[WhyNotHugo]

For some of functionality, DigiD itself requires an iOS or Android app (for which you need to enter a contractual agreement with either Apple or Google and they decide whether you are allowed to install and use the app).

I understand that this particular path doesn't allow them to access further sensitive data, but it does give these corporations the power to block any individual for accessing the DigiD app.

You don't need the app for most functionality, but for a few healthcare related tasks, it's the only option, with no fallback.

[davedx]

Which tasks? I use DigiD with SMS and I've never needed to install an app, I have healthcare etc etc.

[Muromec]

I believe there are three levels -- password only, otp and otp after you tap the id card in the app (I think it's just once).

My healthcare provider changed their online thing this year and that new thing required highest assurance level. I think they changed it back because you can only tap with the Dutch id card (not the residence permit or other country's ids).

[WhyNotHugo]

Once specific task was linking an Apotheke to my healthcare provider. SMS was not allowed for this flow. I've seen other scenarios, but I don't recall them.