Q7: How would the digital euro work?
The European Central Bank answers:We answer them:The digital euro would allow people to make secure instant payments in physical and online shops and between individuals, irrespective of the euro area country they are in or which payment service provider they use.
The first step would be to set up your digital euro wallet through your bank, a post office or other payment service provider.
Once your digital euro wallet is set up, you will be able to put money into it via a linked bank account or by depositing cash. You would then be able to make payments using the digital euro wallet, for example via your phone or a smart card.
Digital euro payments would always be safe and instant – whether in physical stores, in online shops or between people.
The digital euro would offer both online and offline functionalities, meaning you could use it even when you have poor or no network reception. Moreover, personal transaction details of offline digital euro payments would be known only to the payer and the payee, providing a cash-like level of privacy.
Ruling out double-spending risks for transactions in offline scenarios is impossible (KF2) according to the mathematically proven CAP theorem which states that no distributed system can be partition-tolerant (being disconnected), available (still work), and consistent (without double-spending) at the same time. [1]. An ECB official at a forum in Vienna in 2024 publicly declared this to not be a problem since “secret proprietary technology solves it” [2]. This approach to “security through obscurity” contradicts Kerckhoffs’ principle— a fundamental concept in cryptography which asserts that the security of a system should not depend on the secrecy of its algorithm [3]. An actual solution would require finding a flaw in the proof of the CAP theorem, which must be considered highly unlikely at this point.
In fact, the publicly available documents on the current state of the design of the offline functionality [4] are still very vague about the actual technical design. But they do mention the need for “forgery check during defunding”, i.e., a delayed check for double-spending, contradicting the claim of offline payments being “safe and instant”, and putting the promised anonymity of offline transactions into question.
The ECB thus acknowledges the inevitable risk of double-spending in offline payments, hoping to mitigate it with “secure hardware” and “tamper-resistant features” to “protect the information stored on the device and allow mutual device authenticity checks” [4]. However, focusing on dedicated devices like secure elements (SEs) and eSIMs and excluding Trusted Execution Environments (TEEs), as recently declared by the ECB in [5], will not be enough: While physical attacks are typically needed to compromise such hardware (cf. (KF2)), the potential return by unlimited digital euro duplication will likely outweigh the necessary investment costs. Offline digital euro wallet holders themselves have by definition full physical control of their hardware, and therefore must be considered as potential attackers. That is, any owner of a wallet who can acquire the ability (by skill or as service) to break the protection, can, in consequence, double spend during offline payments (KF2). The historic track record of breakages of “tamper-resistant features” in the past, the strong incentive for wallet owners to take advantage of their devices for financial gain, and the fair assumption of a large number of deployments of wallets— and therefore opportunities to experiment with the devices in private labs—, suggest that such acquisition of ability to double spend is quite likely [6].
With this threat model in mind, the selected solution for the offline digital euro by G+D [7;8] becomes questionable: the solution was ranked as “low” both for “Platform Security” and “Maintenance and Communication” in a recent survey [9]. The problem here is not the specific solution, but that secrecy (i.e. the non-disclosure of the details of the inner workings, in violation of Kerckhoff’s principle) is the main line of defense against double-spending attacks on digital offline payment systems which results in the low ranking in terms of security and transparency for any such platform (KF2).
Even without malicious intent of a user, the hardware and software may simply just have defects that manifest themselves as double-spending or look like fraud. If those defects are widespread, e.g., across many users with the same hardware or software version, they would result in many failing attempts of settlement, after “successful” offline payments. It is worth noting that the damages in these cases scale linearly with the number of transactions in the system, not only with the amount of money in it.
The ECB has not addressed the question of liability, i.e., how merchants and users who fall victim to fraud of the offline digital euro will be compensated (KF3). It barely states that “either the PSP, the merchant or, in some cases, the consumer would be liable”, never the ECB itself [10].
Linking a digital euro account to a commercial bank account for automatic defunding and funding, in particular, opens up a significant security risk: A compromised digital euro account could be used as an entry point to the ordinary bank account, by moving money without further user confirmation to the digital euro account using the reverse waterfall mechanism, thus enabling to steal money from a users’ ordinary bank account— a threat that didn’t exist prior to the introduction of digital euro accounts, which are even mandatory in the online version.
- S. Gilbert and N. Lynch,
Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services,
SIGACT News, vol. 33, no. 2, pp. 51–59, 2002. doi:10.1145/564585.564601 - A. Giovannini and M. Stibane, Euro 2.0 – der euro wird (auch) digital - oesterreichische nationalbank. Statement on stage in discussion with audience, https://mastodon.social/@taler/112084243675777718, 2024.
- A. Kerckhoffs,
La cryptographie militaire,
Journal des sciences militaires, vol. IX, pp. 5–38, 161–191, 1883. - European Central Bank, State of play on offline digital euro—11th ERPB technical session on digital euro. https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.degov240411_item3updateofflinedigitaleuro.en.pdf, 2024.
- European Central Bank, Progress on the preparation phase of a digital euro: Closing progress report. Publications Office of the European Union, 2025. [Online]. Available: https://data.europa.eu/doi/10.2866/3423337 [Accessed: Jan. 19, 2026].
- C. Grothoff and F. Dold, Why a digital euro should be online-first and bearer-based. https://taler.net/en/news/2021-03.html, 2021.
- E. Bank,
ECB selects digital euro service providers,
ECB, Oct. 2, 2025. [Online]. Available: https://www.ecb.europa.eu/press/intro/news/html/ecb.mipnews251002.de.html [Accessed: Jan. 14, 2026]. - Giesecke+Devrient, New survey indicates digital euro must also work offline. https://www.gi-de.com/en/group/press/press-releases/new-survey-indicates-digital-euro-must-also-work-offline, 2024.
- Chavanette Advisors, Galactic grid: Your guide to the complex landscape of retail central bank digital currency technology providers. Chavanette Advisors, 2024.
- European Central Bank, A stocktake on the digital euro - summary report on the investigation phase and outlook on the next phase. https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf//ecb.dedocs231018.en.pdf, 2023.