Will the digital euro really be equivalent to cash?

February 28, 2024
1

The European Central Bank (ECB) is developing a digital euro. Such a digital euro should be “an electronic equivalent to cash”. But will it? It doesn’t look like it, really. Which makes it all the more important to push for better designs for the offline digital euro, and to fight for the continued acceptance of traditional cash.

Work on the digital euro is well underway. It is supported by legislative proposals from the European Commission, about which I blogged a year ago. Here I want to focus specifically on the equivalence of the digital euro to cash.

Properties of cash

Let us first discuss the properties of cash, as used to settle a transaction between a payer (a customer wishing to make a payment) and a payee (a merchant accepting payments). Cash is:

anonymous
payer and payee are fully anonymous, as far as the cash payment is concerned; there may be identifying information in the transaction itself.
untraceable
no record of a cash payment is created when paying with cash; a receipt needs to be created separately.
privacy of balance (updated 2024-02-29)
the amount of cash owned is private, and not known to anybody else.
privacy of amount (updated 2024-02-29)
the amount paid is private, and not known to anybody else.
permissionless
nobody can prevent a cash payment between any payer or payee from happening; the owner of cash is free to decide what to spend, when, where and to whom.
inclusiveness
anybody can own cash.
irreversible
nobody except the payee can reverse a payment.
intrinsic value
cash intrinsically has a fixed and known monetary value (although inflation may reduce its actual value).
instantaneous
a cash payment immediately transfers value from the payer to the payee.
autonomous
a cash payment always works; no other infrastructure except the necessary cash itself is needed to successfully make a payment.
free of charge (for transactions)
a cash payment itself incurs no fees.
costly
printing, distributing, accepting and storing, depositing and in general managing cash is costly.
bulky
large amounts of cash take a significant amount of space to store or transport.
personal risk
cash can be lost or stolen without a trace.
forgeable
cash can be forged, at a cost.

Whether these properties are good or bad depends on your perspective. Anonymity, untraceability and permissionlessness are good for people, but government and law enforcement may not like them as much as they make it harder to prevent money laundering (AML) or to fight the financing of terrorism (CFT). On the other hand the bulkiness of cash make laundering significant amounts of money cumbersome and risky.

Properties of the digital euro

To what extent do the above properties of cash hold for the digital euro as well? In other words: how equivalent are they, exactly?

The answer to that question depends, of course, on how the digital euro will work. Two flavours of digital euro are foreseen: an online digital euro and an offline digital euro.

The online digital euro

Let us first consider the online digital euro. This will essentially be a separate payment account at your bank, that you can use to pay at shops or online like you currently do with your normal bank account, using e.g. a payment card. We can be brief in our analysis here: such an online, account based, digital euro is almost the opposite of cash. It is

not anonymous
payer and payee are identified by their bank account number.
not untraceable
payments are settled between payer and payee accounts, creating a record of the payment at both banks.
no privacy of balance
your bank knows you balance.
no privacy of amount
the bank knows the amount you paid.
not permissionless
banks can/may limit the number or total amount of daily payments; payment networks can/may refuse certain payments.
not inclusive
banks can/may refuse certain customers.
reversible
banks can reverse transactions (provided the payee still has the funds).
intrinsic value
digital euro by definition should have the same intrinsic value as cash.
instantaneous
transactions must be settled immediately by law.
not autonomous
card payments depend on a complex payment infrastructure to work.
not free of charge (for transactions)
card payments typically involve a transaction fee (although, to be fair, this includes the settlement of the transaction).
less costly
printing, distributing, accepting and storing, depositing and in general managing digital money could be less costly (although in practice this appears not to be the case).
not bulky at all
digital money takes no space.
systemic risk
simplifying tremendously (a lot could be said about this) account based digital money carries less personal risks (theft or loss always leaves a trace), but more systemic risks (in case of cyber attacks aimed at banks).
unforgeable
again simplifying tremendously, at least for outsiders forging account based money is hard.

The offline digital euro

For offline digital euro the situation is less clear. In general terms the offline digital euro is envisioned to be a wallet based scheme, where an app on the smartphone stores some digital euro. And without going into any technical detail, certain properties of online digital euro also apply to any offline digital euro almost by definition:

not autonomous
a smartphone wallet depends on a smartphone ecosystem, and on some form of digital communication infrastructure to facilitate a payment between payer and payee.
not permissionless
because of this dependence on infrastructure, this infrastructure could impose restrictions on its use.
not inclusive
offline digital euro users need to own a sufficiently modern smartphone.
intrinsic value
digital euro by definition should have the same intrinsic value as cash.
instantaneous
transactions must be settled immediately by law (although final settlement may happen later).

Also, offline digital euro is not bulky at all, and any reasonable implementation should be unforgeable, irreversible (added 2024-02-29) and suffer mostly from systemic risks. Regarding cost, I am unable to make any substantiated comment.

Preventing double spending

Interestingly, wallet based systems that store digital euro all have to reckon with a risk that is by definition absent from both physical cash and account based systems, namely the risk of double spending. If euro’s are stored as digital data inside in a wallet, there is always (a theoretical) risk that copies of this data are made that would allow a user to spend some euro at least twice. After all, a copy of a digital coin cannot be distinguished from its original. So in principle such a copy has the same value as the original.

There are essentially two ways to prevent double spending. (There are also additional mechanisms to detect double spending afterwards, that we will not discuss here.)

One is to prevent a user form making digital copies of the wallet. This means that some sort of hardware security mechanisms (like smart cards) must be implemented, that prevent the user from tampering with the wallet. The problem is that strong hardware based security is difficult to achieve, and that a wallet containing actual digital euro is a very attractive target for criminals. I would be reluctant to base the overall security of offline digital euro on such a hardware based approach. (Unless a lot of additional transaction monitoring is taking place, that likely will adversely impact anonymity and untraceability.) Interestingly enough, we used to have two competing smart card based payment system in Netherlands in the nineties (Chipper and ChipKnip), which stored monetary value on the smart card that you could then use to pay (offline) at stores. They were essentially extension of the phone cards that you could buy to use in payphones - this was when mobile phones were still rare. It was in use well into the first decade of this century. Both schemes were not anonymous: payments were linked the unique smart card wallet identifiers.

The other mechanism is to prevent a user from successfully using a copy of the wallet. In this case some monitoring will have to take place during each and every payment, that will prevent such a copy from being used. Many digital payment schemes therefore rely on the payee to be online and to check with the payment network whether the money in a wallet that is transferred to it is still fresh and has not already been spent during an earlier transaction (possibly with another merchant). In practice this means that in offline digital payment schemes offline direct wallet to wallet payments (part of the untraceability property of traditional cash) are prohibited. The payee has to clear the payment online, and only then can decide to store the digital money in its own wallet.

Notice how this second mechanism contradicts the fact that the offline digital euro is supposedly offline…

More importantly, the way this second mechanism is implemented will have a strong influence on the remaining properties of the offline digital euro. For example, if a payment made with digital euro needs to be settled by the payee through its bank account, the payee identity (together with the payment amount) is revealed to the bank, breaking payee anonymity and untraceability (to some extent).

More privacy friendly options can be thought of, for example one where received digital money can be settled anonymously in exchange for fresh digital money issued to the payee wallet in return. But the act of settlement will require a network connection to the payment settlement infrastructure that may be hard to make sufficiently private and may thus lead to traces of metadata linked to payment transactions.

Note that the mechanism to preventing double spending does not necessarily rule out payer anonymity, provided the digital money is issued to the wallet in a privacy friendly way (as David Chaum already showed in 1982, and as further explained in this proposal for privacy friendly digital euro).

Holding limits

Another issue is the implementation of holding limits. The proposed regulation mandates strict enforcement of holding limits, out of money laundering concerns, also for offline digital euro. This by definition implies that also the offline digital euro is not entirely private: at least it is known that no user holds more than the holding limit in offline digital euro.

If holding limits are only locally enforced, by the wallet running on the smartphone, this is all that is known and at least some privacy is retained. But if banks issuing offline digital euro to wallets keep track of the total wallet balance, then the offline digital euro is not private.

Privacy would be better protected if, instead of holding limits, there are restrictions on the money flow, i.e. restrictions on the amounts one can pay with offline digital euro per transaction or per day. Similarly, one could restrict the total amount of offline digital euro that could be issued to a wallet per day - similar to restrictions on obtaining cash from ATMs. Such limits can be enforced locally by wallets and issuing banks, without revealing the current wallet balance.

Conclusions

The following table summarises the properties of the different cash and digital euro options. (Updated 2024-02-29).

Property Cash Online
euro
Offline
euro
anonymous v - partial
untraceable v - partial
privacy of balance v - very limited (by law)
privacy of amount v - ?
permissionless v - -
inclusiveness v - -
irreversible v - v
intrinsic value v v v
instantaneous v v v (?)
autonomous v - -
transaction cost free charged chargable
costly v shouldn’t be ?
bulky v - -
risk personal systemic systemic
forgeable v - -

We see that online digital euro is not equivalent to cash at all, in fact quite the opposite. For offline digital euro important properties of cash (like autonomy, permissionlessness and inclusiveness) do not hold. It is also not private (by law), and other privacy properties of cash (like anonymity and untraceability) will only hold to some extent. Only if all the right design decisions are made, and certain legal constraints related to AML and CFT are lifted, a reasonable compromise can be reached. Again, not all properties of cash can be retained in the digital domain.

It is important to realise that so far the regulation requires the ECB to issue both online and offline digital euro at the same time. In other words, as long as a reliable implementation of the offline digital euro has not been established, the online digital euro cannot be launched. But as the above discussion may have made clear, implementing offline digital euro with all the right properties is not easy at all. And the ECB has already signalled that this may delay the launch of the digital euro. Given the political significance attached to the digital euro, a long delay may not be acceptable. In that case, pressure will increase to launch the online digital euro before the offline digital euro. This should be prevented at all cost: the online digital euro is not like cash at all. And once issued, the ECB may be less inclined to work hard on also implementing an offline digital, given how difficult that probably is going to be.

In summary: the digital euro is not equivalent to cash, and unless all stars align, it will be sufficiently different from cash to be a real replacement of it. This is a severe shortcoming, but every cloud has a silver lining.

The proposal to regulate the legal tender of euro banknotes and coins, that is being discussed in tandem with the proposal for the digital euro, will reestablish cash as a proper and universally accepted means of payment. Cash will have to be accepted essentially everywhere where you can pay by card. In other words: “no cash” signs will be a thing of the past. (This assumes the regulation will not be watered down the extent that it becomes meaningless.)

The European Parliament has an important role to play here. First, to ensure that the launch of the online digital euro is strictly tied to the simultaneous launch of the offline digital euro. And second, to strictly protect the use and acceptance of cash. Otherwise, the push for digital euro will essentially kill cash, and thus kill the only permissionless, inclusive and privacy friendly means of payment we have.

In case you spot any errors on this page, please notify me!
Or, leave a comment.
Jacqueline Haarsma
, 2024-03-05
(reply)

Hello Thank you very much for your informative piece on the digital euro and how it compares to cash. I would be interested to discuss it more. Please let me know.

There were two points that I would like to add: 1. Intrinsic value: this is used in textbooks to describe the market value of the material (the gold, or the material). I think in your article you mean “nominal value” (the value that is printed on the coin)

  1. With regard to the legal tender status: It is my understanding that the legislative proposal aims to harmonise across Europe what ‘legal tender’ means. I can not judge this, but this sounds like a valid proposal. Especially, as you mention, it will benefit the acceptance of cash. But in the current legislative proposal the EC for the digital euro, it is proposed to make the digital euro legal tender as well. This comes down to making acceptance of digital euros mandatory to merchants and that should imho be prevented.

Best wishes, Jacqueline Haarsma Stichting Ons Geld