Brazil Central Bank Grapples With Privacy 'Trilemma' In Latest CBDC Update

February 28, 2025
Back
As the pilot for Drex, Brazil’s forthcoming central bank digital currency (CBDC), moves into its second phase, the country’s central bank has said that ensuring user privacy remains its biggest challenge.

As the pilot for Drex, Brazil’s forthcoming central bank digital currency (CBDC), moves into its second phase, the country’s central bank has said that ensuring user privacy remains its biggest challenge.

This week, the Central Bank of Brazil (BCB) published a new report that wraps up phase one of the Drex pilot and initiates phase two.

Having been testing Drex since 2023, the BCB struck a cautious tone on the overall development of the CBDC, noting that it will require “major adaptation” before it is ready for launch.

In particular, the BCB spoke of a “trilemma” it has faced in its attempts to ensure that Drex, and the distributed ledger technology (DLT) it runs on, can ensure oversight, programmability and user privacy.

The DLT platform selected for the Drex pilot is the Ethereum Hyperledger Besu. It is a permissioned network that allows for a degree of privacy and for compliance and regulatory functions to be integrated when executing transactions.

However, although the pilot successfully completed hundreds of transactions, the BCB found that its use of privacy-enhancing solutions conflicted with its efforts to ensure oversight.

The BCB tested multiple privacy solutions, including zero-knowledge proofs, and found that use of these solutions added to the complexity of the underlying smart contracts and made oversight difficult, even for the validators of the network.

Meeting international standards

One of the requirements of the Drex build-out is that it must be able to meet international norms and standards on the prevention of money laundering and terrorist financing, said the BCB.

This includes, for example, the ability to ensure compliance with court orders to track illicit acts and activity.

According to the BCB, the pilot did not identify a solution that could ensure both user privacy and continued oversight within a defined regulatory framework.

“Despite important advances in anonymisation, the solutions tested presented limitations that would compromise their adoption in the context of commercial usage,” said the central bank.

“These challenges highlight the need for continuous development and close collaboration between regulators, developers, academia and other stakeholders.

“Only through a collaborative effort will it be possible to adapt and evolve these technologies so that they can meet the requirements of a modern and efficient financial system.”

The second phase of the pilot will therefore focus on answering these privacy questions, with participants invited to suggest broader use cases where the latest solutions can be tested.

Our premium content is available to users of our services.

To view articles, please Log-in to your account. Alternatively, if you would like to gain access to the tools that will help you navigate compliance risk with confidence please get in touch today.

Opt in to hear about webinars, events, industry and product news

Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
No items found.