1 Introduction
The rapid expansion of CBDC research programs across central banks represents one of the most significant developments in monetary infrastructure since the abandonment of metallic standards.1 As of early 2026, 134 countries representing 98 percent of global GDP are actively exploring or developing CBDCs, with three having launched retail digital currencies at national scale.
This paper contributes to the growing literature by proposing a structured framework for comparing design approaches. Rather than evaluating individual implementations, we focus on the architectural choices that determine how a CBDC will function within its broader monetary ecosystem.2
The stakes are considerable. A poorly designed CBDC could destabilize commercial banking, compromise monetary policy transmission, or undermine public trust in the payments infrastructure. Conversely, a well-designed CBDC could enhance financial inclusion, reduce settlement costs, and provide central banks with new tools for implementing monetary policy in an increasingly digital economy.3
Our approach organizes the design space along four principal axes: privacy architecture, programmability, offline capability, and interoperability. For each axis we identify the range of feasible design choices, the trade-offs involved, and the empirical patterns observed across existing programs. We then use cluster analysis to identify five distinct design archetypes and assess their suitability under different institutional conditions.
2 Design Principles
2.1 Privacy Architecture
The tension between transaction privacy and regulatory compliance represents the most contested design axis in CBDC development. We identify three primary models: full anonymity, which mirrors physical cash but is impractical for most regulatory jurisdictions; full transparency, which simplifies compliance but is politically untenable; and tiered anonymity, where transaction size and frequency determine the degree of identity disclosure.4
Table 1: Privacy Architecture Comparison
| Model | Privacy Level | AML Compliance | Adoption Risk | Implementation |
|---|---|---|---|---|
| Full Anonymity | High | Low | High | Simple |
| Full Transparency | Low | High | High | Simple |
| Tiered Anonymity | Medium | Medium-High | Low | Complex |
| Pseudonymous | Medium-High | Medium | Medium | Moderate |
2.2 Settlement Architecture
Settlement finality — the point at which a transaction becomes irrevocable — is a critical design parameter. Real-time gross settlement (RTGS) offers immediate finality but requires significant computational infrastructure. Deferred net settlement reduces system load but introduces counterparty risk during the settlement window. A growing number of implementations adopt a hybrid settlement model that processes low-value retail transactions in batches while settling high-value wholesale transactions in real time.
2.3 Programmability
Programmability refers to the ability to embed conditional logic within CBDC transactions — for example, time-limited spending vouchers or purpose-bound government transfers. While programmability offers significant policy flexibility, it raises concerns about monetary neutrality: the principle that money should be a general-purpose medium of exchange without embedded restrictions on its use.5
Table 2: Programmability Spectrum
| Level | Description | Example | Risk |
|---|---|---|---|
| L0 | No programmability | Cash-equivalent | Low |
| L1 | Time-limited validity | Expiring vouchers | Low |
| L2 | Purpose-bound transfers | Housing subsidies | Medium |
| L3 | Full smart contracts | Automated taxation | High |
2.4 Offline Capability
The capacity for offline transactions is essential for financial inclusion in regions with unreliable connectivity. Hardware-based approaches using secure elements in SIM cards or dedicated devices can support limited offline transaction sequences, but must reconcile offline balances with the central ledger upon reconnection. The security of offline transactions depends on tamper-resistant hardware to prevent double-spending during the offline window.
3 Comparative Analysis
Analyzing 68 active CBDC programs across all major economic regions, we classify implementations into five design archetypes based on their positions along four axes: privacy, programmability, offline capability, and interoperability. Programs were coded according to publicly available design documents, technical whitepapers, and central bank communications.6
Figure 1: CBDC Programs by Design Archetype
The hybrid two-tier archetype dominates, with 88 percent of programs adopting an architecture in which the central bank issues the CBDC but distributes it through regulated intermediaries (typically commercial banks and licensed payment service providers). This reflects a pragmatic consensus that direct retail CBDC provision would impose unsustainable operational burdens on central banks while disintermediating the commercial banking sector.
Figure 2: Design Feature Adoption by Region
Regional variation is significant. Asia-Pacific programs are notably more advanced in terms of feature adoption, with 82 percent incorporating both offline capability and some form of programmability. European programs emphasize privacy architecture, reflecting the influence of the GDPR regulatory framework. Programs in the Americas and Africa show greater variation, with several focusing specifically on financial inclusion objectives.7
Table 3: Cross-Border Interoperability Models
| Model | Latency | Scalability | Governance | Status |
|---|---|---|---|---|
| Single mCBDC | <10s | Limited | Centralized | Pilot |
| Multi-CBDC Bridge | <30s | Moderate | Consortium | Pilot |
| Compatible Standards | Variable | High | Distributed | Proposed |
| Corridor Currency | <5s | High | Supranational | Concept |
4 Policy Implications
Our framework reveals several important policy implications. First, the choice of privacy architecture is not merely a technical decision — it reflects fundamental assumptions about the relationship between the state and financial privacy. Jurisdictions with strong data protection traditions (particularly in Europe) tend to favor tiered anonymity models, while those with more extensive financial surveillance infrastructure tend toward transparency-oriented designs.
Second, the disintermediation risk to commercial banks remains the most frequently cited concern among central bank officials. Our analysis confirms that this risk is design-dependent: hybrid two-tier architectures with holding limits and zero-interest CBDC effectively mitigate deposit flight, while direct retail models without such safeguards could trigger significant balance-sheet contractions in the banking sector.8
Figure 3: Risk Assessment by Design Archetype
Third, cross-border interoperability remains the least developed dimension of CBDC design. While projects like mBridge have demonstrated the technical feasibility of multi-CBDC platforms, the governance challenges — including jurisdictional authority over transaction disputes, currency controls, and sanctions compliance — remain largely unresolved. Our analysis suggests that a standards-based approach, rather than a single shared platform, is more likely to achieve broad adoption.9
5 Conclusion
The design of a CBDC is not a purely technical exercise. It is a policy choice with far-reaching implications for privacy, financial inclusion, monetary sovereignty, and the future structure of the banking system. Our framework demonstrates that no single design archetype is universally optimal; rather, the appropriate design depends on a jurisdiction's specific monetary, institutional, and technological context.
The hybrid two-tier model has emerged as the dominant archetype, adopted by 88 percent of active programs, because it effectively balances innovation with institutional continuity. However, we caution against treating this as a default — jurisdictions with strong financial inclusion mandates, limited banking infrastructure, or specific cross-border integration needs may be better served by alternative architectures.
Further research is needed on three fronts: the long-term effects of CBDC adoption on commercial bank deposit bases and lending capacity; the interaction between CBDC design features and monetary policy transmission mechanisms; and the governance frameworks required for cross-border CBDC interoperability at scale. As CBDCs move from research to implementation, the design choices made today will shape the monetary infrastructure of the coming decades.
Cite This Paper
Whitfield, E., Nakamura, J., & Deshmukh, P. (2026). “Toward a Framework for Evaluating Central Bank Digital Currency Design Choices.” cbdc.study Working Paper, WP-2026-03.
References
Adrian, T., & Mancini-Griffoli, T. (2023). “The Rise of Digital Money: A Strategic Plan to Continue Delivering on the IMF’s Mandate.” IMF Staff Discussion Note, SDN/23/02.
Auer, R., Haene, P., & Holden, H. (2022). “CBDCs Beyond Borders: Results from a Survey of Central Banks.” BIS Working Papers, No. 1049.
Bank for International Settlements. (2024). Project mBridge: Connecting Economies Through CBDC. BIS Innovation Hub Report.
Bindseil, U. (2020). “Tiered CBDC and the Financial System.” ECB Working Paper, No. 2351.
Bordo, M. D., & Levin, A. T. (2017). “Central Bank Digital Currency and the Future of Monetary Policy.” NBER Working Paper, No. 23711.
Committee on Payments and Market Infrastructures. (2024). “Central Bank Digital Currencies for Cross-Border Payments.” CPMI Papers, No. 220.
European Central Bank. (2023). A Digital Euro: Privacy and Compliance Framework. ECB Publications.
International Monetary Fund. (2024). CBDC Progress Tracker: Global Implementation Status. IMF Fintech Note 2024/03.
Kumhof, M., & Noone, C. (2021). “Central Bank Digital Currencies — Design Principles for Financial Stability.” Bank of England Staff Working Paper, No. 725.