Jul 07, 2026
EU Decision on the Digital Euro: A Missed Opportunity for Real Payment Data Protection!
On June 23, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) adopted its negotiating position on the “Single Currency Package,” thereby clearing the way for the introduction of the digital euro on the part of the European Parliament. The resolution largely adopts the European Commission’s 2023 draft without changes.
Researchers at the Faculty of Computer Science at TU Dresden criticize the lack of important discussions regarding the requirements and priorities of a digital central bank currency. Mikolai Gütschow, who conducts research on digital payment systems at the Chair of Distributed and Networked Systems as part of the BMFTR-funded “Concrete Contracts” project, summarizes the situation as follows: “Unfortunately, the draft misses the opportunity to achieve genuine data protection and digital sovereignty in payments.” And he predicts: “Copy protection or anonymity in offline payments will not hold up.”
The digital euro will consist of two fundamentally different versions: an online and an offline variant. The online variant is account-based and thus technically corresponds to today’s bank accounts and European payment systems such as Wero. The draft bill promises “Privacy by Design” and “Privacy by Default”—such as zero-knowledge proofs, which allow payments to be verified without disclosing personal data. However, this refers only to the ECB’s lack of access to identification data, not to the private payment service providers that are to manage the digital euro for end customers. Özgür Kesim, partner at Concrete Contracts and CEO of Code Blau GmbH, says: “This means these providers still have the ability—and, due to anti-money laundering legislation, the obligation!—to routinely monitor all payments made with the digital euro. The online version will thus offer no improvements in terms of privacy protection compared to today’s digital payment systems, which are all account-based.” Mikolai Gütschow emphasizes: “According to the draft bill, the central database containing all account balances under ECB supervision is supposed to store the data only in pseudonymized form. However, it would not be technically difficult to merge this data with other datasets at a later stage. Especially given past experiences with data breaches at well-known companies and government agencies, it would be better not to centralize sensitive payment data—even in pseudonymized form—in the first place.”
The offline variant, on the other hand, relies on digital monetary values that are stored locally on end-user devices and can be transferred between users completely anonymously without an internet connection. Gütschow raises the following concern: “Digital data can be copied perfectly as often as desired. Without central control, there is no way to prevent money from being spent multiple times—what is known as ‘double-spending.’” As a solution, the European Central Bank (ECB) proposes the use of secure hardware to protect monetary values from manipulation. Gütschow is critical of this approach: “Similar copy-protection measures have often been circumvented in the past, for example with Blu-rays or smartphones. Since the financial incentive is unlimited, the motivation to circumvent these measures will also be high.” Kesim adds: “Due to the promised anonymity, it will not be possible to identify the attackers. Unless, that is, this promise were broken and a tracing mechanism were introduced to prevent abuse.” In summary, this means: The offline version is either not truly anonymous, or the copy protection will be cracked sooner or later—with potentially significant financial losses for the ECB and society.
From the researchers’ perspective, however, there is a better alternative: The open-source payment system GNU Taler is currently being tested in Switzerland and fulfills key objectives of the digital euro—cash-level privacy protection and digital sovereignty. Mikolai Gütschow and Özgür Kesim have been researching and working on this system for years; it is based on distributed digital monetary values and prevents double-spending by ensuring that at least one party to the transaction is connected to the internet. GNU Taler guarantees “asymmetric anonymity”: buyers remain anonymous, just as with cash, while payees are identifiable—a measure that helps combat money laundering and promotes tax transparency. Kesim emphasizes: “Taler is openly specified and available as free software. This makes it verifiable, customizable, and interoperable.” Thus, GNU Taler aligns with the EU’s open-source strategy and safeguards digital sovereignty against governments and private companies.
Taler’s suitability as a central bank digital currency was already demonstrated in 2021. Despite repeated submissions to the ECB and the European Parliament, the proposal was not taken up during the deliberations. Further information and criticisms regarding the digital euro in its planned form have been published in specialized journals and can be read and listened to online.