As of October 2025, Central Bank Digital Currencies (CBDCs) represent a transformative shift in global finance, blending digital innovation with sovereign monetary control. Over 130 countries are exploring CBDCs, with 11 having fully launched them as legal tender. These digital versions of fiat currency promise efficiency in payments, financial inclusion, and cross-border transactions, but they also raise profound concerns about privacy, surveillance, and human rights. This article examines the legal status of CBDCs in key jurisdictions, their rollout timelines, programmability features, integration with digital identities, associated risks, taxation issues, and conflict-of-law challenges. It concludes with a deep dive into the human rights implications in cyberspace and the complexities of international legal conflicts.
Legal Positions Of CBDCs In India, The US, UK, EU, And Other Countries
The legal framework for CBDCs varies widely, reflecting national priorities on innovation, privacy, and financial stability.
(a) India: The Reserve Bank of India (RBI) launched the e-Rupee in pilot form in 2022 for wholesale and retail use. By 2025, it is expanding with offline functionality and broader participation, positioning it as legal tender under the RBI Act. However, full-scale adoption remains in testing, integrated with existing payment systems like UPI.
(b) United States: In January 2025, President Donald Trump issued an executive order halting the Federal Reserve’s CBDC project, citing surveillance risks. No retail or wholesale CBDC is legally authorised, and legislative efforts like the CBDC Anti-Surveillance State Act reinforce this ban.
(c) United Kingdom: The Bank of England is in the research and exploration phase for a “digital pound,” with no launch timeline. It is legally permissible under existing monetary laws, but emphasis is on privacy safeguards and complementarity with private stablecoins.
(d) European Union: The European Central Bank (ECB) is in the preparation phase for the digital euro, following legislative approval in 2023. As of 2025, it is not launched but is legally framed as a complement to cash, with rules ensuring privacy and interoperability across member states.
(e) China: The e-CNY (digital yuan) is fully operational since 2022, recognized as legal tender under the People’s Bank of China Law, with widespread use in retail and cross-border payments.
(f) Brazil: The Drex CBDC entered pilots in 2023 and is slated for full launch in late 2025, backed by the Central Bank of Brazil as legal tender.
(g) Nigeria: The eNaira, launched in 2021, is legal tender under the CBN Act, though adoption has been modest.
(h) Sweden: The Riksbank ended its e-krona pilot in 2023 without launch; it remains exploratory and not legally issued.
(i) Bahamas: The Sand Dollar, launched in 2020, is the world’s first retail CBDC and full legal tender.
(j) Jamaica: JAM-DEX, launched in 2022, is legal tender under the Bank of Jamaica Act.
These positions highlight a spectrum from full integration (China, Bahamas) to outright prohibition (US).
Countries With Legally Valid CBDCs: A Comparative Table
The following table summarises major economies and countries with launched CBDCs, focusing on those where they are legally valid as tender. Data reflects status as of October 2025. “Launched” indicates full operational status beyond pilots.
| Country/Region | CBDC Name | Launch Year | Legal Status | Key Features |
|---|---|---|---|---|
| Bahamas | Sand Dollar | 2020 | Full legal tender | Retail-focused, offline capable |
| Jamaica | JAM-DEX | 2022 | Full legal tender | Retail and wholesale |
| Nigeria | eNaira | 2021 | Full legal tender | Retail, low adoption |
| China | e-CNY | 2022 | Full legal tender | Retail/wholesale, programmable |
| Eastern Caribbean | DCash | 2021 | Full legal tender | Regional retail |
| Zimbabwe | ZiG | 2024 | Full legal tender | Retail, inflation hedge |
| India | e-Rupee | 2025 (expanding pilot) | Pilot, legal tender in tests | Retail/wholesale, UPI-linked |
| Brazil | Drex | 2025 | Launching, legal tender | Wholesale, tokenization |
| European Union | Digital Euro | N/A (prep phase) | Not launched | Privacy-focused, retail |
| United Kingdom | Digital Pound | N/A (research) | Not launched | Exploratory, privacy emphasis |
| United States | None | N/A | Halted by executive order | Banned for retail |
| Sweden | e-Krona | N/A | Pilot ended, no launch | Abandoned |
This table covers 12 entities, with 7 having fully legally valid CBDCs.
Programmable CBDCs: Adoption And Threats To Civil Liberties
Programmable CBDCs incorporate smart contract-like features, allowing conditions on transactions (e.g., expiration dates, merchant restrictions, or automated compliance). As of October 2025, only a few launched CBDCs feature true programmability, primarily in pilots or advanced systems.
Countries With Programmable CBDC:
(a) China: The e-CNY supports programmability for targeted stimulus (e.g., vouchers expiring after use) and cross-border controls.
(b) Brazil: Drex includes tokenization and smart contracts for wholesale use, launching with programmable elements in 2025.
(c) India: e-Rupee pilots explore programmability for welfare payments.
Countries Without Programmable CBDC:
(a) Bahamas, Jamaica, Nigeria, Zimbabwe, Eastern Caribbean: Basic designs without smart features; focus on simple digital cash.
(b) UK, EU, Sweden: No launched CBDC, but explorations (e.g., ECB pilots) include optional programmability with privacy limits.
Programmable CBDCs enable granular control, but this raises severe human rights risks. Governments could restrict spending on “undesirable” items (e.g., alcohol, political donations), impose geographic limits, or make funds expire to curb hoarding—effectively engineering behavior. In cyberspace, transaction data could feed AI surveillance, tracking online purchases or donations in real-time, violating privacy under Article 12 of the Universal Declaration of Human Rights. During protests, authorities might freeze dissidents’ wallets, suppressing free expression (Article 19). Expiring money could force consumption, undermining economic freedom, while interoperability with social credit systems (as in China) amplifies population control, eroding civil liberties like autonomy and non-discrimination.
Digital IDs Integrated With CBDC: India’s Aadhaar As A Cautionary Tale
Several countries link CBDCs to national digital ID systems for KYC and seamless access, but this amplifies surveillance.
Countries With Integrated Digital ID And CBDC:
(a) India: Aadhaar, the world’s largest biometric database (1.3 billion users), is partially integrated with e-Rupee pilots for authentication. Launched in 2010, it mandates biometrics (iris, fingerprints, face) for services, often coercively.
(b) China: The National Digital ID ties to e-CNY for seamless transactions, enabling real-time monitoring.
(c) Eastern Caribbean: DCash uses regional digital IDs for access.
(d) Others like Estonia and Singapore have advanced digital IDs (e-Residency, SingPass) but no launched CBDC yet; pilots explore links.
India’s Aadhaar exemplifies an “Orwellian” tool: It has excluded millions from welfare due to biometric failures, enabled data breaches affecting 1.1 billion records, and forced biometric surrender for basic services, fostering a surveillance state that oppresses privacy and dignity.
Dangers Of Combining Digital IDs Like Aadhaar And CBDCs
Merging digital IDs with CBDCs creates a “total information awareness” ecosystem, posing existential threats:
(a) Surveillance and Privacy Erosion: Biometric-linked wallets enable perpetual tracking of spending patterns, location, and associations, risking mass data leaks or abuses (e.g., Aadhaar’s 2023 breaches exposed financial data).
(b) Exclusion and Discrimination: Biometric errors exclude marginalised groups (e.g., 10% Aadhaar failure rate for manual laborers), denying access to funds and violating equality rights.
(c) Cybersecurity Vulnerabilities: Hackers could steal identities and drain wallets, with no cash fallback; state access could weaponize data against minorities.
(d) Human Rights Violations: Coercive enrollment erodes bodily autonomy (biometrics as “forced surrender”), while programmable features could enforce social controls, chilling free speech in cyberspace.
Safeguards like anonymised tiers are proposed, but implementation lags.
Taxation Issues In CBDC-Adopting Countries
CBDCs are generally tax-neutral like fiat, but their rise intersects with crypto taxation, as many treat CBDC gains similarly to digital assets. The table below covers the listed countries, focusing on crypto capital gains tax (CGT) slabs and loss carry-forward rules (allowing crypto losses to offset future gains or income).
| Country | Crypto CGT Slabs (2025) | Loss Carry-Forward Allowed? | Notes on CBDC Tax Implications |
|---|---|---|---|
| India | 30% flat on gains; 1% TDS on transfers | No (crypto losses isolated) | e-Rupee transactions tax-free like cash |
| US | Short-term: 10-37%; Long-term: 0-20% | Yes (unlimited against gains) | Halted CBDC; crypto as property |
| UK | 10-20% (basic/higher rate) | Yes (against future gains) | Digital pound: tax-neutral |
| EU (avg) | Varies (e.g., Germany: 0% >1yr; France: 30%) | Varies (most yes) | Digital euro: harmonized rules |
| China | 20% on gains as income | Limited (case-by-case) | e-CNY monitored for tax evasion |
| Brazil | 15-22.5% progressive | Yes (against gains) | Drex: integrated reporting |
| Nigeria | 10% on gains | No | eNaira: basic reporting |
| Bahamas | 0% (no CGT) | N/A | Sand Dollar: tax-free |
| Jamaica | 25% on gains | Yes (limited) | JAM-DEX: minimal impact |
Of the 9 tabled countries, 5 (US, UK, EU avg, Brazil, Jamaica) allow crypto loss carry-forward and set-off. Issues include double taxation in cross-border trades and enforcement challenges with programmable features enabling automated withholding.
Conflict Of Laws Issues Vis-à-Vis CBDC
CBDCs introduce novel private international law dilemmas in cross-border use:
(a) Jurisdictional Ambiguity: A transaction using China’s e-CNY in the EU raises questions of applicable law—Chinese monetary rules or EU privacy regs? Without harmonisation, forums could apply conflicting standards.
(b) Choice Of Law: Smart contracts might embed governing law, but enforceability varies; e.g., a programmable restriction valid in China may be void in the US under public policy.
(c) Recognition And Enforcement: Foreign CBDCs as tender? Disputes over frozen assets could invoke Hague Conventions, but digital nature complicates attachment.
(d) AML/KYC Conflicts: Interoperability projects (e.g., mBridge) clash with sanctions; a US ban on Russian CBDC use creates extraterritorial tensions.
(e) 2025 Developments: BIS initiatives aim for bridges, but 15 countries ban privacy-enhanced cross-border flows, exacerbating fragmentation.
Conclusion: Human Rights In Cyberspace And The Conflict Of Laws Quandary
The proliferation of CBDCs, especially programmable variants intertwined with digital IDs, portends a dystopian cyberspace where financial flows become instruments of control, profoundly imperiling human rights. In this digital realm—where transactions are instantaneous, borderless, and indelible—programmability transcends mere efficiency to enable algorithmic governance. Imagine a world where a government’s wallet settings dictate not just what you buy (banning “subversive” media subscriptions) but how you live: funds auto-deducted for “loyalty” programs, expiring if unused for “productive” purposes, or throttled during dissent. This violates core tenets of the International Covenant on Civil and Political Rights (ICCPR), particularly Article 17 (privacy) and Article 19 (expression).
In India, Aadhaar’s biometric net, now threading into e-Rupee, exemplifies this: coerced data collection strips autonomy, while facial recognition flags “suspicious” spends, fostering a panopticon that silences minorities and erodes trust.
Globally, China’s e-CNY integrates with social credit, scoring citizens on purchases—buying VPNs? Deduct points, restrict travel. Such systems amplify biases: AI-driven controls disproportionately target the poor or dissidents, contravening non-discrimination under Article 26 ICCPR. Cybersecurity breaches compound this; a hack on a unified ID-CBDC ledger could dox billions, enabling identity-based persecution in cyberspace, where anonymity is a bulwark against tyranny.
Worse, cyberspace’s intangibility exacerbates exclusion: offline CBDCs falter in rural areas, denying the 1.7 billion unbanked (per World Bank) their right to economic participation (UDHR Article 23). Programmable “nudges”—e.g., auto-routing spends to state-approved vendors—undermine informed consent, echoing behavioral economics’ dark side but scaled to oppression. Human rights frameworks like the UN’s Guiding Principles on Business and Human Rights urge “privacy by design,” yet 62% of central banks prioritise inclusion over safeguards. Remedies? Decentralised alternatives like privacy-preserving protocols (e.g., zero-knowledge proofs) could mimic cash’s anonymity, but state monopolies resist. Civil society must advocate for moratoriums on programmable retail CBDCs until binding audits ensure proportionality.
Layered atop this is the conflict of laws morass, a legal labyrinth threatening CBDC’s promise of frictionless globals. Cross-border flows defy territoriality: a e-CNY remittance to a Jamaican JAM-DEX user invokes whose law? Chinese sovereign immunity clashes with Jamaican contract enforcement, per Rome I Regulation analogs. Private international law’s pillars—choice-of-law clauses, habitual residence—crumble under smart contracts’ code-as-law paradigm; a Beijing-embedded restriction might be unenforceable in London under public policy exceptions (e.g., UK’s anti-surveillance stance). Jurisdictional overreach looms: the US could extraterritorially block e-CNY via OFAC, fragmenting networks and inviting retaliatory bans, as seen in 2025’s mBridge tensions with sanctioned states. Recognition falters too— is a Bahamian Sand Dollar “property” under EU insolvency law? Hague Judgments Convention gaps persist, risking “legal deserts” where disputes evaporate in jurisdictional voids.
This quandary isn’t abstract: in 2025, BIS’s Project Agorá pilots reveal fault lines, with EU data protection (GDPR) conflicting Asian AML regimes, stalling interoperability. Solutions demand multilateralism—a “CBDC Hague” treaty harmonising choice-of-law defaults (e.g., issuer’s law for core functions, recipient’s for privacy). Absent this, conflicts foster inequality: wealthy nations impose standards, subjugating Global South users to northern sanctions. Ethically, this entrenches power asymmetries, violating UDHR Article 2’s universality.
Ultimately, CBDCs could democratise finance or digitise despotism; the choice hinges on embedding rights-resilient designs. As cyberspace subsumes sovereignty, we must reclaim it—not as a ledger of control, but a space of liberated exchange. Policymakers, heed the warnings: innovate boldly, but govern humanely, lest digital dollars buy our freedoms.