Download this Paper and learn how to implement Central Bank Digital Currencies (CBDC) based on open banking standards, balancing the need for anonymity with financial crime regulatory requirements.

This paper outlines a proposal for how to implement Central Bank Digital Currencies (CBDC) based on open banking standards and supports both account-based and token-based CBDC models, transacting online and offline with immediate finality, while recognising the European PSD2 requirements, including (multi-factor) strong customer authentication (SCA).

The authors recognise the limitations with current smartphone technologies with respect to deploying trusted applications and in performing the role of a qualified signature creation device – highly relevant to offline scenarios.

In some cases, the authors recommend regulatory review, in others they recommend taking full advantage of the existing capabilities of the separated secure execution environment by dividing the control of a CBDC transaction between both payee and payer devices, so that if one device was compromised, this does not undermine the whole transaction.

It balances the need for anonymity with financial crime regulatory requirements and suggests that a CBDC wallet can be enriched with eID capabilities, or vice versa.

The wallet is bound to the person’s identity, their device and software via a chain of trust (eIDAS for the EU or similar for non-EU countries). The authors combine this with self-sovereign identity (SSI) principles to maximize privacy and minimize information sharing with a third party.


CBDC, identity, eID, SCA, electronic signatures, verifiable credentials, offline transactions.


  • Michael Adams: Founder, Quali-Sign, UK
  • Luca Boldrin: Innovation Manager, InfoCert, Italy
  • Ralf Ohlhausen: Founder, PayPractice, Germany
  • Eric Wagner: Group Product Owner Compliance Advanced Analytics, Erste Group Bank, Austria

Complete the form to download the Paper:

Please enter your first name (at least 2 characters).

Please enter your last name (at least 2 characters).

Please enter your company name (at least 2 characters).

Please select your country from the list.

Please enter your email address.
Please enter a valid email address.

Please select a country code from the list, than digit a valid phone number.

Enter the reason for your request in the text box (at least 10 characters).

I HEREBY DECLARE that I have read the "Privacy Notice - InfoCert Services" provided by InfoCert S.p.A. pursuant to Article 13, GDPR.

In addition, for the purpose set forth in paragraph 4, letter a), f), and g) of the information notice:

  1. (required)
    I AGREE to the processing of Data carried out by InfoCert S.p.A. for the purpose of sending promotional communications of products/services of the Data Controller or of the Group and/or third parties, to invite you to participate in thematic events and meetings, and in the context of online campaings carried out jointly with third party digital services providers.
  2. Please select an option.

  3. (required)
    I AGREE to the communication and/or transfer of the Data to other Group companies or to third parties operating in the sectors indicated in the information notice, which will use them for their own commercial purposes as independent data controllers.
  4. Please select an option.

The consent given may be revoked at any time by contacting the Joint Data Controllers at the contact details given in the Privacy Notice.

Please prove you're not a robot.
Something is wrong or missing, please double check.