There is a version of the CBDC conversation that is almost entirely fictional. In that version, governments are plotting to issue a crypto coin that expires if you don’t spend it on approved goods, link every transaction to your social credit score, and freeze your account if you post the wrong opinion online. The people making this argument are not always wrong about the risks. They are, however, often wrong about what CBDCs actually are — and conflating the architecture with the worst-case policy application makes it harder to think clearly about either.
The sober version of the CBDC conversation is, in some ways, more unsettling. Not because the dystopian scenarios are inevitable, but because the infrastructure being built right now genuinely enables them — and the design choices being made by central banks, largely outside public scrutiny, will determine whether any of those scenarios become real. Understanding what a CBDC actually is, and how it differs from existing digital money, is the prerequisite for having an informed view on whether you should care.
What a CBDC Is — and What It Isn’t
Start with what a CBDC is not. It is not Bitcoin. It is not a stablecoin. And it is not simply a digital version of your existing bank account.
Bitcoin is a decentralized network with no issuer and no controller. Its supply is governed by code, and no individual or institution can freeze a wallet, reverse a transaction, or inflate the supply beyond the protocol’s hard cap. A CBDC is the exact opposite of this: it is a liability of the central bank, issued and controlled by a sovereign institution, with programmability features that the issuer defines. Calling a CBDC “crypto” is like calling a government-issued ID card a “self-sovereign identity” — the surface resemblance obscures a fundamental structural difference.
Stablecoins are also not CBDCs, though they are closer in function. A stablecoin like USDC is a private-sector liability backed by dollar reserves, issued by a regulated company, and redeemable at par. It lives on a public blockchain and inherits some of that blockchain’s properties — pseudonymity, permissionless transfer, composability with DeFi protocols. A CBDC is a public-sector liability issued directly by the central bank, with no private intermediary between the issuer and the holder. The distinction matters enormously for privacy and control.
And your existing bank balance is not a CBDC either, though this is where people get most confused. When you deposit money at JPMorgan, you are an unsecured creditor of JPMorgan, not a holder of government money. The Fed’s reserve accounts exist between the Fed and commercial banks; retail customers never touch them. A retail CBDC would change that: it would be a direct liability of the central bank, sitting in a wallet that the central bank’s infrastructure backs. In theory, it would be as safe as physical cash. In practice, it would be far more legible to the authorities who issued it.
Who’s Moving, and How Fast
China is furthest along, and that fact alone should give pause for thought. The digital yuan — officially the e-CNY — has been in pilot since 2020 and has processed hundreds of billions of yuan in transactions across dozens of cities. The People’s Bank of China has been explicit about some of its design features, including “controllable anonymity,” which is a technical term for a system where transactions are opaque to other users but not to the central bank. The e-CNY can be distributed by commercial banks, but the underlying infrastructure is state-owned and the transaction data flows to the PBoC. Whether that data is actively surveilled or simply available for surveillance when authorities want it is a distinction without much practical difference.
The European Central Bank is developing a digital euro, currently in a preparation phase expected to run through 2025. The ECB has been more forthcoming than most central banks about privacy trade-offs, acknowledging that a digital euro would not offer the same anonymity as cash, while committing to offline functionality and a tiered structure designed to limit the central bank’s visibility into individual transactions. Those commitments are real, but they are currently policy commitments rather than architectural constraints — they could be revised by future regulators.
The United States is the most complicated case. The Federal Reserve has not committed to a retail CBDC and has repeatedly stated that it would not proceed without clear congressional authorization. FedNow — the Fed’s instant payment rail launched in 2023 — is frequently misidentified as a CBDC, but it is not: it is an interbank settlement system that lets commercial banks offer faster payments to customers. The distinction matters. FedNow does not change who issues the dollar or what form it takes.
Nigeria launched the eNaira in 2021, becoming one of the first major economies to issue a live retail CBDC. Adoption has been weak: as of recent estimates, fewer than 1% of Nigerians actively used it despite the central bank’s aggressive promotion. The lesson from Nigeria is not that CBDCs fail on privacy grounds; it is that adoption without compelling use cases is harder than central banks expect. When your cash works fine and you already have mobile money options, a government app with your transaction history doesn’t add obvious value.
The Programmable Money Problem
The feature that makes CBDCs technically interesting is the same feature that makes them potentially troubling: programmability. Unlike physical cash or a bank deposit, a CBDC can be designed with rules embedded in the money itself. These rules can be trivial — automatic tax withholding at the point of transaction, for instance, which is technically neutral. Or they can be more structurally significant.
The examples that circulate in more alarmed corners of the internet — CBDC funds that expire after a set period to prevent hoarding and stimulate spending, CBDCs restricted to purchases at approved merchants, CBDCs that cannot be transferred to overseas accounts — are not fantasies. They are technically feasible features that some central bank researchers have discussed in working papers as potential policy tools. None of the major CBDC projects currently being deployed have implemented these features. But the infrastructure would support them if a future government wanted to use it.
The problem with programmable money is not what today’s democratic governments plan to do with it. It is that the infrastructure, once built, is available to whatever government comes next — or to the same government under different political conditions.
This is not a hypothetical specific to authoritarian regimes. During the 2022 Canadian trucker protests, the government used emergency powers to freeze the bank accounts of protest participants and donors. That action required coordination between the government and commercial banks, created legal and reputational exposure for the institutions involved, and was eventually reversed. A CBDC architecture where the government has direct control over the payment rail would make a similar action considerably faster, cheaper, and lower-friction to execute.
The Surveillance Architecture You Already Live In — and How CBDCs Are Different
A common objection to CBDC privacy concerns is that your financial data is already surveilled. Your bank reports suspicious transactions to FinCEN. Your credit card company knows where you shop. Google Pay knows what you ordered for lunch. In what sense does a CBDC make things materially worse?
The answer is structural rather than categorical. Under the current system, your financial data is distributed across a network of private institutions that have their own commercial incentives not to share it unnecessarily, that face regulatory and legal barriers to disclosure, and that operate under different jurisdictions with varying levels of government access. When the government wants your financial records, it generally needs to subpoena them from a third party — a process with at least some friction, legal review, and institutional resistance.
A retail CBDC where the central bank maintains a complete ledger of all transactions eliminates that friction. The government is no longer requesting data from a third party. It is reading from its own database. The legal and institutional barriers to access that currently exist in the commercial banking system would not automatically apply. That is a different threat model than the status quo, even if the status quo is already imperfect.
The comparison to cash is more apposite than the comparison to bank accounts. Physical cash is the only payment method that is genuinely anonymous by default. A CBDC, by design, is not cash — even if it is marketed as a digital replacement for it. If CBDCs displace cash (a process that some proponents explicitly endorse), the practical effect is the elimination of any anonymous payment option in everyday life.
Disintermediating the Banks — and Why That Creates New Risks
Beyond the civil liberties dimension, CBDCs pose a genuine systemic risk to the commercial banking sector that most coverage underplays. Commercial banks are not just payment processors; they are credit creation machines. When you deposit money at Barclays, Barclays can lend out most of it, multiplying the money supply through fractional reserve mechanics. This process is the primary way credit flows into the economy.
A retail CBDC that allows people to hold deposits directly with the central bank would, at scale, draw deposits out of the commercial banking system. If depositors can hold risk-free central bank money rather than commercial bank deposits, why would they take the counterparty risk of a commercial bank deposit for everyday balances? The ECB and Bank of England have both explicitly flagged this disintermediation risk and proposed holding limits on individual CBDC balances (the digital euro proposals suggest limits around €3,000) specifically to prevent bank runs into CBDC.
Those limits reveal the underlying tension: a CBDC that is too attractive would destabilize the banking system that central banks exist to protect. A CBDC with too many restrictions ceases to be meaningfully different from existing payment systems. Threading that needle in a way that adds value without creating new systemic fragility is harder than the promotional material suggests.
Why This Is the Argument That Makes Bitcoin Matter to People Who Don’t Care About Crypto
The case for decentralized alternatives to state-issued digital money is rarely made well by crypto enthusiasts, partly because it tends to get wrapped in maximalist rhetoric about the end of central banking. The more defensible version is narrower: as the state’s capacity to monitor and control financial flows increases, assets that exist outside that system acquire a specific utility that has nothing to do with speculation.
Bitcoin’s properties — censorship resistance, fixed supply, no issuer, no central point of control — are not interesting in a world where physical cash is available and banking privacy is reasonably protected. They become considerably more interesting in a world where programmable state money is the only payment option and every transaction is readable by the government.
This is not a Bitcoin advertisement. Ethereum, privacy coins like Monero, and decentralized stablecoins all occupy different positions on the same spectrum. The point is not the specific technology. It is that the architecture of CBDC represents the endpoint of a trend toward financial transparency that has been building since the 1970 Bank Secrecy Act, and that trend has a natural countervailing force: demand for financial instruments that the state cannot easily see or control.
Not All CBDCs Are the Same
It would be intellectually dishonest to frame this as a binary between surveillance nightmare and current status quo. CBDC designs vary substantially, and the differences matter.
The Bank for International Settlements has outlined design principles that distinguish more privacy-preserving architectures from less. An “intermediated” CBDC model, where commercial banks distribute CBDC and hold the KYC relationship while the central bank only sees aggregate flows, is meaningfully different from a direct-to-consumer model where the central bank holds individual account data. Offline-capable CBDCs that allow small-value transactions to clear without network connectivity — and without instant central bank visibility — are closer to digital cash than digital surveillance.
The problem is that the design choices that protect privacy tend to reduce the policy utility that motivates CBDC development in the first place. A CBDC with genuine cash-like anonymity cannot be used for targeted fiscal stimulus, cannot enforce sanctions automatically, and cannot serve as an anti-money-laundering tool. The features that make a CBDC most useful to a government are precisely the features that raise the most legitimate concerns for citizens.
What this means practically: the degree to which any given CBDC infringes on financial freedom is ultimately a political question, not a technical one. The architecture makes surveillance possible. Whether it is used for surveillance depends on the institutions, laws, and political culture of the issuing country. Sweden’s e-krona and China’s e-CNY are both CBDCs. The relevant differences between them are not in the distributed ledger technology.
What Ordinary People Should Actually Think About
For most people in most democracies, the near-term practical implications of CBDC development are limited. No Western country has launched a mandatory retail CBDC. Most proposals include opt-in structures, holding limits, and explicit privacy commitments. The nightmare scenarios require either authoritarian governance or a genuine democratic failure to understand what is being built.
What is worth watching is not the launch headlines but the design choices embedded in the architecture, and whether those choices are being made transparently with genuine public input. The ECB’s consultation process has been more open than most. The Fed’s posture of requiring congressional authorization is the right instinct — these are fundamentally political decisions about the relationship between citizens and the state, not technical ones to be delegated to central bankers.
The one thing that is clearly worth resisting is the displacement of physical cash as a policy goal. Whatever the merits of CBDCs on their own terms, a world in which they replace cash rather than coexist with it is a world in which anonymous transactions are no longer possible by design. That change — quiet, infrastructural, and largely invisible to people who pay by card anyway — would represent a permanent contraction of financial privacy that no future technology update can easily reverse.
The government’s programmable dollar is coming, in some form. The questions worth asking are who gets to program it, what rules get baked in, and what options remain for people who would prefer not to use it.