Although the regulation of CBDC systems depends on local jurisdiction, systems share many of the same functional and non-functional requirements. For example, the critical impact of CBDC infrastructure on the monetary supply implies that it should be governed by central banks. However, the robustness and resilience requirements associated with the critical nature of a CBDC system impose a decentralized governance, geographically distributed deployment of the system and independent operation of the different parts of the system.

Regulatory compliance and efficient dispute resolution capabilities require transparency, auditability, and non-repudiation. Regulations such as the anti-money-laundering directive (AML) (link resides outside ibm.com) or efforts that focus on combating the financing of terrorism (CFT) (link resides outside ibm.com) stipulate that suspicious payment transactions be detected, attributed to their origin and reported to the relevant authorities. Alternatively, the EU’s Revised Payment Services Directive (PSD2) (link resides outside ibm.com) emphasizes the importance of fraud detection and dispute resolution. Additionally, a CBDC system should interoperate with existing payment, settlement, and liquidity infrastructures alongside other CBDC systems and emerging digital asset systems.

The performance and scalability of the system are crucial for its acceptance and use. This is important for a wholesale CBDC platform that seeks to extend its use for other applications beyond settlement. Retail CBDC systems should be able to compete with existing payment services and accommodate millions of user transactions. This means being able to process tens of thousands of transactions per second (TPS) at peak times.

Payment transaction privacy is also important. Privacy refers to the right of data owners to control who accesses their transactional information. For example, PSD2 states that the processing of personal information must comply with the GDPR and its principles of data minimization, which restricts the collection of personal information to what is necessary for transaction processing. This can be interpreted in various ways. A conservative approach to data minimization makes sure that payment transactions are processed without leaking any information about the transacting parties or the values of the transactions. This renders transaction monitoring and audit more difficult. A permissive approach reveals the value of the payments and potentially the identities of the payer and payee.

A progressive CBDC system should accommodate different interpretations of privacy, along with all other requirements, including performance and auditability. As technology evolves, so do privacy regulations and requirements—and agility should be built in.