Download this Paper and learn how to implement Central Bank Digital Currencies (CBDC) based on open banking standards, balancing the need for anonymity with financial crime regulatory requirements.

This paper outlines a proposal for how to implement Central Bank Digital Currencies (CBDC) based on open banking standards and supports both account-based and token-based CBDC models, transacting online and offline with immediate finality, while recognising the European PSD2 requirements, including (multi-factor) strong customer authentication (SCA).

The authors recognise the limitations with current smartphone technologies with respect to deploying trusted applications and in performing the role of a qualified signature creation device – highly relevant to offline scenarios.

In some cases, the authors recommend regulatory review, in others they recommend taking full advantage of the existing capabilities of the separated secure execution environment by dividing the control of a CBDC transaction between both payee and payer devices, so that if one device was compromised, this does not undermine the whole transaction.

It balances the need for anonymity with financial crime regulatory requirements and suggests that a CBDC wallet can be enriched with eID capabilities, or vice versa.

The wallet is bound to the person’s identity, their device and software via a chain of trust (eIDAS for the EU or similar for non-EU countries). The authors combine this with self-sovereign identity (SSI) principles to maximize privacy and minimize information sharing with a third party.


CBDC, identity, eID, SCA, electronic signatures, verifiable credentials, offline transactions.


  • Michael Adams: Founder, Quali-Sign, UK
  • Luca Boldrin: Innovation Manager, InfoCert, Italy
  • Ralf Ohlhausen: Founder, PayPractice, Germany
  • Eric Wagner: Group Product Owner Compliance Advanced Analytics, Erste Group Bank, Austria

Complete the form to download the Paper:

Please enter your first name (at least 2 characters).

Please enter your last name (at least 2 characters).

Please enter your company name (at least 2 characters).

Please select your country from the list.

Please enter your email address.
Please enter a valid email address.

Please select a country code from the list, than digit a valid phone number.

Enter the reason for your request in the text box (at least 10 characters).

The undersigned, as Data Subject
declares to have received from the Joint Data Controllers the Privacy Notice pursuant to Article 13, GDPR.


  1. (required)
    you expressly agree to the processing of the Data about the sending by the Joint Data Controllers of commercial and/or promotional communications relating to (i) their own products/services or those of other companies in the Group that are not similar to those already purchased, or to (ii) products/services offered by third parties.
  2. Please select an option.

  3. (required)
    you expressly agree to the communication and/or to the transfer of the Data to other companies that will use them for commercial purposes as autonomous owners.
  4. Please select an option.

The consent given may be revoked at any time by contacting the Joint Data Controllers at the contact details given in the Privacy Notice.

Please prove you're not a robot.
Something is wrong or missing, please double check.