Re: Utah State-Endorsed Digital Identity (SEDI) legislation from Christopher Allen on 2026-02-12 (public-credentials@w3.org from February 2026)

From: Christopher Allen <ChristopherA@lifewithalacrity.com>
Date: Wed, 11 Feb 2026 22:43:25 -0800
To: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>
Cc: public-credentials@w3.org
Message-ID: <CACrqygCbeCZn7wJz4-cx85q5kn=krjOZC2fQQVEjDf9Bc2r2Fw@mail.gmail.com>

On Wed, Feb 11, 2026 at 9:59 PM Detlef Hühnlein (ecsec GmbH) <
detlef.huehnlein@ecsec.de> wrote:

> Dear Jori, Anders, Brent, Drummond, Venu, Manu, all,
> the summary below could also serve as very high level summary of the
> eIDAS-Regulation
> including its extension related to the EUDI-Wallet and the envisioned
> European Business Wallet.
>
> Could this legislation bring us closer to global trust and
> interoperability?
>
I need to push back on this comparison of SEDI as being anything like the
EU's eIDAS and EUDI initiatives.

While they may share some surface features (wallet-based, selective
disclosure support), their underlying philosophies are quite different — in
some cases opposite.

The most fundamental difference: SEDI's digital bill of rights declares
that identity is "innate to the individual's existence and independent of
the state." The state endorses, it doesn't confer. As Drummond noted, this
is a watershed. EUDI depends heavily on a government-issued anchor
credential — the state remains the source of identity, not just its
endorser.

Some other key contrasts:

* SEDI explicitly prohibits the state from monitoring, surveilling, or
tracking presentations. EUDI has struggled with "phone home" problems —
credentials calling back to issuers on use. (Blockchain Commons joined the
No Phone Home initiative on exactly this issue.)

* SEDI defines a "personal digital identifier" that is created by the
individual, mathematically provable, and transportable to infrastructure of
the holder's choosing. EUDI has been slow to warm to DIDs at all.

* SEDI requires open standards free from licensing fees and patent
restrictions. eIDAS mandates integration at the OS level, creating exactly
the platform capture risk I wrote about after GDC25 — where Google and
Apple become the real gatekeepers of identity.

* And SEDI's Duty of Loyalty — requiring wallet providers, verifiers, and
relying parties to act in the individual's best interests — has no
equivalent in eIDAS.

* Swiss e-ID sits somewhere between these approaches. Switzerland has the
democratic culture and institutional safeguards to potentially get this
right, but its architecture doesn't go as far as SEDI in protecting the
individual by design. I wrote about what Switzerland would need in my "Five
Anchors" article:

     https://www.lifewithalacrity.com/article/musings-swiss-eid/

On EUDI and the broader problems of platform capture in identity standards:

    https://www.lifewithalacrity.com/article/musings-gdc25/

And on SEDI specifically:

   https://www.lifewithalacrity.com/article/Musings-SEDI/

Global interoperability is a worthy goal, but not if it means flattening
SEDI's protections down to EUDI's weaker model. The question really should
be: can EUDI be brought up to SEDI's standard?

— Christopher Allen

Received on Thursday, 12 February 2026 06:44:07 UTC