The digital euro reshapes compliance obligations
The introduction of the digital euro will reshape the compliance obligations of Europe’s banks in ways that extend far beyond the technical architecture of wallets and settlement layers. On the surface, the digital euro is presented as a neutral public instrument, a digital complement to cash issued by the European Central Bank and distributed through regulated intermediaries. Beneath that framing sits a transformation of how banks must conduct anti-fraud operations, Anti Money Laundering (AML) and Countering The Financing Of Terrorism (CFT) monitoring and sanctions screening, while their liability not only remains intact but, in many respects, increases. Rather than simplifying compliance, the digital euro introduces a new landscape in which obligations expand even as visibility contracts.
The Eurosystem may provide system-level fraud controls, including a central risk of fraud scoring, but payment service providers (PSP) would still carry AML/CFT duties, customer-facing fraud responsibilities and retain the final decisioning. It will operate the core settlement infrastructure and provide system-level fraud risk safeguards, but banks remain the primary gatekeepers. They continue to bear full responsibility for customer due diligence, behavioural monitoring, suspicious-activity reporting and sanctions compliance. What changes is the informational and operational environment in which they must shoulder these obligations.
The role of the ECB, the Eurosystem and payment service providers
In today’s SEPA system, banks enjoy a panoramic view of their customers’ financial behaviour, with access to transaction histories, merchant categories, device fingerprints, spending patterns and behavioural signals across accounts and channels. These insights underpin fraud engines, AML models and risk scoring.
Under the digital euro, this visibility narrows. According to the last ECB Rulebook, each natural person would hold exactly one digital-euro wallet, distributed by a single bank or PSP, thereby preventing wallet fragmentation at the individual level. Yet even with a single-wallet rule, the bank’s insight into customer behaviour is diminished. The ECB’s settlement system becomes the authoritative record, and only a restricted subset of metadata is shared with intermediaries, in line with privacy-by-design constraints. At the same time, the Eurosystem plans to provide system-level fraud-risk scoring through the Digital Euro Service Platform (DESP), leveraging its aggregated, cross-PSP view of Digital Euro transactions. While this risk score can support operational risk management and flag systemic anomalies, this input does not restore the granular, customer-specific behavioural context on which banks’ fraud and AML engines traditionally rely. Critical behavioural information used in today’s fraud and AML engines is therefore reduced.
Offline Payment with Digital Euro and the Compliance Blind Spot
Offline payments introduce additional blind spots. Because offline transactions are not transmitted to PSPs in real time, they bypass AML and sanctions screening entirely until synchronisation occurs. Limits on offline amounts do not eliminate the compliance ambiguity created by transactions that behave like cash but are regulated as electronic payments. Thanks to article 37 of the Digital Euro Regulation draft, we know that banks’ responsibility on offline transaction should be limited to funding and defunding of the wallet, not on the transactions themselves. Will the bank become responsible for interpreting and reporting suspicious activity that it could not have monitored when it occurred?
The friction between liability and visibility becomes even more apparent when examining how bank anti-fraud systems interact with the ECB’s planned anti-fraud capabilities. The ECB’s framework focuses on system integrity protection, not customer protection. It addresses system level threats such as double-spending, inconsistencies between offline and online balances, compromised devices, protocol manipulation, and other structural anomalies. These measures protect the digital-euro system itself but do not address customer-facing risks such as phishing, social engineering, impersonation scams, authorised push payment fraud, account takeover or mule networks.
Banks, by contrast, must continue to perform all customer-centric fraud detection with reduced metadata. Their fraud engines must still analyse transaction velocity, device trust, behavioural biometrics, spending profiles, geolocation anomalies, counterparty risk and long-term behavioural consistency, yet they receive less context than they do for SEPA or card payments. The ECB’s system may reject a transaction if it violates protocol integrity, but if the transaction is structurally valid yet initiated under manipulation, coercion or deception, the bank remains responsible for detecting it. If the fraud succeeds, the bank remains liable for reimbursement. The ECB protects the currency; the bank must protect the customer.
Digital Euro Legal Classification: Payment Account or Public Money?
Sanctions screening exhibits similar contradictions. Banks must screen every payer and payee against sanctions lists, even though they may receive only partial metadata about counterparties. Privacy constraints and simplified transaction structures mean sanctions compliance must be performed with limited information, increasing both false positives and the risk of undetected violations. The ECB does not assume sanctions responsibility, leaving banks exposed to regulatory consequences even in cases where the system architecture restricts their visibility.
This tension also raises a more fundamental question of legal classification. If the digital euro is treated, in practice or in law, as a payment account, the full set of obligations stemming from the PSR and the PSD2 compliance/PSD3 compliance frameworks would apply, particularly regarding fraud management, customer protection and reimbursement requirements. Applying such a regime to an instrument deliberately designed to emulate certain cash-like properties, including offline functionality and reduced real-time visibility, would further amplify the mismatch between responsibility and control. Conversely, treating the digital euro as a form of electronic public money closer to cash would imply a different allocation of risk, liability and consumer protection. Clarifying this boundary will be essential to ensuring coherence between legal obligations, technical architecture and operational reality.
The effect of the compliance asymmetry
The cumulative effect is a liability–visibility gap unmatched in existing European payment systems. Banks retain full liability for fraud, AML failures, sanctions breaches, onboarding deficiencies and reporting delays, yet they do so with diminished capability to observe relevant signals. They must invest in new fraud-detection engines adapted to reduced metadata, new AML workflows for offline reconciliation, new sanctions-screening logic for simplified transaction schemas, and new mechanisms for dispute handling.
This asymmetry is further amplified by customer perception. For end users, the digital euro will not be experienced as an ECB instrument but as a bank-provided service: the wallet is distributed by the bank, embedded in its channels, and supported by its customer service. In the event of fraud, technical malfunction or disputed transactions, customers are unlikely to distinguish between ECB infrastructure and bank interfaces. Responsibility, rightly or wrongly, will be attributed to the bank. This reputational and legal exposure persists even where the root cause lies beyond the bank’s direct control.
What emerges is not an incremental adjustment but a new compliance paradigm, one in which settlement is centralised, but visibility is decentralised, liability remains heavy, but insight becomes thinner, and a form of public money that behaves like digital cash must nonetheless be monitored under electronic-money standards.
Sopra Steria's role in the new digital euro compliance paradigm
The digital euro promises innovation, inclusion, and resilience. At the same time, its introduction represents a structural shift for fraud prevention, AML, and sanctions screening, increasing the complexity of enforcement and the responsibilities of intermediaries. Preparing for this new environment is not only a technical challenge but also an organizational one: banks will need to adapt their fraud investigation models, enhance monitoring frameworks, and navigate a financial ecosystem in which public money is digital, while transparency and risk management require new approaches.
Sopra Steria has developed deep expertise in the payments sector, giving us a strong understanding of the challenges and tools related to fraud prevention. We closely monitor developments around the digital euro and its potential impact on this domain, positioning us to support risk management in banking frameworks and ensuring secure, compliant operations as public money becomes increasingly digital.
FAQs
What is the Digital Euro?
The Digital Euro is a digital form of central bank money issued by the Eurosystem and available to citizens and businesses for everyday payments, alongside cash, not replacing it. It is designed to be usable across the euro area for in-store, online, and person-to-person payments, typically free for basic use.
In practice, people would hold Digital Euros in a digital wallet provided by a bank or payment service provider. They could then use it to pay electronically in shops, on websites, or directly between individuals, similar to using cash but through devices such as smartphones, cards, or connected devices.
When will Digital Euro be available?
There is no confirmed launch date yet. The final decision to issue the Digital Euro depends on the EU legislative process currently underway. If legislation is adopted around 2026, the ECB expects pilot phases or initial transactions could begin around 2027, with a potential wider availability around 2029.
Will the Digital Euro impact banks?
Yes, and they will remain central to the system. Banks and payment providers would distribute the Digital Euro, manage wallets, and onboard customers. While it could slightly reduce deposits, safeguards like holding limits are planned. It may also create opportunities for banks to develop new payment services and digital offerings.
What is a Digital Euro Wallet?
A digital euro wallet is the payment service (typically via a mobile app and/or a physical card) that lets users store and use digital euros to make payments and receive money. The ECB describes that once the wallet is set up, users could add funds via a linked bank account or by depositing cash, and then pay in shops, online, or between people (with intended online and offline capabilities).
What would be the benefits of the Digital Euro for payment service providers (PSPs)?
The digital euro could help payment service providers (PSPs) expand their services by enabling them to distribute and manage digital euro wallets and payment solutions for customers. It would allow PSPs to build new payment features, support secure digital transactions across the euro area, and rely on a common European payment infrastructure, helping them innovate while maintaining their role at the centre of customer payment services.
Will Payment Services Regulation (PSR) or Payment Services Directive 3 (PSD3) impact the Digital Euro?
Yes, indirectly, through the intermediaries and payment rules around it. The digital euro would be central bank money, but it is expected to be distributed and offered to users by banks and other payment service providers (PSPs). EU legislative work explicitly considers that, as a new form of central bank money with legal tender, the digital euro should be treated as “funds” under the future PSD3/PSR framework, and that PSPs distributing digital euro should be subject to relevant PSD3/PSR requirements (e.g., supervision, operational and consumer protection obligations).
Will Digital Euro allow the government or the ECB to track and monitor my payments?
No. The Digital Euro is designed with privacy as a core principle. For offline payments, transactions would have cash-like privacy. For online payments, data would be processed with strict data-minimisation rules, and the ECB would not have access to users’ personal identities. Standard AML/CFT rules would apply, as for any regulated payment instrument, but the Digital Euro is not designed as a surveillance tool.