Welcome back. I already teased you before the break with offline payments at scale, and now it's finally time to welcome our next speaker. Right here with me is Joachim Samuelsson from Crunchfish, and I am thoroughly excited what he will talk about. Conditional payments, identity, he has it all, and of course, offline payments, which are crucial features for the digital euro, for the topic at hand, and I am excited. With that, Joachim, I hand over the stage to you. Enjoy, everyone.
Thank you. I'm excited as well. Thank you so much for having me here. Today I want to challenge one of the most important assumptions in digital payments. We have for long treated offline payments as a feature, something you add to the edge of a system. My message today is very different. Offline is not a feature. It is an architectural choice, and the architecture determines everything. It determines where liquidity sits in the system, it determines how risk is managed, and it also determines who captures economic value when payments move offline. I will show you that the industry has been working with an incomplete model. There is sort of two legacy offline architecture, but I will introduce today a third one, which we call governed offline.
It is the Governed Offline model that does allow offline payments to scale without breaking the system or the structure of digital money. If this holds true, this will not really just be about resilience, it will actually be about how we design digital money itself. When payments fail, society pauses. That is the reality we are now all operating in. Digital payments is not just a convenience. It has become embedded in our daily lives, commerce, and public infrastructure. When digital payments stop working, the impact on the society is immediate and visible. That's why offline is no longer optional. It is an architectural responsibility. Offline is really where systems are exposed. Failures do not happen in isolation. It could be connectivity failing, but even worse, a black swan event where a whole backend system goes out or the whole payment rail fails.
These failures tend to cascade, and this is why offline matters. It's not an edge case. It is the moment where the true system design is being revealed and tested. Here's the two models I've been talking about. It is the deferred offline, where money is placed on user devices. It is deferred offline where validation happens later. These two models have actually defined the entire discussion. Because of that, the design space has been severely constrained from the start. If we look at what these models actually do, the patterns become very clear. Immediate offline moves money out of balance sheets onto devices. That's what ECB went with a big tender on for offline payments.
The card model is somewhat different, but they move risk forward because it's like a personal check and you don't know whether it has, is, can sort of be banked. Continuity has always, in these legacy models, required a trade-off. You wanna solve resilience because online payments, they don't work all the time, but it's always been a trade-off. We're gonna move risk somewhere else. That trade-off has always been accepted in the industry as unavoidable. The hidden assumption has been that offline always requires a trade-off, but it only holds with legacy models. If we instead treat offline as an architectural choice, something new appears. There is a missing category, Governed Offline. Offline is not a trade-off anymore, it's simply choosing the right architecture. Once you see it, you really can't unsee it. The picture becomes very clear.
There are really three offline principal architectures. Immediate, money goes on devices. Deferred, delayed validation. Governed, controlled execution. The third model is fundamentally different because Governed Offline preserves system integrity and it keeps risk bounded. This is how it works. It's kind of simple. Money stays central all the time. You don't move it onto the devices. You don't. Execution, though, moves local funds. You start with reserving funds centrally. The whole capacity you can pay offline is reserved. It's like a smart contract, or it's a conditional payment or programmable payment. You execute locally between with defined limits, and settlement becomes then deterministic because it's bounded by what has, in the first step, been reserved. We're not moving money out to devices. We are moving control execution to the edge while keeping money in the banking system or in regulated institutions.
This is not theoretical. This is happening all over the world. India leading the world with half of the world's volume when it comes to real-time payments. They gave us regulatory approval already back in 2023 for this. We're working with NPCI now to implement Governed Offline in their Digital Rupee system. They started with the immediate model, moving money to the devices, but they realized quickly, "Don't do that. Do it with Governed Offline instead." We've already shown it on the Digital Euro Rail because luckily they defined not just that they're gonna do offline, but they also said, "Let's do conditional payments." We have shown that this is a type of conditional payments. You essentially reserve money to yourself when you set up a smart contract, not to a third party, with yourself.
That capacity is what you can use offline, and then the system waits until a signed transaction from you comes back to the back end, and that's the condition which will settle it. Bank of England have officially said that they're not doing the immediate model. They are going for deferred. But they selected us as the only offline player in the Digital Pound Lab, and we are now finalizing our work with the Digital Pound Lab with the governed offline approach, and I think they like it. We also, when we published the white paper, we got global endorsement from the Central Banking Standards Organization saying that this will define a new standard for offline payments. We believe that the discussion should be about institutional alignment. To evaluate this properly, we have developed a lens, an...
We call it the BIG Analytical Framework, and we believe any offline solution should be tested against that framework. It needs to be bankable. If you don't make it bankable, the banking sector will not like it, and they will sort of fight that solution. They just have to be forced to do it, otherwise they won't, because this is not good for banks. It needs to be implementable, and that's on the wallet side or the application side. It needs to scale, it needs to be interoperable, and ideally also vendor-neutral, you don't have vendor lock-in. Last but not least at all, it needs to be governed. You should not create a digital parallel money system that is completely outside the supervisory perimeter of a central bank.
You should keep it as digital money, and that's important for the system, and it's important for the role of the regulator as well. You need to have real privacy. Yes, you can believe that you have privacy with a system that looks like replicating cash, but any system will put up central reconciliation, and they have token chains. That kills privacy. This is how it looks implemented with the BIG Analytical Framework. Immediate model scores a red light on all three. The deferred model, which is common on the card schemes, is somewhere in between. It's only the governed model that has all three. It's banking-friendly, it's implementable, and it can be governed. Now I'm gonna. I have to turn on my glasses now.
Can't read anymore, so I probably have to take it off in a while because this is my snow glasses from Nepal. They're extremely dark. Do you want to know what it is? It is an innocent design decision very early that determines everything. You can feel it when you go to work, when you go to church, or when you pay your taxes. If you let form come before function, you may think it is about, "Let's make physical cash work digitally." Really, what the problem to solve is how do you make digital money work offline? It may on the surface sound the same, but the outcome, if you start with the right decision, you start with the function, then you come to form, you get to completely different consequences.
Fortunately, you can be told what these consequences are, and you can see it for yourself. When you see it, there is no driving back. You go on green. The story ends. Money still sits with regulated institutions. Offline can be implemented at scale and governed as digital money. If you drive against red, you will stay in Wonderland, and I will now show you how deep this rabbit hole is. Remember, all I'm offering is the truth, nothing more. Follow me. Sorry, I didn't change it. We are now looking at three categories, bankable, implementable, governed. Let's go down to sub-dimensions for that. What do we mean with bankable? What does that mean? It means that liquidity, money stays on the bank's balance sheets, number one. Number two, it means that we don't deteriorate the funding efficiency of banks.
We rather should improve it, then they like it. You don't put on implementation costs which are sky high. I've heard that the digital euro project is spending more than half of the budget on offline alone. Why? Implementable. It needs to scale. It needs to scale on all devices and not regulate that people have to use certain devices, otherwise you can't really be allowed into the euro area. What is that? It needs to be interoperable, and that means interoperable within the system but also cross-systems. It needs to be interoperable with POS systems. This is requirements that any implementer would like to see. It should be competitive. You should create a vendor-neutral system. Look at governed. You shouldn't move the systemic risk for online payment. You shouldn't move it out to devices. You should have bounded risk.
Authority should continue as it is today with digital money. You shouldn't have to devise new rule books for a new form of digital money that resides outside the perimeter of a central bank. Lastly, you should have real privacy, not tell people that we're gonna do it like cash and still keep centralized reconciliation and token chains, which really kills it if you really understand how the system is working. What's interesting with the Governed Offline model is that at its core, this is why it's so fantastically interoperable. Because interoperability, anyone who worked with India, they had a lot of different PPIs, prepaid instruments, with a lot of QR codes, and then they had UPI as with another QR code. They said, "No more that.
Everything has to be now interoperable." They said, "Any PPI, any prepaid instrument, they have to guarantee two things, authorization from the user, they have to be able to show that within their system, and they have to show solvency, that the money is there, then they can push the payment on the UPI rail." These two are the requirements. The immediate model has money to pay, that's what you have in your wallet, but has no cross-system interoperability because it's bounded with a token. It's not interoperable but with anything except within the system itself. Deferred one, it scores on the other one. Yes, there is authorization to pay, you certainly have that, but you have no solvency. It's sort of like a check which may not be covered.
Governed offline within an offline wallet itself solves both authorization and solvency, and that is what makes it so fantastically interoperable. We have patented this architecture. We filed the first patent in 2020. It's already granted in Europe, it's granted in the U.S., and it's granted in Taiwan, and I may have got it, I just haven't got it confirmed yet, in India today actually being here. We have it now in India as well. It's just then pending in China. That's the only thing we're waiting on. When we work with NPCI as a system operator, they don't wanna lock in with us, and they don't have to because we help the system to accept offline payments. That's what systems do. They don't make payments, they accept payments. We build a vendor-neutral offline acceptance system.
Anyone who can pay online should be able to also accept a payment offline. That's what we help NPCI doing with the governed model. Anyone can deliver an offline wallet. Yeah, we provide that, and we can license that to on the issuing side. It's a vendor-neutral system. We don't lock them in. No additional transaction fee whatsoever, and this is what we're aiming for in India. Let's look a little bit about the economics because online, if you look at that, it's cost neutral. It has a systemic risk that if a black swan event happens, everything goes down. What offline in a governed model does uniquely is to offer economic value because who holds those reservations? They are the one who control the funding of the system.
That could sit on your balance sheet for your own users on your own balance sheet. That is to become a driver. You hold your own reservations for basically your customers. Even better, you could become an ecosystem hub, and you could facilitate for others that you can hold their reservations as well. You could also, if you're not so daring, you could just become a passenger. You pay for a ticket on the train, and then you have the capability. You just pay for an offline wallet, but someone else has done the system. I don't advise that, you could stay on the platform not doing it at all.
When we now have shown that offline payments is possible, I don't think it will take long before this sort of wildfire will hit the whole world because we have really moved the market from something which was a compromise to something that even makes economic sense to banks. Moving beyond payments, because really what we are creating is a trusted client execution. That's what we can do in our offline, and we do it in software. The strength with this, if you look at an open banking environment, we could, and we are working with another startup here in Europe to coin the word, not just open banking, resilient open banking. That means that they have their open banking. They already integrated with over 5,000 European banks, and they have 100% of the Brazilian banks already with open banking.
We add our layer, our Layer-2 to that system, and then we can create governed offline payment as well, but also interestingly, native authorization without any dependency on a national eID system. It carries over because we sold that as well, digital identity, and that will be important, maybe for the EUDI Wallet here. It's essentially about verifiable credentials and client trust. From insight to action, we could take our offline wallet or our offline system anywhere. We can do it with a single bank, a leading bank in any market as an on-us system. We can do it for a closed loop wallet in a market. We can do it for a national payment system. We can do it for a regional Euro system. We can do it for a global payment system as well.
We are here because ECB, they have announced a call for participations of PSPs into the Digital Euro rail. Any banks who are here, partner with us. You could show offline payments without taking money out of your balance sheet, and you sit with the reserves helping your funding efficiency. We would love to do that. ECB are telling us, "Please, you have already shown that what you can do, be with us." I said, "Yes. Fantastic." That's why I'm here today. To sum up, there are three offline architectures. The industry have incorrectly framed it as only two. Today, yeah, there is another one. It's been around for five, six years, but we haven't really been able to articulate it really well, so no one really got it. Governed Offline is the third one.
The architecture that you choose for offline payments will determine everything, the outcome. The interesting thing with the offline payments, it's sort of that the holders will hold the reservations of this value. As I said before, this carries far beyond just offline payments. Thank you very much.