[Avamander]

SIM-based solutions are on their way out because phones are starting to lose SIM slots. Certifying eSIM implementations to the same EAL level (as Mobile-ID SIMs are) is way way too difficult. At least for one country doing it alone.

Smart-ID sucks. It's not truly hardware-backed, it's proprietary and has fundamental flaws like not having a direct link between the site being authenticated to and the authenticating device (auth can be proxied, just like if it were just plain TOTP).

[nip]

Agree on Smart-ID but the answer is to fix those flaws, not to replace the entire approach with one that depends on Google Play Integrity verdicts that even the German architects admit they can’t fully trust.

SIM-based solutions on their way out is a non-issue. For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.

[Avamander]

> Agree on Smart-ID but the answer is to fix those flaws

Fundamentally can't be, it'd be a whole new solution.

> For eSIM to support that use case, political will only is needed: the EU got Apple to abandon the lightning cable, this is not any different.

Mandate every phone vendor to EAL4(+) certify their eSIMs? I'd love to see that, but I'm not sure that's a viable approach to take.