Governance Challenges of Central Bank Digital Currencies: Legal Frameworks and Policy Choices

Central Bank Digital Currencies (CBDCs) are transitioning from conceptual research to actual deployment, with over 130 countries and territories having initiated CBDC exploration programs at various stages. As a scholar with a doctorate in law who has long been engaged in fintech regulation research, I have continuously followed CBDC developments through my work at the Cambridge Centre for Alternative Finance and the World Bank. My core observation is this: The technical design challenges of CBDCs are largely resolved, but the governance challenges -- gaps in legal frameworks, conflicts over privacy rights, and coordination of cross-border payments -- are what will ultimately determine their success or failure. This article analyzes the core governance challenges facing CBDCs across four dimensions: design choices, legal frameworks, privacy controversies, and cross-border governance, and offers policy recommendations.

I. The Origins and Context of CBDCs

To understand why CBDCs have become a priority for central banks worldwide in recent years, we need to examine the convergence of three forces.

The first force is the dramatic decline in cash usage. In Sweden, cash transactions as a share of retail payments have fallen from approximately 40 percent in 2010 to less than 10 percent today. China's mobile payment adoption rate leads the world -- in cities like Hangzhou and Shenzhen, cash has virtually disappeared from everyday transactions. My personal experience while teaching at Zhejiang University confirmed this: from campus canteens to street vendors, mobile payment was the only universally accepted transaction method. This trend raises a fundamental question: when the public no longer uses central bank-issued currency (i.e., cash) for daily transactions, will the central bank's role in the monetary system become marginalized? CBDCs are seen as the central bank's response to maintain its monetary sovereignty.^[1]

The second force is the challenge from private digital currencies. In 2019, Facebook released the Libra white paper, proposing a global stablecoin anchored to a basket of fiat currencies. Although Libra ultimately failed to materialize under strong opposition from regulators worldwide, its impact was profound -- it forced central banks globally to confront the possibility that if digital currencies issued by tech giants were widely adopted, traditional monetary policy transmission mechanisms could be severely undermined. The Bank for International Settlements (BIS) first introduced the concept of "Big Tech in Finance" in its 2019 annual report, marking the central banking community's systematic alertness to tech giants entering the financial sector.^[2]

The third force is the policy goal of financial inclusion. Through my research at the World Bank, I gained a deep appreciation for the severity of financial exclusion -- approximately 1.4 billion adults worldwide still lack bank accounts, unable to access basic financial services such as savings, credit, and insurance. For this "unbanked population," CBDCs offer a potential solution -- providing direct access to central bank money through mobile phones rather than bank accounts. The Bahamas' Sand Dollar (the world's first officially launched CBDC) and Nigeria's eNaira both list financial inclusion as a core policy objective.^[3]

However, the convergence of these three forces also creates profound tensions. Preserving monetary sovereignty may conflict with protecting citizens' privacy; promoting financial inclusion may contradict anti-money laundering risk prevention; enhancing payment efficiency may stand in opposition to maintaining financial stability. It is precisely these tensions that form the core of CBDC governance challenges.

II. Design Choices: Governance Implications of Account-Based vs. Token-Based Models

The technical design of CBDCs may appear to be a purely engineering problem, but every technical choice carries profound governance implications. As a legal researcher, I pay particular attention to two critical design dimensions: account-based vs. token-based, and direct issuance vs. intermediated issuance.

Account-based CBDCs operate with logic similar to existing bank accounts -- users open accounts at the central bank (or its authorized intermediaries), CBDC balances are recorded in the account system, and transactions are completed through balance adjustments between accounts. This model is relatively straightforward to implement technically and highly compatible with existing payment infrastructure, but its core issue is that it requires complete verification of user identity. Every transaction is linked to an identifiable account holder, meaning the central bank or intermediaries can track all transaction records.

Token-based CBDCs operate with logic more akin to cash -- CBDCs exist as "digital tokens," and transaction verification does not rely on account identity but rather on the authenticity of the token itself. The greatest advantage of this model is anonymity -- at least in theory, token-based CBDCs can achieve anonymous transactions similar to cash. However, the challenge is that fully anonymous digital currencies could become tools for money laundering, terrorism financing, and tax evasion.^[4]

In practice, most CBDC programs have chosen a "hybrid" approach -- providing a degree of anonymity for small-value transactions while requiring identity verification for large-value transactions. China's digital yuan (e-CNY) employs a "tiered anonymity" design: the lowest-level wallets require only a mobile phone number to open, with lower transaction limits; higher-level wallets require bank accounts, identity documents, and other more comprehensive identity verification, with correspondingly higher transaction limits and balance caps. The European Central Bank, in its Digital Euro design discussions, has also explicitly listed "anonymity for offline small-value payments" as one of its core design principles.

From a governance perspective, the choice between account-based and token-based models is essentially a spectrum of "state control vs. civil liberties." Account-based models grant the state stronger surveillance and management capabilities but may erode citizens' financial privacy; token-based models protect citizens' right to anonymity but may increase the risk of financial crime. Where each country positions itself on this spectrum depends on its legal traditions, political system, and social values.

Direct issuance vs. intermediated issuance is another critical dimension. The "direct model" allows the public to open accounts directly at the central bank, eliminating the intermediary role of commercial banks. The "intermediated model" (or "two-tier architecture") has the central bank wholesale CBDCs to commercial banks, which then distribute them to the public. The vast majority of central banks have chosen the latter -- the reason is straightforward: if the central bank directly serves hundreds of millions of retail users, not only would the technical burden be enormous, but it would fundamentally disrupt the existing banking system. Commercial banks' deposit bases could be massively transferred to central bank accounts, causing a "digital bank run" that endangers financial stability. China's digital yuan employs a "two-tier architecture" -- the central bank is responsible for issuance and management, while major commercial banks such as ICBC and Agricultural Bank of China, along with payment platforms like Alipay and WeChat Pay, handle user-facing services.^[5]

III. Legal Framework Gaps: The "Legal Vacuum" of CBDCs

In my research at Cambridge, I found that the most underestimated challenge facing CBDCs is not technical or economic, but rather systematic gaps in legal frameworks. Existing monetary law, central bank law, and payment law were mostly drafted in the era of banknotes and coins and did not anticipate digital forms of central bank currency.

The first gap is the definition of "legal tender." In the laws of most countries, "legal tender" refers only to banknotes and coins issued by the central bank. This means that, unless the law is amended, CBDCs may not have "legal tender" status -- merchants could legally refuse to accept CBDC payments. China, in its 2023 draft revision of the People's Bank of China Law, explicitly included "digital forms of the renminbi" in the definition of legal tender, making it one of the few cases that addressed this issue proactively. The European Central Bank is still pushing for EU legislation to ensure the Digital Euro receives legal tender status.^[6]

The second gap concerns the statutory authority of central banks. Many central bank acts only authorize the issuance of "banknotes" and "coins," without including "digital currency." Under strict legal interpretation, central bank issuance of CBDCs could exceed their statutory authority (ultra vires). The International Monetary Fund (IMF) conducted a review of the central bank laws of 174 IMF member states in a 2020 study, finding that fewer than 20 percent of central bank laws explicitly permit the issuance of digital forms of currency.^[7]

The third gap is the conflict between data protection law and anti-money laundering law. CBDC transaction data inevitably involves the collection and processing of personal information, and thus must comply with data protection regulations (such as the EU's GDPR). At the same time, CBDC operations must also meet anti-money laundering (AML) and know-your-customer (KYC) requirements -- which inherently require the collection and analysis of users' transaction patterns and identity information. There is an inherent tension between these two legal systems: data protection law requires "data minimization," while anti-money laundering law demands "comprehensive monitoring." Achieving balance between the two is one of the most challenging issues in CBDC legal design.

The fourth gap concerns the applicability of bankruptcy law and consumer protection law. Under a two-tier architecture, if an intermediary responsible for distributing CBDCs (such as a commercial bank or payment platform) goes bankrupt, are users' CBDC holdings protected? In the traditional bank deposit system, deposit insurance provides depositors with a certain level of protection. But CBDCs are not legally classified as "deposits" -- they are direct liabilities of the central bank, and intermediaries merely serve as "channels." In theory, CBDCs should not be affected by an intermediary's bankruptcy. However, in practice, if an intermediary's IT system fails or data is lost, users may face the predicament of being unable to recover their CBDCs -- and current consumer protection laws do not address this scenario.

The existence of these legal gaps reminds us of a fundamental point: CBDCs are not merely technological innovations but also legal innovations. Before any country launches a CBDC, comprehensive legal review and revision are required -- a time-consuming but indispensable foundational undertaking.^[8]

IV. Privacy and Surveillance: The Core Ethical Dilemma of CBDCs

Among all CBDC governance challenges, the privacy issue carries the deepest ethical significance. As a legal researcher, I believe privacy is not merely a legal right but the infrastructure of a free society -- and the design choices of CBDCs could fundamentally alter the balance of power between state and citizen.

The anonymity of cash is a form of "privacy by default." When you use banknotes to buy a cup of coffee, no institution knows about the transaction -- not what you bought, where you bought it, or how much you spent. This anonymity is not deliberately designed; it is a natural attribute of banknotes as physical objects. But CBDCs are digital -- every transaction is a data record that can theoretically be tracked, analyzed, and stored. If CBDCs replace cash, and CBDC transaction records are fully transparent to the central bank or government, the state acquires unprecedented surveillance capabilities -- it can know every purchase of every citizen, from daily shopping to political donations.^[9]

This concern is far from hypothetical. In exchanges with policymakers from multiple countries, I have repeatedly heard "programmability" listed as a potential CBDC feature -- meaning the central bank could impose usage conditions on CBDCs, such as restricting spending to specific categories, setting spending deadlines (to stimulate the economy), or automatically freezing funds under certain conditions. From a technical standpoint, these features are entirely feasible; from a human rights perspective, they constitute a serious erosion of citizens' property rights and freedom of consumption. Some pilot programs of China's digital yuan have already demonstrated the rudiments of programmability -- for example, linking digital yuan to specific consumption vouchers that can only be used at designated merchants within specific time periods.

Europe is the most sensitive to this issue. ECB President Christine Lagarde has promised on multiple occasions that the Digital Euro will provide "the highest standard of privacy protection." The European Commission's 2023 draft Digital Euro regulation explicitly stipulates that offline small-value transactions should have privacy protection "comparable" to cash -- meaning transaction details are invisible to both the central bank and intermediaries. However, critics point out that "comparable" and "identical" are different -- the nature of digital technology means that even "anonymous" offline transactions may still have their metadata (such as transaction time, location, and device information) collected and analyzed.

I believe that solving the privacy problem cannot rely solely on technical measures (such as encryption and zero-knowledge proofs) but also requires institutional safeguards -- including: clear legal provisions (what data can be collected, by whom it is held, and for how long); independent oversight bodies (to ensure the central bank does not abuse transaction data); and effective remedial mechanisms (how citizens can obtain compensation when privacy rights are violated). In this sense, the privacy design of CBDCs is not merely a technical question but a constitutional question -- it concerns the boundaries of state power.^[10]

V. Cross-Border Payments and International Governance: The Geopolitical Dimension of CBDCs

CBDCs are not merely instruments of domestic monetary policy; they carry profound geopolitical implications. When multiple countries launch CBDCs simultaneously, the landscape of cross-border payments could be reshaped -- and this will touch the core structure of the international monetary system.

The current cross-border payment system suffers from severe efficiency problems. According to World Bank data, the average cost of global cross-border remittances is approximately 6 percent of the remittance amount -- for migrant worker families in developing countries, this is a heavy burden. The high cost and low efficiency of cross-border payments stem from too many intermediary steps: a remittance from the Philippines to the United States may need to pass through remittance companies, correspondent banks, clearing systems, and other intermediaries, each charging fees and adding processing time. CBDCs -- particularly the concept of "multi-CBDC bridges" -- offer a potential solution to this problem.^[11]

The BIS-led "mBridge" project is currently the most representative multi-CBDC experiment. The project involves the People's Bank of China, the Hong Kong Monetary Authority, the Bank of Thailand, the Central Bank of the UAE, and the Saudi Central Bank, aiming to build a shared technology platform that allows participating countries' CBDCs to transact directly across borders without going through correspondent banking networks. In the 2022 pilot, mBridge successfully achieved real-time multi-currency cross-border settlement, reducing the traditional 3-5 business days to mere seconds.

However, the mBridge project has also raised geopolitical concerns. Some Western observers view it as China's attempt to build an alternative payment channel for "de-dollarization" -- in an international payment system dominated by the US dollar, a cross-border payment infrastructure that does not rely on SWIFT and correspondent banking networks could undermine America's financial sanctions capability. Although Chinese officials have denied this intent, the concern reflects a deeper reality: cross-border applications of CBDCs are not merely technical issues but questions of international order.

From a governance perspective, cross-border CBDCs face three core challenges. The first is interoperability. Different countries' CBDCs have different technical standards, data formats, and legal regulations -- how can we ensure they can transact smoothly with each other? There are currently no global CBDC technical standards -- the BIS and IMF are promoting related coordination efforts, but progress is slow. The second is coordination of anti-money laundering. In cross-border transactions, if one country's CBDC has relatively high anonymity standards while another requires full identity verification, how are the two reconciled? The third is the risk of currency substitution. If a CBDC from a large economy (such as the digital yuan or digital dollar) is widely used in a small open economy, the latter's monetary policy autonomy could be severely undermined -- this is a risk of "digital dollarization" or "digital yuanization."^[12]

Looking back at the full picture, the governance challenges of CBDCs are far more complex than their technical challenges. Legal framework gaps require the wisdom of legislators, privacy protection demands balanced institutional design, and cross-border governance requires coordination among the international community. As a scholar with training in both law and fintech research, I firmly believe that the success or failure of CBDCs depends not on the sophistication of the technology, but on the quality of the governance architecture. In this sense, CBDCs are a mirror -- they reflect not the capability of technology, but a society's governance capacity: how it balances efficiency and privacy, innovation and stability, national sovereignty and international cooperation. And these balances ultimately depend on the wisdom of the law and the courage of politics.