How does Digital RMB, entering the era of digital deposit currency, ensure the rights and interests of users?

Author: Zhang Feng

According to Vice Governor of the People’s Bank of China, Lu Lei, in his article published in the Financial Times titled “Digital Renminbi Will Transition from the Digital Cash Era to the Digital Deposit Currency Era,” the new generation of the digital renminbi system will be officially implemented on January 1, 2026, marked by the issuance of the “Action Plan for Further Strengthening the Digital Renminbi Management Service System and Related Financial Infrastructure Construction” (hereinafter referred to as the “Action Plan”).

This evolution is not only a technological upgrade but also a profound transformation in the form of currency, operational mechanisms, and governance logic. In this process, how to build a privacy and security governance system that effectively serves the real economy, strengthens financial regulation, and fully respects and safeguards users’ personal information rights has become a core issue for the healthy development of the digital renminbi.

1. Basic Principles: Seeking a Dynamic Balance Between Strengthening Regulation and Respecting Rights

The top-level design of the digital renminbi has always adhered to two parallel and consistent fundamental principles: First, it must enhance the effectiveness of financial regulation to maintain the stability and security of the monetary and financial system; second, it must respect and protect users’ personal information rights, which are an essential part of citizens’ basic rights in the digital age. These are not zero-sum games but require a delicate system and technical design to achieve a dynamic balance and organic unity.

Enhancing financial regulation effectiveness is an inevitable requirement for the digitization of currency. While digital currency brings convenience in payments and efficiency improvements, it also harbors risks such as disintermediation, shadow banking, off-balance sheet payment tools, and uncontrolled cross-border capital flows. Vice Governor Lu Lei explicitly pointed out in the article the risk that various emerging payment tools “objectively form and grow new ‘currencies’ that circulate outside the financial system as payment and circulation means, creating self-looping risks.”

Therefore, as the legal tender in digital form, the digital renminbi must carry and strengthen the macroprudential management and micro-behavior regulation functions of the central bank. The issuance of the “Action Plan” aims to “effectively improve the management quality and service capacity of the digital renminbi” by fully integrating it into the existing financial regulatory framework (such as reserve requirements, deposit insurance), clarifying operational responsibilities, and building a risk “breakwater.” Strengthening regulatory effectiveness is a prerequisite for safeguarding monetary sovereignty, financial stability, and consumer funds, as well as a foundation for combating illegal activities and maintaining social and economic order.

Respect for users’ personal information rights is a human-centered value. In the era of digital existence, personal information rights are crucial. The operation of the digital renminbi involves a large amount of sensitive data such as user identities and transaction behaviors. Improper design may lead to data misuse, privacy leaks, or even damage to personal dignity. China’s development path of digital currency has always adhered to the development philosophy of “people-centered.” Vice Governor Lu Lei emphasized that financial innovation should “adapt to the needs of consumers and investors.”

This means that the design of the digital renminbi must prioritize user privacy protection, avoiding excessive collection, retention, or use of personal information for the sake of regulatory convenience. Concepts such as “controllable anonymity” and “front-end voluntary, back-end real-name” mentioned in the article embody this principle. Respecting user rights helps improve public acceptance and trust in the digital renminbi, forming the social foundation for its widespread circulation and application.

These two principles together form the cornerstone of privacy and security governance for the digital renminbi: regulation provides a stable financial environment for rights protection, while respect for rights enhances the legitimacy and sustainability of regulation. The governance system of the digital renminbi is built and improved through continuous balancing of these two aspects.

2. Basic Goals: Precisely Focused on the “Three Anti” to Maintain Financial Security and Order

Under the guidance of the principle of “enhancing regulatory effectiveness,” a core and direct goal of privacy and security governance for the digital renminbi is to effectively serve the regulatory requirements of “Anti-Money Laundering, Anti-Terrorist Financing, and Anti-Tax Evasion” (“Three Anti”). This is a common requirement of the international community for legal digital currencies and financial systems and a key link in preventing and resolving major financial risks.

Vice Governor Lu Lei in the article regards the “Three Anti” responsibilities of commercial banks for digital cash circulation as an important basis for them becoming the “responsible主体 of digital cash.” As we enter the era of digital deposit currency, this requirement has been further institutionalized. The “Action Plan” standardizes the measurement framework, incorporating digital renminbi business into reserve and margin management, providing institutional tools and data analysis foundation for effective “Three Anti” monitoring.

The realization of the “Three Anti” goals for the digital renminbi has the following features:

Full-chain traceability: Based on the “one global ledger” and advanced digital technologies, it is theoretically possible to record the entire lifecycle of digital renminbi from creation, circulation, to redemption. This changes the characteristic of physical cash being difficult to trace and provides powerful tools for tracking illegal fund flows.

Intelligent risk control capabilities: Using big data, artificial intelligence, and other technologies to analyze transaction data in real-time or near-real-time can more accurately and efficiently identify suspicious transaction patterns, shifting from “post-reporting” to “mid-intervention” and even “pre-warning.”

Penetrative supervision potential: The article mentions that by “adding regulatory nodes on blockchain service platforms,” the real-time and effectiveness of regulatory data can be improved. In specific closed-loop scenarios or cross-border businesses (such as mBridge), distributed ledger technology helps achieve cross-institutional and cross-border regulatory information collaboration, penetrating complex transaction structures.

However, achieving the “Three Anti” goals does not mean indiscriminate transparency of all user transactions. On the contrary, it requires clearly delineating the boundaries between necessary monitoring and reasonable privacy protection. This is the issue addressed by the measures in the next section—how to design a mechanism that can effectively achieve the “Three Anti” objectives while minimizing legitimate privacy intrusion for ordinary users.

3. Basic Measures: Building a Multi-layered, Three-dimensional Privacy and Security Protection Network

To realize the above principles and goals, the digital renminbi, during its evolution from cash-type to deposit currency-type, employs a comprehensive set of institutional, architectural, and technological measures to construct a multi-layered, three-dimensional privacy and security governance system.

First, a graded anonymity mechanism to balance “small-amount anonymous” and “large-amount traceable.” This is a core feature of the digital renminbi’s privacy design, directly reflecting the art of balancing “strengthening regulation” and “respecting rights.” Vice Governor Lu Lei affirmed in the article that “real-time settlement, anonymity, and offline payments are irreplaceable advantages of cash in the digital economy era,” and the “Action Plan” also aims to preserve this advantage.

Small-amount transactions are anonymous. For daily small, high-frequency payment scenarios, the digital renminbi uses design features (such as hardware wallets, offline transactions) to simulate the anonymity of physical cash. Counterparties, commercial banks, and even within certain permissions, cannot access complete user identity and transaction linkage information, effectively protecting consumers’ daily privacy.

Large-amount transactions are traceable. When transaction amounts reach a certain threshold or trigger specific risk rules (such as suspicious transaction models), the system activates a traceability mechanism. Under legal authorization and strict procedures, authorized agencies (such as judicial or anti-money laundering departments) can rely on backend infrastructure to track and investigate related transaction chains, satisfying the “Three Anti” and crime-fighting needs.

“Controllable anonymity” concept. This graded design is essentially a form of “controllable anonymity.” It is neither fully anonymous (which would enable crime) nor fully transparent (which would harm privacy), but implements differentiated information visibility management based on transaction risk levels. This requires establishing scientific and reasonable thresholds and trigger rules, supported by legal procedures.

Second, data access control and the principle of minimum necessary to strengthen institutional privacy barriers. How data flows and is stored between operational institutions, the central bank, and regulatory authorities directly relates to user information security and privacy. The digital renminbi’s “dual-layer operation architecture of the central bank and commercial banks” naturally creates data access separation.

Operational institutions (commercial banks) responsible for front-end operations. As the direct “second layer” operation entity facing users, commercial banks handle wallet creation, KYC verification, daily payment processing, and initial “Three Anti” compliance screening. They hold users’ real-name identities and front-end transaction details.

Limited control by the central bank backend. The People’s Bank of China, as the issuer, does not directly access massive user personal identities and transaction details. According to the article, the central bank focuses more on cross-institutional clearing and settlement data, macro circulation totals, and necessary risk data obtained via regulatory interfaces. This “layered data holding” model avoids excessive data concentration, reduces systemic data leakage risks, and complies with the “minimum necessary” data collection principle.

Legal and compliant data retrieval. Regulatory authorities (including internal regulatory units of the central bank) must obtain specific user transaction details based on clear legal authorization (such as anti-money laundering laws) and strict internal approval procedures to prevent data misuse. The “separation of management and operation” mechanism mentioned in the article also helps form internal checks and balances, ensuring compliance in data access.

Third, technological enhancement for protection, using advanced technology to build a solid security line. Technology is the guarantee for realizing concepts and systems. The digital renminbi actively employs various frontier technologies to enhance user privacy and fund security from multiple dimensions.

Offline payments and hardware wallets. Support value transfer in environments without network connectivity (such as NFC “touch and go”), with transaction information encrypted and exchanged only between devices, synchronized later when connected. Hardware wallets store digital renminbi keys in dedicated chips, physically isolated from the internet, greatly improving resistance to cyberattacks and tampering, providing higher-level protection for high-risk scenarios or privacy-sensitive users.

Cryptography and privacy computing technologies. Use domestically developed cryptographic algorithms throughout to ensure communication and data storage security. Explore privacy computing applications (such as zero-knowledge proofs, secure multi-party computation) in compliant scenarios, enabling transaction verification and compliance checks without exposing raw data, achieving “data usable but invisible.”

Targeted protection via smart contracts. Smart contracts’ programmability not only expands functions but can also enhance privacy protection. For example, contract rules can be designed to restrict funds within specific trusted scenarios, preventing misuse, while the contract’s execution logic can protect sensitive business information of both parties.

Prudent integration of blockchain. In scenarios requiring multi-party collaboration and trust enhancement (such as supply chain finance, cross-border payments), cautiously utilize blockchain technology’s traceability and tamper-proof features. Through designs like “unified ledger” and “business domain separation,” improve efficiency and trust, while leveraging blockchain’s technical characteristics to strengthen transaction reliability and transparency, indirectly protecting participants’ legal rights.

4. Future Outlook: Moving Toward a Mature and Steady Chinese-Style Digital Currency Governance Model

In summary, the digital renminbi entering the era of digital deposit currency has a complex and sophisticated privacy and security governance system. It is based on the two fundamental principles of “enhancing financial regulation effectiveness” and “respecting users’ personal information rights,” aiming to effectively realize “Anti-Money Laundering, Anti-Terrorist Financing, and Anti-Tax Evasion” as core objectives. Through mechanisms such as graded anonymity, data access control, and technological protections, it strives to find the optimal balance between safeguarding national financial security, social public interests, and protecting citizens’ privacy.

This system features distinct Chinese characteristics: it does not pursue a fully “decentralized” or “anonymous” cryptographic asset path, nor does it become a fully transparent, centrally controlled surveillance tool; it insists on a “dual-layer operation,” fully leveraging the active role of commercial banks; it adopts a “account + value” hybrid architecture, combining centralized management efficiency with distributed technology advantages; it upholds “integrity and innovation,” steadily advancing technological innovation within a solid financial infrastructure and legal framework.

Looking ahead, as the “Action Plan” is implemented and digital renminbi application scenarios deepen, its privacy and security governance system will need continuous iteration and improvement in practice. For example, detailed standards for graded anonymity, procedural rules for data access, and boundaries for compliant application of new technologies all require more refined rules and standards support. Public education is also crucial, helping users fully understand how the digital renminbi, while providing convenience, also protects their rights, thereby gaining broader trust and acceptance.

Ultimately, a mature, robust, and trustworthy digital renminbi privacy and security governance system will not only be a solid foundation for building a “strong currency” and a “strong financial nation” but also contribute China’s wisdom and solutions—balancing efficiency, security, and dignity—to the development of global central bank digital currencies.