<aside>
Site Navigation
Home | In Short | The Problem | Why Trust | The Response | Scenarios | Why Now | Convergence | Questions
</aside>
<aside>
Page Navigation
</aside>
As CBDC design matures, a new question is coming into focus: who is accountable for the data that movement introduces?
A retail Central Bank Digital Currency integrates value transfer, identity verification, and transaction data into a single programmable infrastructure. Existing architectures define how this system operates. They do not define who is responsible for the data it produces. This is the fiduciary gap.
CBDCs are often described as a redesign of money. They are also a redesign of the information architecture that surrounds it. Unlike cash, a retail CBDC can generate continuous, identity-linked records of economic behaviour. Unlike existing digital systems, these records can be structurally integrated into a single infrastructure. The efficiency gains are real. So is what becomes concentrated in the process.
The fiduciary gap
Current CBDC architectures delegate customer-facing activity to licensed private intermediaries while retaining sovereign issuance at the central bank. This division of labour is sound for monetary purposes. It does not resolve who governs the data generated at the interface between sovereign infrastructure and individual economic behaviour.
Technical solutions reduce what is visible. Regulatory frameworks define permissible use. Neither assigns any institution the legal mandate to act as fiduciary for data subjects within the monetary system. The fiduciary gap is this unassigned mandate. Every system assigns responsibility for what it produces. In programmable money, that assignment is missing.
This introduces a potential stability risk, not just a privacy concern
Trust in central bank money is not a reputational variable. It is foundational to monetary stability. In a digital monetary system, the constraint is not only technical resilience, but sustained public trust in the neutrality and governance of the infrastructure. A CBDC architecture that concentrates transactional data without distributed accountability separates the plumbing of money from its psychology. The plumbing may function flawlessly while public trust collapses. In a digital monetary system, it is the psychology that determines whether the plumbing is used at all.
A system can be technically robust and institutionally fragile at the same time.
The tri-layer architecture