The BOJ CBDC Roadmap: From Pilot to Framework
As of May 2026, the Bank of Japan's CBDC Forum has migrated from a research-intensive phase to a social implementation framework. This transition marks the evolution from the initial Working Group (WG) structure—designed for theoretical discovery—to a streamlined Discussion Group (DG) model focused on the practical engineering and institutional requirements of a national rollout. By moving into this implementation-centric phase, the CBDC Forum is moving beyond proving technical viability to defining the "minimum necessary functions" required to integrate a retail CBDC into the existing financial fabric without disrupting the "Singleness of Money."
The legacy of WGs 1 through 7 has been meticulously synthesized into three primary DGs to optimize cross-sector collaboration among 64+ participating entities:
- DG1: CBDC Architecture – Absorbs the technical and procedural foundations of WG1 (External Connections), WG3 (KYC/Authentication), WG5 (Devices/UX), and WG7 (Operational Flows).
- DG2: New Technology – Scales the innovation mandate of WG4, focusing on DLT, programmability, and tokenized deposits to prevent "siloization" of digital assets.
- DG3: CBDC Ecosystem – Integrates the work of WG2 (Additional Services) and WG6 (Horizontal Coexistence) to ensure universal access and service differentiation.
This consolidation is critical for optimizing the architectural trade-offs between core public infrastructure and private-sector innovation. By localizing system and business requirements within these DGs, the CBDC Forum ensures that the CBDC ledger provides the necessary throughput while maintaining the stability and interoperability of the broader ecosystem.
1. CBDC Architecture: Defining the "Minimum Necessary Functions"
DG1 functions as the primary pillar for integrating system-business architectures with legal-institutional frameworks. Its mandate is to resolve the complexities where engineering constraints meet regulatory policy, ensuring a robust foundation for a retail-scale currency.
The pilot experiments have categorized the "minimum necessary functions" into two domains, prioritized by their impact on ledger stability and legal compliance:
Architectural performance evaluations have yielded a "No Knockout Factor" finding, meaning no fatal technical flaws exist that would preclude an online retail CBDC. However, the architectural focus must now intensify on "spike mitigation" and sophisticated flow control to manage sudden transaction surges and ensure system-wide resilience.
2. The Four-Step User Journey: Technical and Institutional Requirements
To ensure all institutional and technical touchpoints are addressed, the CBDC Forum employs a journey-based implementation approach. This methodology identifies critical bottlenecks where user experience intersects with intermediary operational load.
2.1 Account Opening & Closing
Focuses on the feasibility of office procedures for intermediaries and KYC/authentication frameworks.
Critical Implementation Challenge: KYC synchronization latency between legacy commercial bank core systems and the CBDC ledger, which can create administrative backlogs.
2.2 Charging from Deposits/Cash
Analyzes the interface between commercial bank money and CBDC, requiring robust "Auto-charge/Swing" logic.
Critical Implementation Challenge: High-frequency database locks in commercial bank core systems during automated liquidity rebalancing, potentially impacting throughput.
2.3 Store Payments and P2P Transfers
Evaluates Merchant-Presented Mode (MPM) vs. Consumer-Presented Mode (CPM) and ID tokenization for privacy.
Critical Implementation Challenge: The complexity of managing dispute resolution and compensation frameworks for unauthorized use across a fragmented merchant environment.
2.4 Additional Service Utilization
Focuses on the "ecosystem" layer where data utilization allows for competitive service differentiation.
Critical Implementation Challenge: Balancing open API data utilization with privacy-preserving technologies (e.g., ZK-proofs) to prevent data siloization while maintaining anonymity.
3. Technical Performance Benchmarks and System Design Implications
High-load performance testing is essential for establishing the technical credibility of the retail CBDC. The BOJ's pilot system has undergone rigorous "Same-Account Concentration" and "Mixed Business Load" testing to simulate the expected social scale.
The pilot achieved a total benchmark of 50,000 transactions per second (TPS), roughly 1/10th of the projected national requirement. Critically, this figure is split into 10,000 state-changing update transactions/sec and 40,000 read-only balance inquiries/sec. Within this environment, a limit of 6,000 TPS per account was achieved through "Record Splitting."
Implication
Record splitting is an effective optimization for parallel processing; however, it has a distinct technical ceiling. Pilot data indicates that while 120 splits efficiently handle high-load accounts, increasing this to 6,000 splits leads to a 100% CPU utilization "stalling" effect. Excessive splitting generates overwhelming metadata overhead, which can degrade system performance rather than enhance it.
4. Universal Access and Interoperability: The Intermediary Interface
To fulfill its mandate as a public good, the CBDC must maintain universal access across all demographics. This requires a balanced approach to endpoint devices and standardized connection interfaces.
- Smartphones: Support high UI/UX customization and biometric authentication, but face risks of 2D code replacement in MPM scenarios.
- Card-type Devices: Essential for non-smartphone owners and digitally vulnerable groups, but remain dependent on physical terminal hardware and external biometric/PIN entry modules.
Interoperability and Standardized Interfaces
The implementation roadmap identifies five interoperability patterns (Patterns a-e) defining the flow of exchange between CBDC and private funds transfer providers. The primary architectural hurdle remains the standardization of the connection interface. Intermediaries face significant operational overhead because their "Customer Management Systems" must be engineered to handle diverse, fragmented private money formats. Standardizing these APIs is essential to lowering the barrier to entry for smaller financial institutions and preventing siloed liquidity.
5. Global Context and Future-Proofing
Japan's roadmap aligns with international developments to ensure future cross-border compatibility and maintain the "Singleness of Money."
- Europe: The Digital Euro "Preparation Phase" concluded in October 2025, with a target issuance date in 2029 and pilot experiments with real transactions scheduled for H2 2027.
- China: As of January 2026, the e-CNY has transitioned into a "digital deposit currency" (commercial bank liability), incorporating interest-bearing features and deposit insurance.
- Korea: The Bank of Korea announced the commencement of "Phase 2" digital currency verification in March 2026.
- Russia: The Central Bank of Russia has scheduled a bank-led rollout of digital ruble payments starting September 1, 2026.
DG2 (New Technology) and the "DLT Sandbox" are currently exploring programmability and tokenized deposits to prevent the fragmentation of the monetary system into digital silos. The next 24 months (2026-2027) will involve an iterative feedback loop between the BOJ and the 64 participating entities to refine the API sandbox and finalize functional requirements for intermediary ledger systems, ensuring the architecture is ready for a final issuance decision.
Norbert Gehrke
