Now or never: why the Digital Euro must not fail on privacy

Europe is developing a Digital Euro to reduce its reliance on US-controlled payment systems and give citizens a privacy-friendly digital payment option. Epicenter.works and other civil society groups support the project but argue that strong privacy protections must be built into its technology, not just promised on paper, to ensure public trust and protect fundamental rights. The vote of the ECON Committee signals a move in the right direction, which must not be weakened in the remainder of the legislative process.

By epicenter.works (guest author) · July 1, 2026

European money are in US hands

When you make a digital payment today, your transaction most likely goes through Visa, Mastercard, or PayPal. They are all US companies and, as such, all subject to the CLOUD Act, which lets American authorities compel them to hand over user data with little recourse for you or for European regulators.

Europe’s digital payment infrastructure is, in other words, largely in US hands. And the geopolitical implications of that dependence are no longer theoretical. In early 2025, the Chief Prosecutor of the International Criminal Court lost access to his email account following US sanctions. What happened with email can happen with payments.

That’s why since 2023, the European Union has been working on a Digital Euro. A digital currency issued by the European Central Bank, intended to serve as a public, European alternative to existing digital payment services. The core promise has always been that the Digital Euro should be like cash: private, accessible, and independent as notes and coins in your wallet.

That promise is now being put to the test. EDRi member epicenter.works organised an open letter together with 13 other European civil society organisations to the Members of the European Parliament to get them to deliver on what they promised, ahead of the vote of the proposal from the ECON Committee.

Promises vs. architecture

The core problem with the Commission’s current draft is that its privacy guarantees rely too heavily on institutional assurances rather than technical enforcement. That’s not enough. Decades of digital rights work has shown that promises made in legislation can be weakened in implementation, reinterpreted in court, or simply broken.

The technical tools to implement do this properly already exist. Zero-knowledge proofs, threshold cryptography, authenticated encryption: all deployed in security-critical systems today. The Austrian National Bank has shown in a working paper that privacy and traceability aren’t in conflict. Routine payments can be protected without making legitimate law enforcement requirements impossible. This isn’t a technical question anymore. It’s a political one.

What needs to happen now

The civil society coalition is not calling for the project to be stopped, but rather to deliver on the terms it promised.

This means establishing a clearly defined threshold below which everyday payments are protected by genuine privacy measures comparable to cash, which are technically enforced. It requires full transparency with the disclosure of public documentation of the core technical mechanisms and making the code open source. The European Data Protection Supervisor should be involved early on and civil society should be genuinely engaged in the decision-making process, as well as in the enforcement, not just in communication campaigns to promote the initiative.

All this should accompany legal right to use cash. The Digital Euro should expand freedom of choice, not quietly phase out another option.

What’s at stake

In the ECB’s own public consultation, 43 percent of respondents named privacy as the most important feature of the Digital Euro. A project that ignores this risks failing, not through regulation, but through lack of public trust.

Billions in public investment, years of political momentum, a rare alignment of technical feasibility and political will: this is an opportunity Europe won’t get again soon. Recent improvements adopted by the European Parliament’s ECON Committee have strengthened certain privacy safeguards compared to the Commission’s original proposal. Now, it is important to ensure that these improvements are not weakened in the remainder of the legislative process. This is the moment to build a digital payment infrastructure that doesn’t merely respect fundamental rights, but actively protects them.

Contribution by: EDRi member, epicenter.works