Central Bank Digital Currencies: A Comprehensive Survey of CBDC Architecture, Adoption, and Future

What Are Central Bank Digital Currencies

Central bank digital currencies (CBDCs) represent one of the most significant innovations in monetary policy since the abandonment of the gold standard. A CBDC is a digital form of sovereign fiat money, issued and regulated directly by a nation’s central bank, designed to serve as legal tender alongside physical cash and traditional bank deposits. Unlike decentralized cryptocurrencies such as Bitcoin or Ethereum, central bank digital currencies carry the full backing and credit guarantee of the issuing government, providing the price stability and institutional trust that volatile crypto assets cannot match.

The concept gained serious traction after the 2008 financial crisis exposed vulnerabilities in existing payment systems, and it accelerated dramatically when private digital currencies and stablecoins began challenging state monetary sovereignty. A comprehensive academic survey analyzing 135 research papers published between 2018 and 2025 reveals how CBDC research has evolved from theoretical proposals to concrete pilot programs, with nations competing to define the digital future of money. For organizations seeking to understand complex financial research, tools that transform dense reports into interactive experiences make these findings far more accessible.

The motivations driving CBDC development are multifaceted: improving financial inclusion for unbanked populations, enhancing payment system efficiency, preserving monetary sovereignty against private digital currencies, and creating new tools for monetary policy transmission. Each of these objectives shapes fundamental design choices that central banks must make when building their digital currency infrastructure.

Global CBDC Adoption and Key Statistics

The scale of global CBDC activity is remarkable. According to the Bank for International Settlements (BIS) 2023 survey, approximately 94% of responding central banks are engaged in some form of CBDC research. More notably, 81% are developing proofs of concept, and 33% have progressed to live pilot programs — a dramatic acceleration from just a few years earlier when most activity remained purely theoretical.

Several nations have moved beyond pilots to full issuance. The Bahamas launched the Sand Dollar in 2020, becoming one of the first countries with a live retail CBDC. Jamaica followed with JAM-DEX, and Nigeria introduced the eNaira. China’s digital yuan (e-CNY) remains the most ambitious project by transaction volume, processing billions of yuan across major cities since its pilot expansion began.

The research landscape mirrors this acceleration. The survey analyzed documents spanning from 2018 to 2025 and found that the vast majority of CBDC publications appeared after 2020, with only 12 of the 135 reviewed articles published before 2019. The composition of research reveals priorities: 22% consists of central bank working papers and policy reports, 24% focuses on enabling technologies like distributed ledger technology (DLT), 15% addresses CBDC system design taxonomy, and 9% examines security and privacy specifically. Understanding these global developments is critical for anyone exploring how blockchain technology is reshaping financial services worldwide.

CBDC Design Taxonomy and Architecture Models

At the heart of any central bank digital currency lies its system architecture — the structural framework that determines how money flows between central banks, intermediaries, and end users. The CBDC Design Pyramid, a comprehensive taxonomy refined through the survey’s analysis, organizes design choices across four core dimensions: system architecture, ledger technology, access model, and application area.

The one-tier (direct) architecture places the central bank in direct relationship with all end users. Every account or token is managed by the central bank itself, providing maximum control and eliminating intermediary risk. However, this model imposes enormous operational burden on the central bank, which must handle customer onboarding, transaction processing, dispute resolution, and compliance monitoring for millions of users — functions traditionally performed by commercial banks.

The two-tier (indirect) architecture has emerged as the dominant model across most pilot programs. Here, the central bank issues CBDCs to licensed intermediaries — commercial banks and payment service providers — who then distribute digital currency to retail or wholesale users. This design preserves the existing financial ecosystem’s division of labor while giving the central bank ultimate issuance authority. It reduces operational burden and leverages existing banking infrastructure for customer-facing services.

Hybrid architectures combine elements of both approaches. The central bank may maintain a direct claim for all users (ensuring funds are safe even if an intermediary fails) while delegating day-to-day payment processing to the private sector. Some designs introduce multiple operating agencies to distribute risk and improve resilience, though this adds governance complexity.

A complementary classification system describes state distribution models, ranging from fully centralized (a single entity maintains all records) to direct peer-to-peer models where transactions occur without intermediaries — mimicking the properties of physical cash in digital form. Each point along this spectrum represents a different balance between operational efficiency, privacy, and central bank oversight.

Ledger Technology Behind CBDCs

The choice of ledger technology fundamentally shapes a CBDC’s performance characteristics, security model, and governance structure. Central banks face three primary options: centralized ledger technology (CLT), distributed ledger technology (DLT), and hybrid approaches that combine elements of both.

Centralized Ledger Technology (CLT) uses traditional database management systems — such as MySQL, Oracle, or specialized solutions like LedgerDB — to maintain a single authoritative record of all transactions. CLT offers superior transaction throughput, simpler governance, and strong alignment with existing regulatory frameworks. However, it creates a single point of failure, concentrates enormous power in one entity, and offers limited independent verifiability. LedgerDB, developed as a blockchain-inspired centralized system, attempts to bridge this gap by providing tamper-evidence and audit capabilities within a centralized architecture through its Ledger Master, Ledger Proxy, and Ledger Server components.

Distributed Ledger Technology (DLT) distributes transaction records across multiple nodes, providing resilience, transparency, and cryptographic verifiability. Within DLT, central banks can choose between public (permissionless), consortium (permissioned among multiple organizations), and private (single-organization) implementations. Public DLT offers maximum decentralization and cross-border trust but sacrifices throughput and central bank policy control. Consortium DLT — using platforms like Hyperledger Fabric, Hyperledger Iroha, Hyperledger Besu, or R3 Corda — has emerged as the most popular choice for CBDC pilots, balancing institutional trust with distributed resilience.

The survey’s comparison of 26 CBDC projects found that the most common configuration combines two-tier architecture with DLT and token-based access — suggesting that central banks favor leveraging distributed resilience while maintaining institutional control through permissioned networks. Some architectures separate Account Blockchain (ABC) from Transaction Blockchain (TBC) to improve scalability and privacy by isolating identity management from payment processing.

CBDC Access Models: Account vs Token

How users interact with central bank digital currencies depends fundamentally on the access model chosen. This design decision affects everything from privacy and compliance to offline functionality and user experience.

Account-based CBDCs require identity verification and link digital currency holdings to registered accounts, similar to traditional bank accounts. This model supports robust anti-money laundering (AML) and counter-terrorism financing (CFT) compliance, delivers high transaction throughput, and fits naturally within existing banking flows. The trade-off is reduced anonymity — every transaction is linked to a verified identity, raising concerns about financial surveillance and data protection.

Token-based CBDCs function more like digital cash, where possession of a cryptographic token proves ownership. Transfers can occur without revealing the holder’s identity, enabling cash-like privacy. Token-based systems also support offline payments more naturally, since ownership verification doesn’t require checking a central database. However, this model requires sophisticated cryptographic mechanisms — such as blind signatures and zero-knowledge proofs — to prevent counterfeiting while preserving anonymity, and it complicates AML/CFT enforcement.

Hybrid access models attempt to capture the benefits of both approaches. A system might use account-based infrastructure for high-value transactions requiring full compliance while allowing token-based micropayments with tiered anonymity. Several pilot programs have adopted this pragmatic approach, recognizing that no single access model satisfies all stakeholder requirements simultaneously. The Platypus proposal, for example, combines account commitments with zero-knowledge proofs to enable anonymous transactions while maintaining auditability when legally required.

CBDC Privacy and Security Mechanisms

Privacy and security represent perhaps the most technically challenging and politically sensitive aspects of central bank digital currency design. Citizens expect cash-like privacy; regulators demand AML/CFT compliance; central banks need monetary policy data. Satisfying all three simultaneously requires sophisticated cryptographic innovation.

The survey identifies several key privacy-enhancing technologies being deployed or researched for CBDC systems. Zero-Knowledge Proofs (ZKPs) allow one party to prove a statement’s truth — such as “this transaction amount is within legal limits” — without revealing the underlying data. This enables compliance verification without exposing transaction details. Secure Multiparty Computation (MPC) allows multiple parties to jointly compute functions over their inputs without revealing those inputs to each other, enabling collaborative fraud detection without centralized data access.

Ring signatures obscure the identity of the transaction signer within a group of possible signers, providing sender anonymity. Homomorphic encryption allows computations on encrypted data without decryption, enabling auditing and analysis while data remains protected. Pedersen commitments allow transaction amounts to be verified as valid without revealing the actual values. Together, these technologies form a layered privacy architecture that can be calibrated to meet different regulatory requirements across jurisdictions.

Security concerns extend beyond privacy to system integrity. Core threats include spoofing (impersonating legitimate users or nodes), tampering (altering transaction records or system code), and data leakage (unauthorized access to sensitive information). The survey also highlights the emerging need for post-quantum cryptography — preparing CBDC systems against future quantum computing attacks that could break current cryptographic protections. For a deeper look at how organizations are leveraging technology for secure digital transformation, explore our analysis of enterprise digital transformation strategies.

Cross-Border CBDC Payments and Interoperability

Cross-border payments remain one of the most compelling use cases for central bank digital currencies. Traditional international transfers are slow (often taking 3-5 business days), expensive (with fees averaging 6.3% for remittances according to the World Bank), and opaque. CBDCs offer the potential to fundamentally restructure this system.

Project mBridge, a collaboration involving the central banks of China, Thailand, the UAE, and additional partners, has demonstrated how multi-currency CBDC platforms can enable near-instant cross-border settlement. Using a shared DLT platform, participating central banks can issue and exchange their digital currencies directly, eliminating the correspondent banking chains that create delays and costs in the current system.

The technical challenges of cross-border CBDC interoperability are substantial. Different jurisdictions use different architectures, ledger technologies, and access models. Identity recognition across borders requires mutual legal frameworks. Settlement finality must be guaranteed across time zones and regulatory regimes. Privacy standards vary dramatically — what constitutes adequate data protection in the European Union under GDPR may be insufficient or excessive in other jurisdictions.

The survey identifies three primary interoperability approaches: compatible CBDC systems that adopt common standards, interlinked systems that connect through technical bridges, and single multi-currency platforms like mBridge that provide a shared settlement layer. Each approach represents different trade-offs between sovereignty (how much control each central bank retains), efficiency (how quickly and cheaply transactions settle), and complexity (how difficult the system is to build and maintain). The growing research emphasis on cross-border applications, documented across the 135 surveyed papers, confirms this as the frontier where CBDCs may deliver the most transformative impact.

CBDC Policy Risks and Financial Stability

The introduction of central bank digital currencies creates ripple effects throughout the financial system that extend far beyond payment efficiency. Central banks must carefully navigate several interconnected policy risks.

Bank disintermediation is the most widely discussed concern. If citizens can hold digital money directly with the central bank (or through a CBDC system), they may shift deposits away from commercial banks — particularly during financial stress. This deposit migration could undermine banks’ ability to fund lending, potentially reducing credit availability and economic growth. Most CBDC designs address this through holding limits, tiered remuneration (paying lower or zero interest on CBDC holdings above certain thresholds), or by restricting direct central bank access entirely in favor of intermediary-based models.

Monetary policy implications are both promising and uncertain. CBDCs could give central banks new tools — such as programmable interest rates on digital currency holdings or targeted stimulus distribution. However, they could also accelerate bank runs during crises if converting deposits to CBDCs becomes frictionless. The two-tier architecture partially mitigates this by maintaining commercial banks’ role in the system.

Data sovereignty and surveillance concerns represent a fundamental tension in CBDC design. Centralized ledger models give authorities comprehensive visibility into financial transactions, raising justified concerns about government surveillance and political misuse. Even with privacy-enhancing technologies, the mere capability for transaction monitoring may chill legitimate financial activity. Balancing legitimate law enforcement needs with civil liberties protections requires not just technical solutions but robust legal frameworks and institutional safeguards.

The European Central Bank’s digital euro initiative exemplifies these policy balancing acts, with extensive public consultation processes addressing privacy, inclusion, and financial stability concerns simultaneously.

Programmable Money and Smart Contracts in CBDCs

One of the most innovative aspects of central bank digital currencies is their potential for programmability. By embedding smart contracts — self-executing code that automatically enforces conditions — CBDCs can enable entirely new categories of financial automation.

Programmable CBDCs could automatically enforce tax withholding on transactions, implement conditional subsidies that can only be spent on specified categories (such as food or education), execute escrow arrangements without intermediaries, or enable automated compliance checks for cross-border trade finance. Smart contracts can increase traceability and reduce fraud or default risk by making contractual obligations machine-enforceable.

However, programmability raises important questions about monetary freedom. If a government can program restrictions into money itself — dictating when, where, and how citizens spend — the line between monetary policy tool and social control mechanism becomes uncomfortably thin. The survey notes that some proposals address this by limiting programmability to wholesale applications or by bridging liquidity into smart contracts rather than allowing direct user-deployed code, improving security while restricting the scope of programmatic control.

The consensus mechanisms underpinning smart contract execution also matter significantly. For CBDC systems requiring deterministic settlement finality, Byzantine Fault Tolerance (BFT) variants like PBFT — demonstrated in South Africa’s Project Khokha — provide the immediate, irreversible finality that financial transactions demand, unlike probabilistic consensus mechanisms such as Proof of Work that can leave transactions temporarily uncertain.

Future of Central Bank Digital Currencies

The trajectory of central bank digital currencies points toward continued acceleration, technical sophistication, and global coordination. Several key trends will shape the next phase of CBDC development.

Post-quantum readiness is becoming a design requirement rather than a future consideration. As quantum computing advances threaten to break current cryptographic standards, CBDC architects must incorporate quantum-resistant algorithms from the ground up rather than retrofitting them later. The National Institute of Standards and Technology (NIST) has already published initial post-quantum cryptography standards, and forward-looking CBDC projects are beginning to integrate these.

Offline payment capability remains a critical technical challenge. For CBDCs to achieve true financial inclusion — particularly in regions with unreliable internet connectivity — they must function without constant network access. Token-based designs with secure hardware elements show promise, but preventing double-spending in offline environments without sacrificing usability requires continued innovation.

Interoperability standards will determine whether CBDCs fulfill their cross-border potential or fragment into incompatible national systems. Proposals referencing ISO/IEC 11179 metadata registry standards for blockchain interoperability suggest that the industry recognizes the need for common frameworks, though achieving global consensus on technical and governance standards remains a formidable challenge.

The survey’s analysis of 135 research papers also reveals a significant gap: while technical design receives extensive attention, economic and political implications of CBDCs remain comparatively understudied. Filling this gap will require interdisciplinary collaboration between computer scientists, economists, legal scholars, and policymakers. Central bank digital currencies are not merely a technology project — they represent a fundamental reimagining of the relationship between citizens, financial institutions, and the state.

As these systems mature, the institutions deploying them will need sophisticated ways to communicate complex technical and policy information to diverse stakeholders. Whether explaining CBDC architecture to legislators, privacy mechanisms to citizens, or interoperability protocols to partner central banks, the ability to transform dense research into engaging interactive experiences will be essential for building the public trust that CBDCs require to succeed.