectural layers (Figure 4): first, a Foundational Layer (Components 1 & 2) that sets non-negotiable privacy architecture and legal commitments; Second, an Operational Layer (Components 3 & 4) that translates principles into practical technical mechanisms; third, a Credibility Layer (Components 5 & 6) that builds the institutional trust converting design quality into adoption willingness; and fourth, a Coordination Layer (Component 7) that prevents regulatory arbitrage and sets the global floor. The framework is intended as a set of minimum standards against which CBDC designs can be benchmarked, not a rigid specification. For each component, a formally stated research proposition links the component to testable adoption or trust outcomes.

6.2. Framework Components and Research Propositions

6.2.1. Component 1: Privacy-by-Design as a Foundational Principle

Privacy must be embedded in CBDC technology and governance architecture from the outset. The privacy-by-design (PbD) philosophy requires that the system automatically protect personal data without requiring user action [59]. Operationally, this entails data minimization, mandatory PET deployment where technically feasible, full end-to-end data security, and no unnecessary trade-off between privacy and regulatory functionality [5,60]. Central banks should conduct independent privacy impact assessments at early design stages and publish results publicly [5]. The global framework would encourage all CBDC projects to document their PbD implementation and conform to standardized, independently auditable cryptographic protocols.
Proposition 1
(Privacy-by-Design (PbD) → CBDC Adoption). CBDCs that embed privacy-by-design principles, including data minimization, default privacy settings, and end-to-end data security, will demonstrate significantly higher public adoption rates compared to CBDCs that treat privacy as an ex post add-on, controlling for GDP per capita, financial inclusion rate, and institutional trust [5,61].
  • Model Specification
    A(it) = α + β1PbD(it) + β2X(it) + μi + ε(it)
    where:
    PbD(it) = Σ (k = 1 to K) wk dkit
  • Variable Definitions
    A(it) = CBDC adoption rate in jurisdiction i at time t (% active wallets/eligible population)
    PbD(it) = Privacy-by-Design (PbD) compliance index; weighted sum of K binary design indicators (dkit)
    dkit = Binary indicator (=1 if CBDC satisfies design criterion k at time t, 0 otherwise)
    wk = Criterion weight (equal weighting as default; confirmatory factor analysis used in robustness checks)
    X(it) = Control variables, including GDP per capita, financial inclusion rate, mobile penetration, and institutional trust
    μi = Jurisdiction fixed effects (captures time-invariant unobserved heterogeneity)
    ε(it) = Idiosyncratic error term

6.2.2. Component 2 (Legal Safeguards → Institutional Trust): Robust Legal and Regulatory Safeguards

Technical privacy measures alone cannot establish public trust; legal frameworks must explicitly protect CBDC user data. Countries should update central bank laws, payment laws, or constitutional provisions to define CBDC users’ privacy rights, including prohibiting the sharing of personal transaction data with other government agencies without judicial due process [62]. Data retention limits should be legislated, and routine unflagged transaction records should be automatically deleted after a defined period (90–180 days) rather than accumulated indefinitely [63]. Periodic public disclosure of data access events, regular independent audits, and model legislative language aligned with OECD Privacy Principles and Council of Europe Convention 108 are recommended [5].
Proposition 2.
The existence of legally binding data protection provisions specifically governing CBDC transaction data including judicial access controls, retention limits, and independent audit requirements, will significantly increase citizens’ reported institutional trust in the CBDC issuer [5,9,25].
  • Model Specification
    T(it) = α + β1LS(it) + β2Tcb(it) + β3X(it) + μi + ε(it)
    where:
    LS(it) = γ1JO(it) + γ2DR(it) + γ3OA(it) + γ4SR(it)
  • Variable Definitions
    T(it) = Public institutional trust score (survey-based, 0–100 scale; e.g., Eurobarometer/Afrobarometer)
    LS(it) = Legal safeguards index (composite of sub-components listed below)
    JO(it) = Judicial oversight (1 if data access requires a court order, 0 otherwise)
    DR(it) = Data retention limit (1 if unflagged records are automatically deleted within ≤180 days, 0 otherwise)
    OA(it) = Open audit (1 if an independent annual privacy audit is published, 0 otherwise)
    SR(it) = Statutory rights (1 if CBDC privacy rights are codified in primary legislation, 0 otherwise)
    Tcb(it) = Pre-existing trust in the central bank (lagged by one period to avoid simultaneity bias)
    X(it) = Control variables, including rule-of-law index, press freedom score, and GDP per capita
    μi = Jurisdiction fixed effects (captures time-invariant unobserved heterogeneity)
    ε(it) = Idiosyncratic error term
    Note: Equations (3) and (4). Measurement model for Proposition 2 (Ordered logit with Legal Safeguards composite index; mediation via perceived privacy).

6.2.3. Component 3: Tiered and Proportionate Data Access

CBDC design should be guided by the principle of proportionality, whereby the degree of data access and regulatory oversight corresponds to the risk profile and value of transactions [64]. Low-value, low-risk transactions should be afforded maximum privacy, whereas higher-value or suspicious transactions warrant progressively greater levels of scrutiny [65]. This principle is operationalized through tiered KYC structures, in which a baseline tier enables pseudonymous usage for low-value transactions, while higher tiers require graduated identity verification in line with a risk-based regulatory approach [3].
Importantly, the inclusion of a Tier 0 level is characterized by fully anonymous, hardware-based, and very-low-value transactions. That provides a critical pathway for financial inclusion, particularly for unbanked and underserved populations lacking formal identification [66]. Such a design ensures that CBDCs do not inadvertently exclude vulnerable groups while maintaining compliance with broader financial integrity objectives [67].
Figure 5 presents the proposed three-tier architecture. At the policy level, the framework recommends the adoption of indicative transaction thresholds calibrated to country-specific conditions, including national income levels, financial inclusion metrics, and existing cash-reporting limits. This approach enables jurisdictions to balance privacy, inclusion, and regulatory compliance within a coherent and adaptable CBDC design.
Proposition 3
(Tiered KYC → Adoption (Moderated by Financial Exclusion). Implementation of a tiered KYC structure in which low-value transactions are subject to minimal identity requirements will positively moderate the relationship between CBDC availability and adoption among unbanked and privacy-sensitive user segments, with the moderating effect strongest in jurisdictions with the highest financial exclusion rates [9,33].
  • Measurement model for Proposition 3
    A(it) = α + β1TK(it) + β2FE(it) + β3(TK(it) × FE(it)) + β4X(it) + μi + ε(it)
  • Variable Definitions
    A(it) = CBDC adoption rate (see Proposition 1)
    TK(it) = Tiered KYC index (0 = no tiers; 1 = two tiers; 2 = three or more tiers including an anonymous floor)
    FE(it) = Financial exclusion rate (% of adult population without a formal bank account; World Bank Findex)
    TK(it) × FE(it) = Interaction term capturing whether tiering disproportionately increases adoption in financially excluded populations
    β3 = Moderation coefficient (expected sign: β3 > 0, indicating that tiered KYC is more effective where financial exclusion is higher)
    X(it) = Control variables, including smartphone penetration, GDP per capita, and AML regulatory stringency index
    μi = Jurisdiction fixed effects
    ε(it) = Idiosyncratic error term

6.2.4. Component 4. Deployment of Privacy-Enhancing Technologies

This framework strongly advocates the deployment of advanced cryptographic privacy-enhancing technologies (PETs), including Zero-Knowledge Proofs (ZKPs), Secure Multi-Party Computation (MPC), homomorphic encryption, and hardware-based secure elements, to reconcile the inherent tension between privacy and regulatory oversight [68]. Rather than prescribing specific technologies that may quickly become obsolete, this CBDC framework adopts a technology-neutral approach by providing a recommended toolkit accompanied by clearly defined use cases and maturity assessments [69].
A central requirement of this approach is verifiability. PET implementations must be subject to independent auditability, either through open-source transparency or external technical review, ensuring that the claimed privacy guarantees are credible and not merely declarative [70]. This requirement is essential for building public trust and institutional legitimacy (Figure 6). Supporting this, the BIS Innovation Hub’s Project Tourbillon has indicated the technical feasibility of integrating mechanisms such as blind signatures and ZKPs at scale [71].
Figure 6 illustrates the spectrum of applicable PETs within the proposed framework.
Proposition 4.
CBDCs that deploy verifiable privacy-enhancing technologies, particularly Zero-Knowledge Proofs for compliance verification, will achieve significantly higher adoption willingness among technically informed and privacy-sensitive user segments compared to CBDCs relying solely on policy-based privacy assurances [5,34].
  • Measurement model for Proposition 4
    Wij = α + β1PETij + β2TLi + β3(PETij × TLi) + β4Xij + εij
    where:
    PETij = Σ (m = 1 to M) PETijm, such that PETijm ∈ {0,1}
  • Variable Definitions
    Wij = Adoption willingness of individual i for CBDC design j (stated preference, 1–7 Likert scale)
    PETij = PET deployment score for CBDC design j (0–3: none/single PET/multiple PETs/independently audited PETs)
    PETijm = Binary indicator for deployment of PET type m (e.g., ZKP, MPC, homomorphic encryption)
    TLi = Technical literacy score of respondent i (standardized digital skills index)
    PETij × TLi = Interaction term testing whether PET effects are stronger for technically literate users
    β3 = Moderation coefficient (expected β3 > 0; PETs are more valued by technically literate users)
    Xij = Control variables, including age, income, prior digital payment experience, and country fixed effects
    εij = Idiosyncratic error term
  • Estimation Strategy
The estimation strategy for Proposition 4 uses a discrete choice experiment where respondents evaluate randomized CBDC design vignettes with varying PET features, allowing clean identification of each technology’s effect on adoption willingness. Alternatively, Structural Equation Modelling (SEM) can test the pathway (PET → Perceived Privacy → Adoption Willingness) from PET deployment through perceived privacy to adoption willingness, separating the direct and indirect effects. Both approaches are complementary and suitable for future empirical testing.

6.2.5. Component 5: Public Transparency and Stakeholder Engagement

Choi et al. [26] experiment’s showed that communicating privacy features to users has an independent, statistically significant positive effect on willingness to adopt, separate from the features themselves. The global framework therefore requires comprehensive, plain-language public communication strategies explaining what data is and is not collected, how it is protected, and what rights users have. Central banks should provide accessible dashboards giving individuals visibility into their own data footprint, and should offer user-configurable wallet privacy settings (Figure 7). Ongoing public consultation mechanisms modelled on the ECB’s 2021 exercise must be institutionalized as regular processes, not one-off events. Functioning grievance and redress mechanisms are mandatory for maintaining accountability [72].
Proposition 5
(Transparency & Communication → Trust → Adoption (Mediation). Central banks that provide transparent, plain-language communication about CBDC privacy features and maintain ongoing public consultation mechanisms will achieve higher levels of perceived institutional trustworthiness and significantly greater adoption willingness, with the effect of transparency communication mediated by institutional trust [24,26].
  • Measurement model for Proposition 5:
    Tit = α1 + β1TRit + β2Xit + εit1
    Ait = α2 + β3TRit + β4Tit + β5Xit + εit2
  • Indirect effect:
    IE = β1 × β4
  • Variable Definitions
    TRit = Transparency index (composite of sub-indicators listed below)
    TRit1 (Disclosure) = 1 if a plain-language privacy notice is publicly available
    TRit2 (Consultation) = 1 if a structured public consultation is conducted pre-launch
    TRit3 (Dashboard) = 1 if a real-time user data-footprint dashboard is provided
    TRit4 (Redress) = 1 if a formal grievance mechanism exists with published response rates
    Tit = Institutional trust score (mediator; survey-based, 0–100 scale)
    Ait = CBDC adoption rate (outcome variable)
    IE = Indirect (mediated) effect of transparency on adoption through trust (estimated with bootstrap confidence intervals)

6.2.6. Component 6: Security and Operational Resilience

Privacy and security are two sides of the same trust coin: a CBDC that is private but insecure will fail as surely as one that is secure but invasive [73]. The global framework specifies baseline cybersecurity standards (encryption, multi-factor authentication, continuous monitoring, incident response) and requires regular penetration testing and independent security audits [4,13]. Operational resilience provisions like offline payment capability, backup systems, and disaster recovery plans must be mandatory. Critically, the framework commits to maintaining cash as a legal fallback for as long as significant user segments require it, removing the fear of forced digital dependence that contributed to the eNaira’s rejection in Nigeria [74].
Proposition 6
(Security Incidents → Trust Loss (Asymmetric/Loss Aversion)). Demonstrable security incidents or outages in a CBDC system will produce asymmetric trust losses, larger in magnitude than equivalent positive trust gains from transparency efforts, consistent with loss aversion theory applied to monetary systems, with the asymmetry attenuated by high-quality incident response and disclosure [24,25,75].
  • Measurement model for Proposition 6:
    ΔTit = α + β1INCit + β2RECit + β3(INCit × RECit) + β4Xit + εit
  • Asymmetry Test:1| ≫ coefficient of equivalent positive event
  • Variable Definitions
    ΔTit = Change in trust score from period t − 1 to t (first-differenced trust)
    INCit = Security incident dummy (1 if a confirmed breach or outage occurs in period t, 0 otherwise)
    RECit = Recovery quality index (0–1 scale measuring response speed, disclosure transparency, and remediation effectiveness)
    INCit × RECit = Interaction term testing whether higher-quality recovery mitigates trust loss
    β1 = Expected coefficient < 0 (security incidents reduce trust)
    β3 = Expected coefficient > 0 (effective recovery partially offsets trust loss)
    Xit = Control variables, including prior trust level, media coverage intensity, and incident severity
    εit = Idiosyncratic error term

6.2.7. Component 7: International Coordination and Standards Alignment

Given that money crosses borders, CBDC privacy standards cannot be developed in national isolation. The framework promotes interoperability of privacy and data standards for cross-border transactions, including common messaging standards analogous to ISO 20022 [76]. Bilateral and multilateral CBDC data exchange agreements should be modeled on Mutual Legal Assistance Treaties. personal data shared only on formal legal request, not routinely. The 13 Public Policy Principles for Retail CBDCs already identify data privacy as a core principle; the framework builds on this foundation to provide actionable guidelines [2]. Joint endorsement by the BIS Committee on Payments and Market Infrastructures (Committee on Payments and Market Infrastructures et al., 2022) [71] and the IMF would give the framework institutional weight and create a global standard against which all CBDC projects can be benchmarked.
Proposition 7
(Absence of International Coordination → Regulatory Arbitrage). The absence of internationally coordinated CBDC privacy standards is likely to create conditions for cross-border regulatory arbitrage, whereby transaction flows are diverted toward jurisdictions with weaker privacy protections. Such fragmentation risks undermining both the financial integrity of the global payment system and the adoption potential of higher-privacy CBDC frameworks, particularly within multi-jurisdictional payment corridors au [5,24,65].
  • Measurement model for Proposition 7
    ARBijt = α + β1ΔPSijt + β2FLOWijt + β3(ΔPSijt × FLOWijt) + β4Xijt + μij + εijt
    where:
    ΔPSijt = PSjt − PSit
    Note: privacy standard differential between corridor countries i and j
  • Variable Definitions
    ARBijt = Arbitrage proxy; share of cross-border CBDC transaction volume routed through lower-privacy jurisdictions in corridor i–j
    ΔPSijt = Privacy standard differential (privacy index of country j minus country i)
    PSit = Privacy standards index for country i at time t (composite of C1–C6 compliance scores)
    FLOWijt = Cross-border CBDC transaction flow volume between countries i and j (log-normalized)
    ΔPSijt × FLOWijt = Interaction term testing whether larger privacy gaps amplify arbitrage in high-volume corridors
    β1 = Expected coefficient > 0 (greater privacy differentials increase arbitrage routing)
    μij = Corridor-pair fixed effects
    Xijt = Control variables, including bilateral AML agreements, FATF mutual evaluation scores, and exchange rate volatility
    εijt = Idiosyncratic error term
    Note: The proposed measurement model for Proposition 7 is a gravity-model panel with corridor fixed effects and staggered law entry serving as a natural experiment for identification.

6.3. Comparative Mapping of Framework Components Across CBDC Cases

Table 7 presents an interpretive comparative mapping of the proposed framework components across the four CBDC cases examined in this study: the Bahamas Sand Dollar, Nigeria’s eNaira, China’s e-CNY, and the proposed digital euro. The purpose of this comparison is not to establish empirical validation or causal inference, but rather to explore how differing CBDC governance approaches appear to align with the framework dimensions identified through the literature synthesis.
The comparative mapping suggests notable variation across the four CBDC initiatives. The proposed digital euro appears most closely aligned with the framework’s legal, institutional, and privacy-governance dimensions, particularly regarding privacy-by-design principles, legal safeguards, public consultation, and data protection commitments under the GDPR framework. China’s e-CNY demonstrates comparatively advanced technical implementation and operational sophistication, especially in relation to tiered access structures and transaction infrastructure, but raises ongoing questions concerning institutional accountability, legal oversight, and surveillance risks within highly centralized governance environments. Detailed jurisdictional privacy characteristics are summarized in Appendix A Table A1.
By contrast, Nigeria’s eNaira appears comparatively weaker across several framework dimensions, particularly in relation to public communication, institutional trust, transparency mechanisms, and perceived privacy safeguards. Existing evidence suggests that these factors may have contributed to limited public engagement and low active usage following launch. However, given the presence of multiple confounding institutional, economic, technological, and political variables, the comparison should not be interpreted as establishing direct causal relationships between framework compliance and adoption outcomes [13].
The Bahamas Sand Dollar occupies an intermediate position within the comparative mapping. Its design incorporates several foundational privacy and inclusion features, including tiered KYC structures and intermediary-based architecture, yet its adoption trajectory also highlights the importance of broader ecosystem factors such as merchant acceptance, infrastructure readiness, and payment convenience beyond privacy considerations alone [50,77].
Figure 8 and Figure 9 provide visual representations of the comparative assessment. Figure 8 offers an illustrative positioning of the selected CBDC initiatives across privacy-design intensity and observed adoption contexts, while Figure 8 presents a qualitative radar-style comparison of framework dimensions across the four cases. These visualizations are intended to support conceptual interpretation and comparative discussion rather than serve as formal empirical measurements or statistically validated indices.
Overall, the comparative assessment provides preliminary exploratory support for the argument that privacy governance, institutional trust, transparency, and operational design are closely interconnected within retail CBDC ecosystems. Nevertheless, the findings remain interpretive and theory-building in nature. Additional longitudinal evidence, larger comparative samples, and future quantitative testing will be necessary before stronger empirical conclusions regarding causality or framework effectiveness can be established.
Table 8 consolidates all seven research propositions, their associated framework components, directional hypotheses, recommended measurement approaches, and evidence bases. Together, these propositions constitute a comprehensive, empirically grounded research agenda for future quantitative testing. As CBDC deployment expands and panel data accumulates across jurisdictions, it will become feasible to test each proposition in a comparative cross-national setting using the measurement models specified in Equations (1)–(13).

7. Discussion

7.1. Divergent Legal Regimes and the Limits of a Global Framework

Countries vary fundamentally in their attitudes toward privacy and state authority. Liberal democracies with strong civil-liberties traditions, most notably EU member states, are likely to adopt stringent privacy protections readily, as the digital euro’s GDPR-anchored trajectory indicates. By contrast, more authoritarian contexts prioritize state visibility, as China’s e-CNY illustrates. This divergence sets a practical ceiling on what a voluntary global framework can achieve: it cannot compel jurisdictions to value privacy equally [80]. The practical consequence may be a bifurcated global CBDC landscape. Some currencies are broadly consistent with privacy and democratic accountability, others with surveillance [81]. Users and businesses engaging in cross-border transactions may develop preferences for privacy-respecting CBDCs, creating market and reputational pressure on less privacy-protective issuers [82]. Proposition 7 formalizes this dynamic: the standard differential between jurisdictions generates arbitrage flows that ultimately attenuate adoption benefits for high-privacy CBDCs. International peer review mechanisms within G20 and FATF frameworks [71,78] represent the most viable countervailing pressure.

7.2. Technological Complexity and Implementation Risk

Incorporating advanced PETs and secure offline functionality introduces non-trivial implementation risk. ZKP systems may contain cryptographic vulnerabilities; hardware secure elements can be physically tampered with; offline transaction capabilities create potential for double-spending if not carefully engineered. The eNaira case indicates that technical complexity without adequate user interface design and communication produces adoption failure; technical sophistication is no guarantee of public uptake [54]. The framework’s insistence on verifiable, independently audited PETs (Component 4) and incremental deployment strategies addresses this risk. Quantum computing poses a longer-term structural threat to current cryptographic assumptions [83]; the framework accordingly mandates cryptographic agility and the architectural capacity to upgrade algorithms without complete system replacement. Central banks should establish bug bounty programs and maintain transparent incident response plans, as public confidence in response capacity is itself a trust asset [20].

7.3. Financial Integrity and the Proportionality Principle

A persistent counterargument from law enforcement and regulatory perspectives is that strong privacy protections create exploitable blind spots for financial crime [84]. The framework’s response is proportionality (Component 3): truly anonymous transactions are confined to values below existing cash-reporting thresholds, where tolerance for anonymous cash transactions already exists. For larger transactions, lawful de-anonymization under judicial oversight remains available. Modern AI-based anomaly detection on anonymized transaction graphs can identify suspicious patterns without requiring mass individual identification, triggering targeted investigation only where genuinely warranted [85]. This approach can actually provide better financial intelligence than physical cash and leaves no record whatsoever while protecting ordinary users far more effectively than fully traceable digital systems. The Bahamas Sand Dollar indicates that a privacy-first CBDC design can coexist with adequate AML compliance without generating financial integrity failures [36].

7.4. Financial Inclusion and Privacy as Complementary Goals

A potential concern is that privacy-preserving designs relying on sophisticated cryptography or smartphone-based interfaces may inadvertently exclude the unbanked populations that CBDCs are intended to serve. The framework’s Tier 0 (hardware wallet/NFC card, no KYC, very small value cap) addresses this directly, providing a cash-equivalent, anonymous option accessible without formal identity or smartphone. Critically, the evidence suggests privacy and inclusion are complementary rather than competing: marginalized groups—migrant workers, political minorities, informal-sector participants—often value financial privacy most highly precisely because they face the greatest risks from data exposure [33]. Proposition 3 formalizes this complementarity, predicting that tiered access disproportionately benefits both unbanked and privacy-sensitive segments simultaneously.

8. Limitations and Future Research Directions

This study is subject to several limitations that should guide interpretation and point toward priority areas for future research. First, as a normative framework paper, the seven propositions constitute directional hypotheses rather than confirmed empirical findings. The framework has not been tested against adoption outcomes in a controlled research setting. Future research should operationalize framework compliance as a quantitative composite index and test its association with CBDC adoption rates and trust scores across a larger cross-national panel as more CBDCs launch. The measurement models in Equations (1)–(13) provide a concrete starting point for this research program.
Second, the empirical evidence base remains thin. Most CBDC pilots are at early stages with limited rigorous adoption data and few independent evaluations. The Bahamas, Nigeria, and China cases provide useful directional evidence, but confounding institutional factors like pre-existing trust levels, political context, concurrent cash policies limit causal inference. Longitudinal panel studies tracking adoption and trust over CBDC maturation cycles of five to ten years would substantially strengthen the evidence base for the causal claims implied by the propositions.
Third, the literature reviewed is predominantly English-language and draws heavily from Western institutional sources (ECB, BIS, and IMF). Global South perspectives, where CBDCs may offer the greatest financial inclusion potential but also where institutional trust deficits are most acute, are underrepresented. Future research should prioritize low and middle-income country contexts, including deeper analyses of the Eastern Caribbean DCash project, and emerging CBDC programs in South Asia, Southeast Asia, and Sub-Saharan Africa, where the adoption barriers and privacy concerns may differ substantially from those documented in Western contexts.
Fourth, this paper focuses exclusively on retail CBDCs. Wholesale CBDCs, operating between financial institutions rather than directly with the public, raise distinct but related privacy issues, particularly around interbank data sharing in cross-border payment corridors. The international coordination component (Component 7) applies to both contexts, but a dedicated analysis of wholesale CBDC governance is beyond this paper’s scope.
Fifth, the technological landscape is evolving rapidly. Advances in ZKP computational efficiency, hardware secure element design, and quantum-resistant cryptography may substantially alter the PET spectrum presented in Figure 5 within five years. The framework should accordingly be treated as a living document subject to regular institutional review, a dynamic standard rather than a fixed specification.

9. Conclusions

The advent of central bank digital currencies presents a historic opportunity to modernize sovereign money for the digital era, but this opportunity can only be realized if CBDCs earn and maintain public trust. Trust, in this context, is inseparable from privacy. Existing survey evidence, public consultations, and emerging pilot experiences broadly suggest that privacy protection is among the most influential factors shaping public attitudes toward CBDC adoption. The Nigerian eNaira experience illustrates some of the implementation and trust challenges that may emerge when concerns regarding transparency, institutional trust, user engagement, and perceived privacy protections are insufficiently addressed. The digital euro’s GDPR-anchored and consultation-oriented governance trajectory provides an illustrative example of how privacy-oriented CBDC design principles are being institutionally operationalized within a democratic regulatory environment.
This paper makes three principal contributions. Theoretically, it develops a conceptual model linking CBDC design quality to adoption through privacy perceptions and institutional trust, distinguishing technical privacy and institutional privacy as analytically separable mediating mechanisms. Normatively, it proposes a seven-component, four-layer global policy framework providing an integrated architecture from foundational privacy design to international coordination, a level of actionable specificity absent from existing institutional guidance [60]. Methodologically, it formulates seven formally stated, future-oriented and operationally structured research propositions with broadly consistent measurement models, translating the framework into a testable empirical agenda that future researchers can engage directly as CBDC data accumulates.
For central bankers and policymakers, the primary implication is that engaging with the public early, continuously, and authentically is not optional. It is constitutive of CBDC success. Issuing a retail CBDC places a central bank in a fundamentally new relationship with individual citizens: not merely as guardian of currency value, but as custodian of sensitive personal financial data and provider of a public digital service. This new role demands proactive privacy stewardship, genuine democratic accountability, and measurable technical commitments that can be independently verified. The framework’s illustrative assessment across four cases suggests that where these conditions appear more credibly institutionalized, comparative evidence suggests comparatively more favorable public engagement and adoption environments. The proposed framework should therefore be interpreted as an exploratory and integrative policy-oriented analytical structure intended to support future empirical research, comparative policy evaluation, and evolving CBDC governance discussions. For the international community, it is recommended that the IMF, BIS, and World Bank jointly develop detailed CBDC privacy and trust guidelines, building on the evidence synthesized here, and incorporate them into financial sector technical assistance programs. The Financial Stability Board should incorporate CBDC design standards into its ongoing fintech oversight mandate. Attaining CBDC privacy rights is not only a matter of civil liberties but also a prerequisite for the technology to deliver on its economic promise of a more efficient, inclusive, and trustworthy monetary system.

Funding

This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this study are available on request from the corresponding author.

Acknowledgments

The author used ChatGPT (version 5.0) and Claude Sonet 4.6 version (Freely Available) for the purposes of language refinement, content structuring, and drafting support during the preparation of this manuscript. All outputs generated by these tools were carefully reviewed, revised, and validated by the author. The author takes full responsibility for the accuracy, integrity, and originality of the content presented in this publication.

Conflicts of Interest

The author declares no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AMLAnti-money laundering
CFTCountering the financing of terrorism.
FATFFinancial Action Task Force
KYC Know Your Customer
PETsPrivacy-enhancing technologies
PBoCPeople’s Bank of China
ECBEuropean Central Bank
CBDCCentral Bank Digital Currency
PETsPrivacy-Enhancing Technologies
PbDPrivacy-by-Design

Appendix A

Table A1. Comparison of CBDC Privacy Features Across Jurisdictions.
Table A1. Comparison of CBDC Privacy Features Across Jurisdictions.
JurisdictionCBDC NamePrivacy ModelAnonymity LevelKYC RequirementsData StorageTransaction LimitsKey Privacy Features
BahamasSand DollarTiered PrivacyPartial (low-value)Tiered (basic to full)Distributed (wallets)$500 (basic), unlimited (full KYC)• Anonymous small transactions
• Wallet-based privacy
• No central transaction database
Chinae-CNY (Digital Yuan)Controlled AnonymityLimitedMandatory for all walletsCentralized (PBOC)Varies by wallet tier• “Anonymity to merchants, not state”
• Government access permitted
• Real-name verification required
European UnionDigital Euro (Proposed)Privacy-by-DesignHigh (offline), Low (online)EU AML standardsHybrid (distributed ledger)€3000 (offline), higher (online)• Offline anonymity option
• GDPR compliance
• Privacy-preserving technologies
• No central holding of personal data
NigeriaeNairaStandard KYCMinimalMandatory (3 tiers)Centralized (CBN)₦50,000 (tier 1), ₦500,000 (tier 2)• Tiered wallet system
• Bank-mediated access
• Standard banking privacy
Swedene-Krona (Pilot)Privacy-PreservingModerateStandard KYCDistributedUnder development• Privacy-enhancing technologies
• Pseudonymization
• Limited data retention
JamaicaJAM-DEXTiered ApproachPartialTiered KYCHybridJ$50,000 (basic tier)• Small-value anonymity
• Progressive verification
• Financial inclusion focus
Table A2. Illustrative Policy Framework Implementation Matrix.
Table A2. Illustrative Policy Framework Implementation Matrix.
Framework ComponentIllustrative MechanismsGovernance ActorsIndicative Outcomes
Privacy-by-DesignZKPs, homomorphic encryption, differential privacyCentral banks, technology providers, privacy expertsEnhanced transaction confidentiality and user privacy
Legal & Regulatory SafeguardsPrivacy legislation, judicial oversight, data protection rulesLegislators, regulators, privacy authoritiesGreater legal clarity and institutional accountability
Tiered Data AccessRisk-based KYC, low-value anonymity thresholdsCentral banks, financial institutions, AML authoritiesImproved balance between privacy and compliance
Transparency & Public CommunicationPublic consultations, transparency reports, education campaignsCentral banks, civil society, mediaImproved public trust and stakeholder engagement
Security & Operational ResilienceEncryption protocols, cybersecurity audits, resilience testingTechnology providers, cybersecurity agenciesStronger operational reliability and system integrity
International CoordinationCross-border standards, interoperability frameworksBIS, IMF, FSB, central banksImproved interoperability and regulatory harmonization
Continuous Evaluation & OversightIndependent audits, policy reviews, stakeholder feedbackRegulators, academic experts, oversight bodiesAdaptive governance and long-term institutional legitimacy

References

  1. Strohecker, K. Twenty-Four Central Banks Will Have Digital Currencies by 2030, Survey Shows; Rueters: Toronto, ON, Caada, 2023. [Google Scholar]
  2. BIS. BIS Annual Economic Report 2023; Bank of International Settlements: Basel, Switzerland, 2023. [Google Scholar]
  3. Soana, G.; de Arruda, T. Central Bank Digital Currencies and Financial Integrity: Finding a New Trade-off between Privacy and Traceability within a Changing Financial Architecture. J. Bank. Regul. 2024, 25, 467–486. [Google Scholar] [CrossRef]
  4. Genc, H.O.; Takagi, S. A Literature Review on the Design and Implementation of Central Bank Digital Currencies. Int. J. Econ. Policy Stud. 2024, 18, 197–225. [Google Scholar] [CrossRef]
  5. Murphy, K. Central Bank Digital Currency Data Use and Privacy Protection; Fintech Notes; International Monetary Fund: Washington, DC, USA, 2024; Volume 2024, 51p. [Google Scholar] [CrossRef]
  6. Grünewald, S. Digital Euro and Accountability of the European Central Bank. Maastricht J. Eur. Comp. Law 2023, 30, 438–454. [Google Scholar] [CrossRef]
  7. Razi-ur-Rahim, M.; Uddin, F.; Rahim, S.; Hossain, M.B. Pioneering Digital Finance: Determinants of CBDC Adoption in the Era of FinTech and Online Payments. Qual. Quant. 2026. [Google Scholar] [CrossRef]
  8. Guo, Y.; Yousef, E.; Naseer, M.M. Cryptocurrencies and Central Bank Digital Currencies in Global Perspective. J. Risk Financ. Manag. 2025, 18, 644. [Google Scholar] [CrossRef]
  9. Garratt, R.J.; Van Oordt, M.R.C. Privacy as a Public Good: A Case for Electronic Cash. J. Polit. Econ. 2021, 129, 2157–2180. [Google Scholar] [CrossRef]
  10. Shah, M.A.; Raj, N. Examining the Role of Blockchain and Public-Private Partnerships in Design and Deployment of Blockchain-Enabled CBDC. Digit. Bus. 2025, 5, 100111. [Google Scholar] [CrossRef]
  11. Popay, J.; Roberts, H.; Sowden, A.; Petticrew, M.; Arai, L.; Rodgers, M.; Britten, N. Guidance on the Conduct of Narrative Synthesis in Systematic Reviews: A Product from the ESRC Methods Programme; University of Lancaster: Lancaster, UK, 2006. [Google Scholar] [CrossRef]
  12. Rodgers, M.; Sowden, A.; Petticrew, M.; Arai, L.; Roberts, H.; Britten, N.; Popay, J. Testing Methodological Guidance on the Conduct of Narrative Synthesis in Systematic Reviews: Effectiveness of Interventions to Promote Smoke Alarm Ownership and Function. Evaluation 2009, 15, 49–73. [Google Scholar] [CrossRef]
  13. Omotubora, A. Same Naira, More Possibilities! Assessing the Legal Status of the eNaira and Its Potential for Privacy and Inclusion. J. Afr. Law 2024, 68, 245–262. [Google Scholar] [CrossRef]
  14. Chin, G.T. China’s ‘Digital Renminbi’ (e-CNY) as Financial Inclusion: The Global Frontier of Central Bank Digital Currency. Glob. Public Policy Gov. 2025, 5, 63–81. [Google Scholar] [CrossRef]
  15. Tronnier, F. Using Contextual Integrity to Uncover Acceptability of Information Flows in Central Bank Digital Currency Transactions. In Proceedings of the Hawaii International Conference on System Sciences 2024 (HICSS-57), Honolulu, HI, USA, 3–6 January 2024; pp. 5878–5887. [Google Scholar]
  16. Gütschow, M.; Lucke, B. The Proposed Design of the Digital Euro: A Critical Analysis. Digit. Financ. 2026, 8. [Google Scholar] [CrossRef]
  17. Tsouris, I.; Thanasas, G.L.; Rigou, M. Assessing the European Central Bank’s Institutional Capacity and Readiness for the Introduction of the Digital Euro. J. Risk Financ. Manag. 2026, 19, 148. [Google Scholar] [CrossRef]
  18. Yin, R.K. Case Study Research and Applications: Design and Methods, 6th ed.; SAGE: Los Angeles, CA, USA, 2018. [Google Scholar]
  19. Whetten, D.A. What Constitutes a Theoretical Contribution? Acad. Manag. Rev. 1989, 14, 490. [Google Scholar] [CrossRef]
  20. Sangwa, S.; Mutabazi, P. Programmable CBDCs, Digital Identity, ISO 20022, and AI: Reconfiguring Power in Payment Infrastructures. Open J. Steward. Econ. Ethical Innov. 2025, 1. [Google Scholar] [CrossRef]
  21. Solberg Söilen, K.; Benhayoun, L. Household Acceptance of Central Bank Digital Currency: The Role of Institutional Trust. Int. J. Bank Mark. 2022, 40, 172–196. [Google Scholar] [CrossRef]
  22. Ismail, A.; Steyn, H.; Phelane, C. Moving Digital Cash (Forward): The Significance of Payment Schemes. J. Paym. Strategy Syst. 2020, 14, 353–362. [Google Scholar] [CrossRef]
  23. Singh, A.; Sadegh, M.; Mashatan, A. Adoption of Central Bank Digital Currencies: A Data-Driven Exploration of Key Influential Factors. In Proceedings of the AMCIS 2025 Proceedings; Association for Information Systems (AIS): Atlanta, GA, USA, 2025; Volume 2, pp. 1182–1191. [Google Scholar]
  24. Auer, R.; Frost, J.; Gambacorta, L.; Monnet, C.; Rice, T.; Shin, H.S. Central Bank Digital Currencies: Motives, Economic Implications, and the Research Frontier. Annu. Rev. Econ. 2022, 14, 697–721. [Google Scholar] [CrossRef]
  25. Bijlsma, M.; van der Cruijsen, C.; Jonker, N.; Reijerink, J. What Triggers Consumer Adoption of Central Bank Digital Currency? J. Financ. Serv. Res. 2024, 65, 1–40. [Google Scholar] [CrossRef]
  26. Choi, S.; Kim, B.; Kim, Y.S.; Kwon, O. Central Bank Digital Currency and Privacy: A Randomized Survey Experiment. Int. Econ. Rev. 2025, 66, 823–847. [Google Scholar] [CrossRef]
  27. Bugár, G.; Somogyvári, M. Fundamental Principles to Design an Ethical Payment System. Humanit. Soc. Sci. Commun. 2025, 12, 299. [Google Scholar] [CrossRef]
  28. Omar, R.; Wylde, V.; Herd, M. Could Digital Currencies End Banking as We Know It? The Future of Money; The Conversation: Melbourne, Australia, 2025. [Google Scholar]
  29. Zarifis, A.; Cheng, X. The Six Ways to Build Trust and Reduce Privacy Concern in a Central Bank Digital Currency (CBDC). In Business Digital Transformation; Zarifis, A., Ktoridou, D., Efthymiou, L., Cheng, X., Eds.; Springer International Publishing: Cham, Switzerland, 2024; pp. 115–138. [Google Scholar]
  30. Yee, G.O.M. Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards; Yee, G.O.M., Aptus Research Solutions, IGI Global, Eds.; IGI Global: Hershey, PA, USA, 2012. [Google Scholar]
  31. Elliott, C.; Orser, B. Feminist Entrepreneurial Identity: Reproducing Gender through Founder Decision-Making. In A Research Agenda for Women and Entrepreneurship Identity Through Aspirations, Behaviors and Confidence; Edward Elgar Publishing: Cheltenham, UK, 2018; pp. 114–136. [Google Scholar]
  32. Kyriazis, N.A.; Dimitriadis, K.A.; Theodossiou, P. Can Banking Intermediates Crowd Out Their High-Tech Promising Successors? A Financial Stress Perspective. Int. J. Financ. Econ. 2026. early view. [Google Scholar] [CrossRef]
  33. Singh, V.; Yadav, M. User Adoption of Digital Currency: A Systematic Review and Future Agenda Using TCCM Approach. Cent. Bank Rev. 2025, 25, 100183. [Google Scholar] [CrossRef]
  34. Agur, I.; Ari, A.; Dell’Ariccia, G. Designing Central Bank Digital Currencies. J. Monet. Econ. 2022, 125, 62–79. [Google Scholar] [CrossRef]
  35. Insights, L. Bahamas Sand Dollar CBDC Has $2.1m in Circulation After 3 Years; Ledger Insights—Blockchain Enterprise: Limassol, Cyprus, 2024. [Google Scholar]
  36. Giraldo-Gordillo, F.E.; Bustillo-Mesanza, R. CBDCs and Liquidity Risks: Evidence from the SandDollar’s Impact on Deposits and Loans in the Bahamas. FinTech 2026, 5, 5. [Google Scholar] [CrossRef]
  37. Ree, J. Nigeria’s eNaira, One Year After; International Monetary Fund: Washington, DC, USA, 2023. [Google Scholar]
  38. Abdullahi, M.; Ahmad, A.; Pandey, B.K.; Pandey, D. Digital Currency Adoption: A Comparative Analysis of Global Trends and the Nigerian eNaira Digital Currency. SN Comput. Sci. 2024, 5, 602. [Google Scholar] [CrossRef]
  39. CBDC Tracker. Available online: https://cbdctracker.hrf.org/currency/nigeria (accessed on 17 May 2026).
  40. Quaglia, L.; Verdun, A. The Geoeconomics of Central Banks Digital Currencies (CBDCs): The Case of the European Central Bank (ECB). New Polit. Econ. 2025, 30, 639–651. [Google Scholar] [CrossRef]
  41. Seiler, V. What Determines Potential Usage of the Digital Euro? Res. Int. Bus. Financ. 2026, 86, 103360. [Google Scholar] [CrossRef]
  42. Li, Y.; Wareewanich, T.; Chankoson, T. A Study on Influencing Factors of Willingness to Use E-CNY Based on Logistic Model. Int. J. Interact. Mob. Technol. 2024, 18, 112–123. [Google Scholar] [CrossRef]
  43. Corbet, S.; Cumming, D.; Glatzer, Z.; Johan, S. Understanding the Rapid Development of CBDC in Emerging Economies. Financ. Res. Lett. 2024, 70, 106226. [Google Scholar] [CrossRef]
  44. Gaisina, A.; Finger, M. Central Bank Digital Currencies (CBDCs): A Countermeasure to Anti-Money Laundering (AML) Challenges Posed by Cryptocurrencies? Digit. Financ. 2025, 7, 201–254. [Google Scholar] [CrossRef]
  45. Chiu, J.; Davoodalhosseini, S.M.; Jiang, J.; Zhu, Y. Bank Market Power and Central Bank Digital Currency: Theory and Quantitative Assessment. J. Polit. Econ. 2023, 131, 1213–1248. [Google Scholar] [CrossRef]
  46. Ballaschk, D.; Paulick, J. The Public, the Private and the Secret: Thoughts on Privacy in Central Bank Digital Currencies. J. Paym. Strategy Syst. 2021, 15, 277. [Google Scholar] [CrossRef]
  47. Buterin, V.; Illum, J.; Nadler, M.; Schär, F.; Soleimani, A. Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium. Blockchain Res. Appl. 2024, 5, 100176. [Google Scholar] [CrossRef]
  48. Solomka, I.; Liubinskyi, B. Zero-Knowledge Proof Framework for Privacy-Preserving Financial Compliance. Math. Model. Comput. 2025, 12, 342–354. [Google Scholar] [CrossRef]
  49. Barbereau, T.; Sedlmeir, J.; Smethurst, R.; Fridgen, G.; Rieger, A. Tokenization and Regulatory Compliance for Art and Collectibles Markets: From Regulators’ Demands for Transparency to Investors’ Demands for Privacy. In Blockchains and the Token Economy; Lacity, M.C., Treiblmaier, H., Eds.; Technology, Work and Globalization; Springer International Publishing: Cham, Switzerland, 2022; pp. 213–236. [Google Scholar]
  50. Giraldo-Gordillo, F.E.; Bustillo-Mesanza, R. The Effects of CBDCs on Mobile Money and Outstanding Loans: Evidence from the eNaira and SandDollar Experiences. FinTech 2025, 4, 39. [Google Scholar] [CrossRef]
  51. C, V.A.; Kamin, S.; Zampolli, F. Central Bank Digital Currencies (CBDCs) in Latin America and the Caribbean. Lat. Am. J. Cent. Bank. 2025, 6, 100140. [Google Scholar] [CrossRef]
  52. Koonprasert, T.T.; Kanada, S.; Ysuda, N.; Reshidi, E. Central Bank Digital Currency Adoption: Inclusive Strategies for Intermediaries and Users; Fintech Notes; International Monetary Fund: Washington, DC, USA, 2024; Volume 2024, 57p. [Google Scholar] [CrossRef]
  53. Bosua, A.P.; Biswas, M. Public Perception and Adoption Approaches for Digital Currencies: Analysing Influencing Factors. In Proceedings of the 2024 29th International Conference on Automation and Computing (ICAC); IEEE: Piscataway, NJ, USA, 2024. [Google Scholar]
  54. Olaleye, S.A.; Ahiabenu, K.; Ojubanire, O.A. The Democratization of Digital Currency in Nigeria: A Sentiment Analysis of eNaira App Usability. Afr. J. Sci. Technol. Innov. Dev. 2024, 16, 603–620. [Google Scholar] [CrossRef]
  55. Ahmed, M.; Al-Hussaini, A.I.S.; Ibrahim, A.A.; Abubakar, R.A. Mediating Effect of Emotionality on the Intention to Use the Nigerian Central Bank Digital Currency (e-Naira). Int. J. Bus. Syst. Res. 2025, 19, 95–110. [Google Scholar] [CrossRef]
  56. Huang, Y. A Study on Anti-Money Laundering Regulation in e-CNY Cross-Border Payments. Int. J. Adv. Appl. Sci. 2025, 12, 216–225. [Google Scholar] [CrossRef]
  57. Heidebrecht, S. How and Why EU Institutions Promote the Digital Euro: The Politics of a Central Bank Digital Currency (CBDC). J. Common Mark. Stud. 2025, early view. [Google Scholar] [CrossRef]
  58. Brühl, V. The Potential Impact of a Central Bank Digital Currency (CBDC) on the Banking Sector: The Case of a Digital Euro. Eurasian Econ. Rev. 2026, 16, 215–240. [Google Scholar] [CrossRef]
  59. Dionysopoulos, L.; Marra, M.; Urquhart, A. Central Bank Digital Currencies: A Critical Review. Int. Rev. Financ. Anal. 2024, 91, 103031. [Google Scholar] [CrossRef]
  60. Allahrakha, N.; Xamdamovna, T.G.; Sokhibjonovich, B.S.; Narziev, O.; Pulatov, T. Privacy and Security Risks in Cross-Border Digital Payment Systems. Leg. J. Ilm. Huk. 2025, 33, 553–584. [Google Scholar] [CrossRef]
  61. Choi, J.-R. Quantum Behavior of a Nonextensive Oscillatory Dissipative System in the Coherent State. Symmetry 2021, 13, 1178. [Google Scholar] [CrossRef]
  62. Jiang, J. Privacy Implications of Central Bank Digital Currencies. Seton Hall Law Rev. 2023, 54, 69–135. [Google Scholar] [CrossRef]
  63. Wostbrock, M. Miller in a Cashless Society: Financial Surveillance and the Fourth Amendment. Columbia Bus. Law Rev. 2024, 2023. [Google Scholar] [CrossRef]
  64. Huber, J. The Monetary Turning Point: From Bank Money to Central Bank Digital Currency (CBDC); Palgrave Macmillan: Cham, Switzerland, 2023; 192p. [Google Scholar]
  65. Zafar, A. Privacy as Institutional Design: A Legal-Technological Analysis of CBDC Governance and Compliance. Comput. Law Secur. Rev. 2026, 60, 106258. [Google Scholar] [CrossRef]
  66. Michalopoulos, P.; Olowookere, O.; Pocher, N.; Sedlmeir, J.; Veneris, A.; Puri, P. Privacy and Compliance Design Options in Offline Central Bank Digital Currencies. IEEE Trans. Netw. Serv. Manag. 2025, 22, 3748–3763. [Google Scholar] [CrossRef]
  67. Rybski, R. Sustainability, Public Security, and Privacy Concerns Regarding Central Bank Digital Currency (CBDC). In Digital Transformation and the Economics of Banking; Routledge: London, UK, 2023. [Google Scholar]
  68. Arora, R.; Du, H.; Kazmi, R.A.; Le, D.-P. Privacy-Enhancing Technologies for CBDC Solutions; Bank of Canada: Ottawa, ON, Canada, 2025. [Google Scholar] [CrossRef]
  69. Teng, H.-W.; Härdle, W.K.; Osterrieder, J.; Pele, D.T.; Baals, L.J.; Papavassiliou, V.; Bolesta, K.; Kabašinskas, A.; Filipovska, O.; Thomaidis, N.S.; et al. Digital Assets: Risks, Regulations, Mitigation. Financ. Innov. 2026, 12, 65. [Google Scholar] [CrossRef]
  70. Michalopoulos, P.; Mack, A.; Clark, C.; Chen, L.; Sedlmeir, J.; Veneris, A. A Prototype for Privacy-Preserving and Compliant Offline CBDC Transactions. 2025. Available online: https://www.eecg.utoronto.ca/~veneris/1BRAINS25.pdf (accessed on 25 February 2026).
  71. Bank for International Settlements. Options for Access to and Interoperability of CBDCs for Cross-Border Payments: Report to the G20; BIS, Ed.; Bank for International Settlements: Basel, Switzerland, 2022. [Google Scholar]
  72. Fernández-Villaverde, J.; Sanches, D.; Schilling, L.; Uhlig, H. Central Bank Digital Currency: Central Banking for All? Rev. Econ. Dyn. 2021, 41, 225–242. [Google Scholar] [CrossRef]
  73. Ceylan, I.E.; Ceylan, F. A Bibliometric Analysis of Global Scientific Research on Central Bank Digital Currencies. Encycl. Monet. Policy Financ. Mark. Bank. 2025, 1, 362–372. [Google Scholar] [CrossRef]
  74. Gross, J. How To Design a Private and Compliant Central Bank Digital Currency? In Digital Assets and the Law: Fiat Money in the Era of Digital Currency; Routledge: London, UK, 2024; pp. 157–165. [Google Scholar] [CrossRef]
  75. Bank for International Settlements (Ed.) Central Bank Digital Currency (CBDC) Information Security and Operational Risks to Central Banks: An Operational Lifecycle Risk Management Framework; BIS: Basel, Switzerland, 2023. [Google Scholar]
  76. Cerutti, E.M.; Firat, M.; Perez-Saiz, H. Estimating the Impact of Digital Money on Cross-Border Flows: Scenario Analysis Covering the Intensive Margin; FinTech Notes; International Monetary Fund: Washington, DC, USA, 2025; Volume 2025. [Google Scholar] [CrossRef]
  77. Chu, J. Monetary Statecraft and the Bahamian SandDollar. Singap. J. Trop. Geogr. 2026, 47, 131–150. [Google Scholar] [CrossRef]
  78. FATF. FATF Guidance on Proliferation Financing Risk Assessment and Mitigation; FATF: Paris, France, 2021. [Google Scholar]
  79. Mooij, A.A.M. The Digital Euro and Energy Considerations: Can the ECB Introduce the Digital Euro Considering the Potential Energy Requirements? Ger. Law J. 2022, 23, 1246–1265. [Google Scholar] [CrossRef]
  80. Paulovici, T. The Digital Yuan vs. the Digital Euro: Diverging Paths in Central Bank Digital Currency Developments. In Proceedings of the International Conference on Business Excellence; Bucharest University of Economic Studies: Bucharest, Romania, 2025; Volume 19, pp. 2978–2992. [Google Scholar]
  81. Michail, N.; Selvadurai, N.; Goldbarsht, D. Privacy and National Security Issues Relating to the Introduction of a Central Bank Digital Currency in Australia. J. Money Laund. Control 2026, 29, 20–36. [Google Scholar] [CrossRef]
  82. Sanz Bayón, P. Current and Future Central Bank Digital Currency (CBDC) Projects. In Governance and Control of Data and Digital Economy in the European Single Market: Legal Framework for New Digital Assets, Identities and Data Spaces; Pastor Sempere, C., Ed.; Springer: Cham, Switzerland, 2025; pp. 309–347. [Google Scholar]
  83. Weinberg, A.I.; Petratos, P.; Faccia, A. Will Central Bank Digital Currencies (CBDC) and Blockchain Cryptocurrencies Coexist in the Post Quantum Era? Discov. Anal. 2025, 3, 8. [Google Scholar] [CrossRef]
  84. Patti, F.P. Towards A Global Anti-Money Laundering Law for Crypto-Assets. Georget. J. Int. Law 2025, 56, 697–727. [Google Scholar] [CrossRef]
  85. Panem, C.; Tripathi, A.M.; Chaudhary, N.K.; Chouhan, L.; Kori, S.A.; Rao, G.S.; Srivastava, A.M. Leveraging Machine Learning and AI for Real-Time Anomaly Detection in Financial Transactions. In Information Security, Privacy and Digital Forensics; Chaudhary, N.K., Iyengar, S.S., Modi, C., Patel, S.J., Eds.; Springer Nature: Singapore, 2026; pp. 1–17. [Google Scholar]
Fintech 05 00051 g001
Figure 1. Literature Search and Screening Process.
Figure 1. Literature Search and Screening Process.
Fintech 05 00051 g001
Fintech 05 00051 g002
Figure 2. Conceptual Framework-From CBDC Design Quality to Adoption.
Figure 2. Conceptual Framework-From CBDC Design Quality to Adoption.
Fintech 05 00051 g002
Fintech 05 00051 g003
Figure 3. Multi-Layer Architecture for Privacy-Aware CBDC Design.
Figure 3. Multi-Layer Architecture for Privacy-Aware CBDC Design.
Fintech 05 00051 g003
Fintech 05 00051 g004
Figure 4. The Seven-Component Global Policy Framework for Trustworthy CBDCs.
Figure 4. The Seven-Component Global Policy Framework for Trustworthy CBDCs.
Fintech 05 00051 g004
Fintech 05 00051 g005
Figure 5. Tiered KYC Architecture for CBDC Privacy Design (Component 3).
Figure 5. Tiered KYC Architecture for CBDC Privacy Design (Component 3).
Fintech 05 00051 g005
Fintech 05 00051 g006
Figure 6. Privacy-Enhancing Technology (PET) Spectrum for CBDC Design (Component 4).
Figure 6. Privacy-Enhancing Technology (PET) Spectrum for CBDC Design (Component 4).
Fintech 05 00051 g006
Fintech 05 00051 g007
Figure 7. Measurement model for Proposition 5.
Figure 7. Measurement model for Proposition 5.
Fintech 05 00051 g007
Fintech 05 00051 g008
Figure 8. Illustrative Positioning of Selected CBDC Cases Across Privacy Design and Observed Adoption Contexts. Note: The figure presents a conceptual and interpretive positioning of selected CBDC initiatives based on publicly available information regarding privacy architecture, governance structures, and observed adoption contexts. The positioning is illustrative rather than quantitative and should not be interpreted as a statistically validated measurement of causal relationships between privacy design and adoption outcomes.
Figure 8. Illustrative Positioning of Selected CBDC Cases Across Privacy Design and Observed Adoption Contexts. Note: The figure presents a conceptual and interpretive positioning of selected CBDC initiatives based on publicly available information regarding privacy architecture, governance structures, and observed adoption contexts. The positioning is illustrative rather than quantitative and should not be interpreted as a statistically validated measurement of causal relationships between privacy design and adoption outcomes.
Fintech 05 00051 g008
Fintech 05 00051 g009
Figure 9. Framework Compliance Radar Chart—Four CBDC Cases. Note. Scale, 1 = partial or evolving alignment, 2 = substantial alignment indicated, 3 = strong alignment indicated. Propositions Summary.
Figure 9. Framework Compliance Radar Chart—Four CBDC Cases. Note. Scale, 1 = partial or evolving alignment, 2 = substantial alignment indicated, 3 = strong alignment indicated. Propositions Summary.
Fintech 05 00051 g009
Table 1. Inclusion and Exclusion Criteria.
Table 1. Inclusion and Exclusion Criteria.
Inclusion CriteriaExclusion Criteria
English-language publicationsNon-English publications
Studies published between 2018 and 2025Publications outside the study period, unless foundational
CBDC-related privacy, trust, governance, adoption, and regulatory studiesCryptocurrency-only studies unrelated to sovereign CBDCs
Peer-reviewed journal articlesOpinion pieces and non-analytical commentary
Working papers and institutional reports from recognized organizationsDuplicate records
Empirical, conceptual, comparative, and policy-oriented studiesPublications with limited relevance to retail CBDC governance
Retail CBDC focusWholesale CBDC-only studies unless conceptually relevant
Table 2. Survey Data on Privacy Concerns and CBDC Adoption Intentions.
Table 2. Survey Data on Privacy Concerns and CBDC Adoption Intentions.
Survey Question/MetricResponse CategoryPercentage (%)Sample SizeSource/Year
Primary Privacy ConcernGovernment surveillance43%5240ECB Public Consultation (2021)
Loss of anonymity52%5240ECB Public Consultation (2021)
Data breaches38%3800BIS Survey (2023)
Commercial exploitation28%3800BIS Survey (2023)
Trust in CBDC (General)High trust28%8500Multi-country survey (2023)
Medium trust44%8500Multi-country survey (2023)
Low trust28%8500Multi-country survey (2023)
Adoption Intention with Strong PrivacyDefinitely would adopt45%6200Academic study (2024)
Probably would adopt37%6200Academic study (2024)
Unlikely to adopt18%6200Academic study (2024)
Adoption Intention without PrivacyDefinitely would adopt8%6200Academic study (2024)
Probably would adopt10%6200Academic study (2024)
Unlikely to adopt82%6200Academic study (2024)
Most Important CBDC FeaturePrivacy protection41%4500IMF Study (2023)
Security32%4500IMF Study (2023)
Ease of use18%4500IMF Study (2023)
Low fees9%4500IMF Study (2023)
Willingness to Share Data with GovernmentComfortable15%7100Privacy International (2023)
Somewhat comfortable28%7100Privacy International (2023)
Uncomfortable57%7100Privacy International (2023)
Table 3. Summary of Key Empirical Studies on CBDC Privacy and Adoption.
Table 3. Summary of Key Empirical Studies on CBDC Privacy and Adoption.
StudySourceMethodologyKey Finding
Choi et al. [26]BIS Working Paper No. 1147Randomized controlled experiment; N = 2000+ (Euro Area & US)Privacy safeguards raise CBDC adoption willingness by up to 60%; communicating privacy features has an independent, significant positive effect
Singh & Yadav [33]Central Bank Review, 25 (1)Systematic review of 78 CBDC adoption studies (2010–2023)Regulatory frameworks and user risk perceptions (including privacy) are the two most consistent adoption determinants across studies
Bijlsma et al., [25]DNB Working Paper No. 709Survey experiment; N = 1800 (The Netherlands)Privacy is the strongest stated preference; loss of privacy is perceived as the primary cost of CBDC adoption
Garratt & Oordt, [9]BIS Working Paper No. 976Theoretical welfare analysis of CBDC privacy designConditional privacy—anonymity for small, traceability for large transactions—dominates both extremes on welfare grounds
Agur et al., [34]Journal of Monetary Economics, 125Theoretical model of CBDC design & competitionExcessive data collection drives users toward anonymous private alternatives, reducing systemic monetary benefits
Auer et al., [24]BIS Working Paper No. 880Cross-country comparative analysis of CBDC motivationsInstitutional trust in the central bank is a significant moderator of adoption intent
Murphy, [5]IMF Fintech Notes 2024/004Normative analysis; high vs. low data-intensity CBDC modelsPrivacy-by-design and proportionate data governance can reconcile privacy with AML/CFT; 7 PbD principles proposed
Table 4. Comparative Positioning of Existing CBDC Governance Frameworks and the Contribution of the Present Study.
Table 4. Comparative Positioning of Existing CBDC Governance Frameworks and the Contribution of the Present Study.
Framework/StudyMain FocusKey LimitationsContribution of the Present Study
BIS (2020–2023) CBDC PrinciplesFoundational policy principles for CBDC design, interoperability, and financial stabilityLimited emphasis on operational privacy governance and adoption behaviorIntegrates privacy governance, institutional trust, adoption dynamics, and operational policy architecture into a unified framework
IMF CBDC Policy FrameworksRegulatory governance, financial inclusion, and macro-financial implicationsLimited integration of privacy-enhancing technologies and behavioral adoption mechanismsCombines legal safeguards, PETs, institutional trust, and adoption propositions within a single analytical structure
FATF Digital Asset GuidanceAML/CFT compliance and transaction monitoring standardsStrong compliance orientation with limited focus on citizen privacy expectations and trust formationIntroduces a balanced privacy–compliance model through tiered access and proportional governance principles
ECB Digital Euro StudiesPrivacy preferences, offline payments, and public consultationPrimarily focused on the European institutional context and digital euro implementationDevelops a globally adaptable multi-layer governance framework applicable across diverse CBDC environments
Existing Academic CBDC Governance LiteratureFragmented discussions on privacy, surveillance, adoption, or technical architectureLimited integration across technical, legal, institutional, and international dimensionsProposes a seven-component, four-layer framework linking governance design, privacy architecture, and adoption expectations
Present StudyIntegrated CBDC privacy and governance frameworkExploratory and theory-building in nature; requires future empirical testingSynthesizes interdisciplinary literature and comparative case evidence into a comprehensive policy-oriented framework with associated propositions and operational measurement models
Table 5. Selected Retail CBDC Projects-Privacy Design Approaches and Adoption Outcomes.
Table 5. Selected Retail CBDC Projects-Privacy Design Approaches and Adoption Outcomes.
CBDC (Country)StatusPrivacy Design ApproachAdoption & Trust Outcome
Sand Dollar (Bahamas)Live (Oct 2020)Tiered KYC: Tier I = phone verification, small cap limit; Tier II = full KYC. Data routed through licensed intermediaries; central bank does not hold personal retail data directly.Slow uptake: ~120 k wallets (pop. ~400 k); $2.1 M (~0.5% of cash) active for 3 years. No major privacy controversies. Barriers: convenience and merchant acceptance [35,36].
eNaira
(Nigeria)		Live (Oct 2021)Four-tier wallets: Tier 1 = national ID-linked phone; higher tiers = bank verification (BVN). Central bank can see all ledger transactions. Privacy protections not clearly communicated to users.Very low adoption: 0.5% usage after one year; 98.5% of wallets never activated. Surveillance fears compounded by coercive cash-scarcity policy caused severe trust deficit and public backlash [37]
Digital Yuan (e-CNY) (China)Pilot (~2020+)‘Controllable anonymity’: Commercial banks handle KYC; PBoC sees anonymized inter-institutional flows unless legal unmasking triggered. State retains de-anonymization capability via back-end certification centers.Large-scale pilot: 261 M+ wallets; >$13B in transactions by 2022. Moderate domestic trust. International observers note surveillance potential; human rights groups remain concerned [38,39].
Digital Euro (Eurozone)Development (pilot~2024–25)GDPR-aligned privacy-by-design: Intermediated by private banks under EU data protection law. ECB commits to minimizing central-bank data visibility. Offline mode under design. Pseudonymous tokens and data segregation proposed.High interest, high skepticism: 43% of 2021 ECB consultation respondents cited privacy as top concern (security: 18%). Success hinges on credible institutional privacy commitments [40,41].
Table 6. Privacy-Enhancing Technologies for CBDCs.
Table 6. Privacy-Enhancing Technologies for CBDCs.
TechnologyPrivacy BenefitTechnical MaturityImplementation ComplexityPerformance ImpactCurrent CBDC UseLimitations
Zero-Knowledge Proofs (ZKP)Prove transaction validity without revealing detailsHigh (e.g., zk-SNARKs)HighModerate computational overheadExperimental (EU research)• Computational intensity
• Requires specialized expertise
Homomorphic EncryptionCompute on encrypted dataModerateVery HighHigh computational costResearch phase• Performance limitations
• Complex implementation
Blind SignaturesIssuer cannot link withdrawal to spendingHighModerateLowConsidered for offline euro• Requires trusted setup
• Limited to specific use cases
Secure Multi-Party Computation (MPC)Distributed computation without data sharingHighHighModeratePilot projects• Coordination complexity
• Network overhead
Differential PrivacyStatistical privacy for aggregated dataHighModerateLow to ModerateAnalytics in e-CNY• Accuracy trade-offs
• Parameter tuning needed
PseudonymizationReplace identifiers with pseudonymsVery HighLowMinimalWidely used (Sweden e-Krona)• Re-identification risks
• Not true anonymity
Hardware Security Modules (HSM)Secure key storage and operationsVery HighModerateMinimalStandard practice• Physical security dependency
• Cost
TokenizationReplace sensitive data with tokensVery HighLow to ModerateMinimalCommon in payment systems• Token management overhead
• Mapping database required
Tiered ArchitectureDifferent privacy levels by transaction sizeHighModerateMinimalBahamas, Nigeria, Jamaica• Complexity in threshold management
• Potential for circumvention
Offline CapabilityTransactions without network (like cash)ModerateHighN/A (offline)EU Digital Euro proposal• Double-spending prevention
• Security challenges
Table 7. Comparative Mapping of Framework Components Across Selected CBDC Cases.
Table 7. Comparative Mapping of Framework Components Across Selected CBDC Cases.
Framework ComponentBahamas Sand DollarNigeria eNairaChina e-CNYEU Digital EuroIllustrative Evidence Basis
Privacy-by-Design Architectureprivacy architecture disclosures; CBDC design papers
Legal & Regulatory SafeguardsCBDC legislation; GDPR provisions; judicial oversight provisions
Tiered & Proportionate Data Access~tiered KYC structure; wallet verification levels
Privacy-Enhancing Technologies~ZKP references; anonymization mechanisms; technical architecture
Public Transparency & Engagement~~public consultations; communication strategy; user guidance
Security & Operational Resiliencecybersecurity reports; offline payment capability; operational disclosures
International Coordination & Standards~~BIS principles; interoperability initiatives; international policy alignment
✓ = substantial evidence of alignment with framework components, ~ = partial or evolving alignment
✗ = limited evidence or limited alignment with framework components
Note. The comparative mapping is based on publicly available policy documents, central bank publications, technical reports, consultation papers, and peer-reviewed academic literature available as of 2025. The symbols represent interpretive qualitative assessments rather than formal quantitative measurements. The table is intended to facilitate conceptual comparison across CBDC governance approaches and should not be interpreted as a statistically validated ranking or causal evaluation framework.
Table 8. Summary of Research Propositions—Components, and Measurement Models.
Table 8. Summary of Research Propositions—Components, and Measurement Models.
#PropositionProposition StatementMeasurement ApproachEvidence Base
P1 linked to C1Privacy-by-Design → higher adoptionCBDCs embedding PbD principles indicate significantly higher adoption rates than those treating privacy as an ex post add-on.Two-way FE panel OLS; PbD compliance index; IV using pre-CBDC privacy lawChoi et al., Yee [26,30]
P2 linked to C2Legal Safeguards → higher institutional trustLegally binding CBDC data protection provisions significantly increase citizens’ reported trust in the CBDC issuer.Ordered logit/OLS; LS composite index; mediation via perceived privacyGarratt & van Oordt, Bijlsma et al. [9,25]
P3 linked to C3Tiered Data Access → inclusion + privacy adoptionTiered KYC positively moderates CBDC adoption among unbanked and privacy-sensitive segments.FE panel with TK × Financial Exclusion interaction; marginal effectsSingh & Yadav (2025), FATF [33,78]
P4 linked to C4Privacy-Enhancing Technologies → higher tech-literate adoptionCBDCs with verifiable PETs achieve higher adoption willingness among technically literate users.Conjoint/discrete choice experiment; PET score × Technical Literacy interactionAgur et al., BIS [34,75]
P5 linked to C5Transparency & Engagement → trustTransparent privacy communication has an independent positive effect on adoption willingness, mediated by institutional trust.Baron-Kenny mediation; bootstrapped indirect effects (5000 draws)Choi et al., ECB [26,79]
P6 linked to C6Security & Resilience → asymmetric trust lossSecurity incidents produce asymmetric trust losses larger in magnitude than equivalent positive trust gains from transparency.Event-study DiD; asymmetry test; incident × recovery interactionAuer et al., BIS (2023b) [24,75]
P7 linked to C7International Coordination → regulatory arbitrageAbsence of coordinated privacy standards generates cross-border regulatory arbitrage, undermining high-privacy CBDC adoption.Gravity-model panel with corridor FE; staggered law entry as natural experimentBIS, FATF [75,78]
Note. FE = Fixed Effects; OLS = Ordinary Least Squares; DiD = Difference-in-Differences; IV = Instrumental Variable.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Ahmad, A. Trust, Privacy, and Adoption: A Global Policy Framework for Central Bank Digital Currencies. FinTech 2026, 5, 51. https://doi.org/10.3390/fintech5020051

AMA Style

Ahmad A. Trust, Privacy, and Adoption: A Global Policy Framework for Central Bank Digital Currencies. FinTech. 2026; 5(2):51. https://doi.org/10.3390/fintech5020051

Chicago/Turabian Style

Ahmad, Alam. 2026. "Trust, Privacy, and Adoption: A Global Policy Framework for Central Bank Digital Currencies" FinTech 5, no. 2: 51. https://doi.org/10.3390/fintech5020051

APA Style

Ahmad, A. (2026). Trust, Privacy, and Adoption: A Global Policy Framework for Central Bank Digital Currencies. FinTech, 5(2), 51. https://doi.org/10.3390/fintech5020051

Article Metrics

Back to TopTop