AW: Utah State-Endorsed Digital Identity (SEDI) legislation

Fully agree to you Christopher exactly due to your mentioned reasons.

Some of the subjects you mentioned can be solved even within eIDAS. E.g. DID created by user and bound to governmental eID. But basically the core idea of SEDI differs from eIDAS

@Detlef Hühnlein (ecsec GmbH)<mailto:detlef.huehnlein@ecsec.de>: Global Trust I guess would be defined on standardization level not legislation.

Von: Christopher Allen <ChristopherA@lifewithalacrity.com>
Gesendet: Donnerstag, 12. Februar 2026 07:43
An: Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de>
Cc: public-credentials@w3.org
Betreff: Re: Utah State-Endorsed Digital Identity (SEDI) legislation


Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.


On Wed, Feb 11, 2026 at 9:59 PM Detlef Hühnlein (ecsec GmbH) <detlef.huehnlein@ecsec.de<mailto:detlef.huehnlein@ecsec.de>> wrote:

Dear Jori, Anders, Brent, Drummond, Venu, Manu, all,
the summary below could also serve as very high level summary of the eIDAS-Regulation
including its extension related to the EUDI-Wallet and the envisioned European Business Wallet.

Could this legislation bring us closer to global trust and interoperability?
I need to push back on this comparison of SEDI as being anything like the EU's eIDAS and EUDI initiatives.

While they may share some surface features (wallet-based, selective disclosure support), their underlying philosophies are quite different — in some cases opposite.

The most fundamental difference: SEDI's digital bill of rights declares that identity is "innate to the individual's existence and independent of the state." The state endorses, it doesn't confer. As Drummond noted, this is a watershed. EUDI depends heavily on a government-issued anchor credential — the state remains the source of identity, not just its endorser.

Some other key contrasts:

* SEDI explicitly prohibits the state from monitoring, surveilling, or tracking presentations. EUDI has struggled with "phone home" problems — credentials calling back to issuers on use. (Blockchain Commons joined the No Phone Home initiative on exactly this issue.)

* SEDI defines a "personal digital identifier" that is created by the individual, mathematically provable, and transportable to infrastructure of the holder's choosing. EUDI has been slow to warm to DIDs at all.

* SEDI requires open standards free from licensing fees and patent restrictions. eIDAS mandates integration at the OS level, creating exactly the platform capture risk I wrote about after GDC25 — where Google and Apple become the real gatekeepers of identity.

* And SEDI's Duty of Loyalty — requiring wallet providers, verifiers, and relying parties to act in the individual's best interests — has no equivalent in eIDAS.
* Swiss e-ID sits somewhere between these approaches. Switzerland has the democratic culture and institutional safeguards to potentially get this right, but its architecture doesn't go as far as SEDI in protecting the individual by design. I wrote about what Switzerland would need in my "Five Anchors" article:

     https://www.lifewithalacrity.com/article/musings-swiss-eid/

On EUDI and the broader problems of platform capture in identity standards:
    https://www.lifewithalacrity.com/article/musings-gdc25/

And on SEDI specifically:

   https://www.lifewithalacrity.com/article/Musings-SEDI/


Global interoperability is a worthy goal, but not if it means flattening SEDI's protections down to EUDI's weaker model. The question really should be: can EUDI be brought up to SEDI's standard?

— Christopher Allen