It's hard to follow all the things done in the name of user control and privacy that are anything but. An EU barrier to trade and reduction in user control in the name of security has been to control all the relying parties. https://epicenter.works/en/content/eidas-one-step-forward-two-steps-back also laments the unique identifier being genuinely unique for good anti-fraud reasons, ingoring that a unique identifier is a fundamental requirement of the world bank model. (Which the UK is both supporting and refusing, although at least the UK relying party policy has been changed to be sensible, perhaps only because the relying party is paying for the 'service'.) Given that we would all complain were the US to expect everyone to register in the US if they wanted US customers (including US tourists), it's odd that there has been little consideration of the international implications. Or is nobody seriously thinking it will fly? Meanwhile, many will recall the Swiss plebiscite which required a public sector provider to support public sector applications, whatever other options were available. A recent UK change has gone further and upturned the commercial model https://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/A-driving-l... although with 50 suppliers more than half will each get less than 2% of any market. I have not heard of any of the 50 getting or predicting a return any time soon. The one bit of bright news - whatever you think of the framework - is that the UK government system has indeed been independently blessed - by Kantara this time. (tScheme looked at the PKI root that was never used, so it's not unprecedented, but still good news.) Mark