Open Source vs. Closed Control: How Switzerland Built Better
By Berna Alp and Marianthe Stavridou
Introduction
As societies undergo rapid digital transformation, public infrastructure is being fundamentally rethought. Money is no exception. While cash is declining across much of the world the question is no longer whether money will become digital, but how.
Digital money or digital money transfers are not merely a technical upgrade. It encodes political choices about privacy, power, accountability, and sovereignty. The architecture chosen today will shape how citizens interact with the state, how markets function, and how much autonomy individuals retain in everyday economic life.
In Europe, the Digital Euro project represents one path forward: a centrally governed, account-based system operated through banks and payment service providers. In Switzerland, a different model is emerging—built on open-source software, privacy by design, and cryptographic guarantees rather than institutional promises. This alternative is embodied in GNU Taler, an operational digital payment system already in use.
This article compares the two approaches across six criteria that consistently surface in public debates on digital infrastructure: privacy, security, inclusion and usability, transaction costs, tax compliance, and digital sovereignty. Using publicly available documentation from the European Central Bank and real-world deployments of GNU Taler, the comparison highlights a fundamental divergence in design philosophy.
At its core, the contrast is simple. The Digital Euro relies on identification, intermediaries, and trust in centralized institutions. GNU Taler relies on data minimization, mathematical guarantees, and transparency through open code. One treats privacy as a policy choice that can be adjusted. The other makes privacy a technical property that cannot be revoked.
As governments decide how digital money should work, Switzerland’s experience shows that alternatives to surveillance-based payment systems are not theoretical. They already exist—and they work.
Different realities – a common issue
As cash usage declines across many societies-from Scandinavia to China-we face a fundamental question: What kind of digital infrastructure should replace it? Two competing paradigms are emerging, and the choices made today will shape the future of money, privacy, and democratic control over critical public systems.
The European Central Bank, through its Digital Euro project, represents one approach: centralized control, proprietary systems, and comprehensive transaction surveillance.
Switzerland, through three distinct but interconnected initiatives, offers an alternative: open-source infrastructure, privacy-by-design, and digital sovereignty through transparency[1].
The contrast between the EU and Swiss approaches reflects fundamentally different assumptions about how to achieve security, stability, and public trust in digital infrastructure. These differences stem from two distinct perspectives: a closed socio-economic and political system with a top-down decision-making approach, which may lead to increased surveillance and authoritarianism; and a more complex, mixed system with a bottom-up approach which, when applied correctly, can result in an open, social, and stable system based on trust[2].
Despite the EU’s open-source policy[3], the European Central Bank (ECB) has disregarded it in the Digital Euro project creating also a rift between EU’s policy and ECB’s approach.
The Digital Euro’s Closed Architecture – A Missed Opportunity
To understand why the Swiss model offers advantages, we first examine the Digital Euro payment system’s design. The European Central Bank presents the Digital Euro as inclusive, privacy-preserving, and sovereign. However, analysis against public-interest criteria reveals significant tensions between these stated goals and the proposed architecture.
To evaluate the Digital Euro payment system, we use six criteria that consistently emerge as priorities in citizen surveys, Internet governance debates, and open digital infrastructure design: privacy; security; usability, inclusion & accessibility; freedom from transaction costs; tax collection & income transparency; and sovereignty through open source (FLOSS)[4].
For comparison, we examine GNU Taler, an open-source payment system that takes an alternative architectural approach. GNU Taler is currently operational in Switzerland through Taler Operations AG[5].
The Core Problems
Privacy Through Promises, Not Design
The online Digital Euro relies on an account-based architecture[6] requiring full identification by banks and Payment Service Providers (PSPs). There is zero privacy from them – they know and monitor everything the user does as with credit cards today.
The ECB receives transaction data through the DESP (Digital Euro Service Platform), but claims to use pseudonymisation and encryption techniques to prevent direct linkage to individuals. However, PSPs have full visibility of user identities and transaction details, and the centralized architecture with unique DEAN (Digital Euro Account Number)[7]identifiers creates technical capability for re-identification through behavioral pattern analysis, even if policy promises claim otherwise.
This is fundamentally a trust model: users must believe intermediaries’ promises that they will not exploit or share the data (until they get hacked or e.g. being privatized).
The offline variant of the digital euro offers cash-like anonymity while devices remain disconnected, but constrained by strict transaction limits designed to prevent money laundering and tax evasion and to mitigate the fact that such a solution cannot be secure and prevent two-sided anonymous spending that could be hidden from taxation.
The Offline Security Paradox
Fully offline payment systems face an unsolvable mathematical problem: double-spending. Without real-time network connectivity to verify that a token hasn’t already been spent, a malicious actor could theoretically duplicate and spend the same digital token multiple times. While secure hardware elements can mitigate this risk, such protections have always been compromised historically.
The ECB’s response to this inherent weakness, is very low transaction and holding limits, which simultaneously undermines the system’s usability and inclusion objectives. This creates a paradox: offline mode exists to provide cash-like privacy, but the security constraints required will make it too limited for everyday use.
Inclusion Without Innovation
Despite its framing as an inclusion initiative, ECB documentation explicitly acknowledges that onboarding, authentication, and usage barriers will not differ materially from existing digital payment solutions.
Around 13.5 million people[8] in the euro area are non-bankable. As access to the Digital Euro will again be given through the existing banks and PSPs, any change to this number is highly unlikely. Furthermore, the Digital Euro’s reliance on modern smartphones (Android or iPhone) creates additional exclusion barriers beyond the existing requirements for government-issued identification and KYC verification, many people lack access to compatible devices or the technical literacy needed to navigate authentication systems.
The Sovereignty Blind Spot
Perhaps most striking is the absence of binding Free Libre Open-Source Software (FLOSS) requirements. Despite explicit EU-level policy commitments to open source in public digital infrastructure, ECB procurement documents do not mandate open-source licensing. This creates long-term vendor dependency, reduced public auditability, weakened democratic oversight and security opacity (vulnerabilities hidden in proprietary code).
For critical monetary infrastructure, arguably more important than any other government system, this represents a significant failure of digital sovereignty. And the fact that the Digital Euro will only work on Android mobiles and iPhones, both US corporate ecosystems, is another proof that sovereignty is far from being addressed in this project.
To illustrate what would be possible with exiting FLOSS technology and to compare it to the payment solution design of the ECB for the Digital Euro, let us look at the GNU Taler design.
GNU Taler was developed over the past decade and in 2021, the Swiss National Bank published Working Paper 2021-03, “How to Issue a Central Bank Digital Currency,” co-authored by cryptography pioneer David Chaum, GNU Taler founder Christian Grothoff, and SNB official Thomas Moser[9]. The paper proposes a token-based CBDC architecture based on the GNU Taler protocol.
How GNU Taler Works
GNU Taler implements a cash-like payment system with asymmetric privacy: cryptographically[10]guaranteed anonymity for payers combined with full transparency for recipients.
At the level of technical architecture, a token-based (not Distributed Ledger Technology (DLT) based) system using blind signature cryptography and mathematically guaranteed payer anonymity is in place. The system cannot link payments to spenders, even if forced to do so. Recipients remain fully identifiable, enabling income transparency for taxation. No user accounts, identity-based fraud, or tracking infrastructure are possible Key Innovation here is the security through data minimization, not data protection. What doesn’t exist cannot be stolen, leaked, or abused.
Comparison: Taler vs. Digital Euro
Privacy
The online Digital Euro is fully account-based and requires identification, giving banks and payment providers complete access to users’ transaction data and leaving privacy dependent on institutional promises that can fail through misuse or breaches. Its offline version offers anonymity but only for small amounts and relies on a mathematically fragile design that is inherently insecure. The offline anonymity may be wiped out once the wallet is reconnected tothe central system. In contrast, GNU Taler provides cryptographically enforced anonymity by never collecting payer data at all. Privacy is guaranteed by design, not policy. As a result, GNU Taler offers unconditional and durable privacy, while the Digital Euro offers either none online, or temporary, but mathematically insecure privacy offline.
Security
The online Digital Euro centralizes identity and transaction data, making it a prime target for cyberattacks and leaving risks like fraud and account takeover unchanged. Its offline version is vulnerable to double-spending and depends on historically fragile hardware security. GNU Taler avoids these threats entirely by eliminating user accounts and centralized databases, drastically reducing fraud risks to mainly device theft, which can be managed through available backups. Overall, the Digital Euro brings nothing new online and introduces new weaknesses offline, while GNU Taler achieves security through data minimization.
Inclusion & Usability
The online Digital Euro requires full identification, KYC compliance, and access to modern smartphones, effectively reproducing the same barriers that already exclude non-bankable and low-tech users, while its offline mode only allows very small payments and still depends on smartphone hardware, whereas GNU Taler enables digital payments with a single click authorization, offering cash-like simplicity that even fits the needs of non-literate users, making it genuinely inclusive compared to the Digital Euro’s continued reliance on traditional account creation, identification and multi-factor authentication.
Transaction Costs
Although the Digital Euro is advertised as “free for basic use,” intermediaries still need compensation, meaning merchants will pay for infrastructure, compliance, and fraud, whereas GNU Taler is built around near-zero transaction fees, with its Free/Libre Open-Source Software (FLOSS) model removing licensing expenses and enabling economically viable micropayments down to fractions of a cent. So instead of merely shifting fees from Visa/Mastercard to European banks as in the case of the digital euro, GNU Taler delivers real structural cost reductions and significantly lowers fraud-related expenses to benefit all stakeholders.
Tax Compliance
For tax compliance, the online Digital Euro enables full transaction surveillance with complete visibility into user activity, while its offline mode allows untraceable cash-like payments limited to small amounts that neither fully prevent abuse nor resolve evasion risks, whereas GNU Taler structurally enforces transparency on merchants’ and recipients’ income without monitoring individual payers-ensuring taxes are collected where money is received rather than where it is spent-uniquely combining strong privacy with effective tax enforcement.
Sovereignty
The Digital Euro is likely to depend on proprietary systems, creating vendor lock-in and reliance on US-controlled devices and software ecosystems, and even if built by European firms, closed licensing prevents independent security audits, limits adaptability to evolving policy needs, and ties long-term operation to vendor survival and goodwill, whereas true digital sovereignty requires control over the code itself rather than the provider’s nationality, something GNU Taler achieves as fully Free/Libre Open-Source Software that is publicly auditable, vendor-independent, and deployable across platforms without reliance on specific technologies, delivering complete digital sovereignty.
Quick Comparison
| Criterion | Digital Euro (Online) | Digital Euro (Offline) | GNU Taler |
| Privacy | Account-based with full identification | Strong anonymity while offline | Cryptographic payer anonymity |
| Security | Same as for credit cards | Double-spending vulnerability | No ID fraud/Account take over, no data theft possible. |
| Usability | Similar to current methods. | Limited by transaction caps | Cash-like simplicity |
| Cost | Free for basic use; intermediary fees remain and merchants always pay | As for online version with high hidden costs (fraud, hardware) | Near-zero fees by design |
| Tax Transparency | All transaction details recorded | Cash-like untraceable transfers | Income transparency only |
| Sovereignty | Proprietary software dependency | Proprietary hardware & software dependency | Fully open source |
Conclusion: Ethics as the Foundation of Digital Money
At its core, the debate between the Digital Euro and GNU Taler is not merely technical or economic—it is fundamentally ethical. Digital payment systems shape power relations between citizens, institutions, and the state. When infrastructure is built around surveillance, centralized control, and proprietary technologies, it normalizes the erosion of privacy, weakens democratic oversight, and concentrates authority in the hands of a few intermediaries. Even when justified in the name of security or efficiency, such architectures risk transforming everyday economic activity into a source of continuous monitoring.
The Swiss approach embodied by GNU Taler demonstrates that ethical design is not only possible but practical. By minimizing data collection, enforcing privacy through cryptography rather than policy promises, ensuring transparency where it matters for taxation and law enforcement, and relying on open-source principles, it aligns technological innovation with core democratic values: autonomy, accountability, inclusion, and sovereignty. Instead of asking citizens to trust institutions with vast amounts of sensitive data, it removes the need for such trust altogether through structural safeguards.
Ethically responsible digital money should protect individuals by default, not conditionally. It should empower societies through openness, not lock them into opaque systems of control. As governments across Europe and beyond redesign monetary infrastructure for the digital age, the choice is ultimately between systems that can expand surveillance and dependency, and systems that preserve freedom, dignity, and public trust.
The lesson from Switzerland is clear: ethical digital infrastructure is not an obstacle to progress, but it is the very foundation of a resilient, inclusive, and democratic financial future.
[1] It should be clear that ethics-by-design, privacy-by-design, transparency-by-design, and similar approaches demonstrate that a wide range of values can be taken into consideration during system development. However, they do not guarantee that these values will ultimately be realized. Incorporating such considerations into the design process nonetheless increases the possibility that these values will be embedded in the final system. (Brey, P., Dainow, B. Ethics by design for artificial intelligence. AI Ethics 4, 1265–1277 (2024). https://doi.org/10.1007/s43681-023-00330-4)
[2] This distinction draws on debates about governance models in digital infrastructure, particularly contrasting centralized, top-down systems that prioritize control and standardization with decentralized, bottom-up approaches that emphasize transparency, participation, and trust. (Leese, Matthias. (2026). Benchmarking and Provenance: The Politics of Data Trust in EU Internal Security. International Political Sociology 20 (1): olaf042. https://doi.org/10.1093/ips/olaf042
[3] https://commission.europa.eu/about/departments-and-executive-agencies/digital-services/open-source-software-strategy_en
[4] The analysis draws primarily on the ECB’s own documentation, publicly available information on the internet and the assessment framework developed in “Decoding the Digital Euro”, a book by Leon V. Schumacher. (2023). Decoding the Digital Euro: Friend or Foe? ISBN: 978-3-9525996-0-0.
[5]https://www.taler.net/en/news/2025-01.html
[6]https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.degov240325_digital_euro_multiple_accounts.en.pdf
[7] https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.dedocs220420.en.pdf
[8] https://www.ecb.europa.eu/press/economic-bulletin/articles/2022/html/ecb.ebart202205_02~74b1fc0841.en.html
[9] https://www.snb.ch/en/publications/research/working-papers/2021/working_paper_2021_03