[m-p-3]

Have the organization responsible of managing the PKI to generate a new subkey from your primary key (kept in cold storage) and publish a certificate revocation for the previous subkey lost/leaked.

Most of our ID cards (health, driving license) already have an expiration date and the subkeys should have one anyway.

[epicide]

No reason you can't have more than one, either. You could even issue keys for people to act on your behalf (e.g. they get access to it on your death as part of your will).