Germany: Issued BSI Technical Guideline on CBDC Backend Systems

On 8 February 2024, the German Federal Office for Information Security (BSI) released the first part of the Technical Guidelines BSI TR-03179-1 titled “Central Bank Digital Currency - Part 1: Requirements on Backend Systems”. The guideline is addressed to providers and developers of Central Bank Digital Currency (CBDC) payment systems, providing a secure implementation framework. The text outlines the requirements for the backend systems of the CBDC infrastructure. This includes general IT security requirements and specific processes in the CBDC lifecycle. The functional requirements comprise the creation, distribution, redemption, exchange, update, and recovery of CBDCs. The security requirements for central bank digital currencies are focused on comprehensive security management, cryptographic protection measures, system integrity, availability, and personnel security and authentication. The security requirements related to transactions in the policy involve ensuring the authenticity and integrity of CBDC notes, preventing double-spending by uniquely identifying and tracking transactions, securely transferring CBDC notes between parties using encrypted communications, and monitoring and logging transaction activity to detect and prevent fraud. The second part of the guideline, which focuses on front-end systems, is currently being drafted.