The design choices—persistent metadata linkage, TEE vendor lock-in, and ecosystem-scale assumptions—prioritize state/private gatekeeper control over real individual sovereignty.
This aligns with lead contributor Paolo De Rosa's advocacy for "governed interdependence" in his May 2025 Medium piece "Digital Cooperation," where he pushes "operational alliances" and "interdependence governed" to achieve EU scale, explicitly rejecting decentralized sovereignty in favor of coordinated, top-down digital infrastructures.
Factual problems:
-
Linkability & surveillance baked in: Selective disclosure (SD-JWT/mdoc) fails in practice due to correlatable sessions, device attestations, and logs that enable cross-service tracking and de-anonymization over time.
-
De facto mandatory trajectory: eIDAS 2 forces private-sector acceptance, turning "voluntary" into exclusionary friction for non-users—classic mission creep toward supervised participation.
This setup risks granular oversight, revocation, and exclusion, resembling tools for authoritarian digital governance rather than liberation.
As Elon Musk put it yesterday (Jan 26, 2026): "Hard to “legislate” technology into existence" — in response to EU efforts to regulate away US tech dominance. He is precisly right: you can't legislate trustworthy, freedom-respecting identity tech into being via bureaucratic mandates and governed alliances. It requires genuine user control, not enforced interdependence.
Please consider :
- Immediate docs/warnings on metadata risks, TEE dependencies, and mandatory creep.
- Explore real mitigations: ephemeral keys, ZKP defaults, TEE alternatives.
- Address how this avoids becoming infrastructure for control.
The design choices—persistent metadata linkage, TEE vendor lock-in, and ecosystem-scale assumptions—prioritize state/private gatekeeper control over real individual sovereignty.
This aligns with lead contributor Paolo De Rosa's advocacy for "governed interdependence" in his May 2025 Medium piece "Digital Cooperation," where he pushes "operational alliances" and "interdependence governed" to achieve EU scale, explicitly rejecting decentralized sovereignty in favor of coordinated, top-down digital infrastructures.
Factual problems:
Linkability & surveillance baked in: Selective disclosure (SD-JWT/mdoc) fails in practice due to correlatable sessions, device attestations, and logs that enable cross-service tracking and de-anonymization over time.
De facto mandatory trajectory: eIDAS 2 forces private-sector acceptance, turning "voluntary" into exclusionary friction for non-users—classic mission creep toward supervised participation.
This setup risks granular oversight, revocation, and exclusion, resembling tools for authoritarian digital governance rather than liberation.
As Elon Musk put it yesterday (Jan 26, 2026): "Hard to “legislate” technology into existence" — in response to EU efforts to regulate away US tech dominance. He is precisly right: you can't legislate trustworthy, freedom-respecting identity tech into being via bureaucratic mandates and governed alliances. It requires genuine user control, not enforced interdependence.
Please consider :