Argument Map — Civic Receipts and Provenance Chain: Auditable Engineering Primitives for the Conditionally Delegable Zone

Civic receipts serve as the cryptographic bearer of supported / substituted distinguishability within the conditionally delegable zone Z₂. Implementation requires four primitives SA1–SA4 — a mixed strategy of baseline SD-JWT-VC plus conditional advanced BBS+ Cryptosuite constrained in reverse by verifier policy; a dual-track design in which holder-controlled is the primary track supplemented by third-party qualified preservation service (QPSP) encrypted backup, with a preservation floor of 30 years (limited to "OECD and CRPD states parties without declared reservations"); court admissibility mapped to US FRE 901(b)(9), eIDAS 2024/1183 Chapter III §7–8, and Taiwan Electronic Signatures Act §4 / §10, with cross-border recognition via the Hague e-APP; cross-border mutual recognition advances through the G_recognition^A soft-law layer in three phases of 5 / 10 / 15 years. The four primitives cover the 9-✓ and 4-△ cells in the F1 §3 5×3 matrix within the Z₂ scope (Theorem T1) and represent a cryptographically unreachable boundary for the two Z₃-intrinsic cells (RT-ℬ ✗ / AA-ℬ ✗) (Theorem T2). SA1 → SA2 → SA3 → SA4 is a linearly closed verification dependency; SA4 → SA1 is a design-stage feedback loop. Working thesis and strengthened thesis are strictly distinguished; the latter retains core functionality under full activation of all five counterfactuals through three critical-path mitigations (crypto-agility by design / third-party trusted preservation service integration / G_recognition^A multi-track fallback).

Civic receipts operationalise the supported / substituted distinguishability requirement within CRPD Z₂ via four standardisable primitives (cryptosuite / preservation / admissibility / recognition), with a linear SA1→SA2→SA3→SA4 verification closure and an SA4→SA1 design-time feedback loop, sustained under five counterfactuals only when three critical-path mitigations are bundled into the strengthened thesis.

Formal Notation

Receipt(r) ≜ ⟨cryptosuite_id, holder_did, agent_did?, deliberation_hash, retention_floor,
              jurisdictional_profile, audit_release_policy, recognition_chain, ...⟩  (14 group / 23 leaf)

V_receipt(r) ⇔ V_cryptosuite(r) ∧ V_preservation(r) ∧ V_admissibility(r) ∧ V_recognition(r)  (T3)
            ⇔ ex_ante_deliberation(r) ∧ ex_post_reversibility(r) ∧ decision_trace(r)         (T4)

CriticalPath : SA1 → SA2 → SA3 → SA4   (linear verification closure)
FeedbackLoop : SA4 → SA1               (jurisdictional_profile reverse-constrains AcceptedSuites(τ))

Distinguishability(supported, substituted) ⇔ ex_ante ∧ ex_post_rev ∧ trace
CRPD GC1 §29 ≜ hard_constraint(audit_trail)

Cryptosuite ∈ { SD-JWT-VC (baseline) , BBS+ (advanced, conditional on W3C Rec) ,
                ZK-SNARK (narrow profile, F3 issue) }
Preservation = {holder-controlled} ⊕ {QPSP encrypted backup, threshold signatures}
               ;  retention ≥ 30y  (limited to "OECD + CRPD states parties without declared reservations")
Admissibility-profile(j) ∈ { us-fre-901b9 , eu-eidas-art25-35 (amended Chapter III §7-8) ,
                             tw-esign-art4-10 }
Recognition-anchor ∈ { OECD-AI-Principles-supplement (≈ 5y) ,
                       CETS-225-protocol (≈ 10y) ,
                       Hague-e-APP-extension (≈ 15y) }

T1 (Z₂ coverage lemma)    : ∀ cell ∈ M[i,j] (✓ ∪ △) , ∃ σ ⊆ {SA1..SA4} : P_degrade(cell|σ) ≤ θ₂ ≈ 0.7
T2 (Z₃-intrinsic unreachable) : ∀ σ , P_degrade(M[RT,ℬ] | σ) > θ₂ ∧ P_degrade(M[AA,ℬ] | σ) > θ₂

StressTest CF1..CF5 ⇒ working_thesis ≠ strengthened_thesis
strengthened_thesis ≜ working_thesis ∧ crypto_agility ∧ QPSP_interface ∧ multi-track_recognition

The civic-action-receipt is carried by 14 field groups / 23 leaf fields. V_receipt is defined by the conjunction of conditions C1–C6. Theorem T3 decomposes it into four primitive sub-clauses; Theorem T4 maps it to the three-layer distinguishability of F1. SA1 → SA2 → SA3 → SA4 is a linearly closed verification dependency; SA4 → SA1 is the design-stage loop in which jurisdictional_profile reverse-constrains the cryptosuite set. Within Z₂, the 9-✓ and 4-△ cells are covered by the four primitives (T1); the two Z₃-intrinsic cells (RT-ℬ ✗ / AA-ℬ ✗) are the T2 unreachable boundary. Five counterfactual stress tests separate the working thesis from the strengthened thesis — the latter retains core functionality under full activation of all five counterfactuals through three critical-path mitigations (crypto-agility / QPSP integration / multi-track recognition).

SA1 / SA2 / SA3 / SA4: Four primitives (cryptosuite selection / long-term preservation / court admissibility / cross-border mutual recognition)
V_receipt(r): Receipt-validity function, defined by the conjunction of conditions C1–C6
T1 / T2 / T3 / T4: Theorem 1 (Z₂ coverage) / Theorem 2 (Z₃-intrinsic unreachable) / Theorem 3 (critical path chain) / Theorem 4 (correspondence to F1 three-layer distinguishability)
M[i, j]: Cell for element i × component j in the F1 §3 5×3 necessity matrix; i ∈ {AT, RT, AA, BS, TC}, j ∈ {𝒩, ℱ, ℬ}
Z₂ / Z₃-intrinsic: F1 §3.3 conditionally delegable zone / intrinsic structurally non-delegable zone (determined by ℬ philosophical foundation)
P_degrade: F1 §3.2 probabilistic degradation function (cell degradation probability given context); θ₂ ≈ 0.7 is the Z₂/Z₃ boundary threshold
AcceptedSuites(τ): The set of cryptosuites not yet broken at time τ and still on the SDO approved list
G_recognition^A: FTLA-Agent cross-border recognition layer (article 8 + article 17 §7), carried by three soft-law pathways (OECD / CETS 225 / Hague e-APP) in three phases of 5 / 10 / 15 years
⊕: Dual-track combination (holder-controlled primary, third-party backup secondary)
≜: Defined as
⇔: If and only if
∧: Conjunction

The formal expression states the position; the next step is to separate common misreadings. In current wallet / VC engineering discourse, a civic-action-receipt is frequently treated as "an alias for a VC Presentation + writing to an audit log completes it." If this classification stands, the existing SD-JWT-VC + status list + EUDI ARF triple suffices to cover civic action scenarios, and the supported / substituted distinction is borne by the wallet UI. The map's first move is to draw a line between this reductionist account and "14-field schema + V_receipt six conditions + four-primitive implementation."

foundational distinction

❌ Rejected

A civic-action-receipt is reducible to a VC Presentation plus an audit log

Treats a civic-action-receipt as an alias for a VP within the scope of W3C VCDM v2.0 §5.7 / §7.1, with each presentation by the wallet writing to an audit log to complete it. Under this classification, the supported / substituted distinction is borne by the wallet UI; cross-border mutual recognition is covered by the EUDI Wallet ARF + OpenID4VP triple; and 30-year preservation and court admissibility are "downstream" engineering issues that do not affect schema design. Conflating VP with receipt carries two argumentative costs — first, VCDM v2.0 §5.7 expresses ZKP as "synthesised from the original VC but not containing original data," so the audit trail requirement for "content_hash alignment openable by court order" becomes unestablishable, directly violating CRPD GC1 §29 independent review procedure requirements; second, FRE 902(14)'s process of digital identification, in the Advisory Committee Note, gives hash value comparison as a typical example — a VP itself does not contain a hash alignment field, so the receipt must contain content_hash to satisfy 902(14)'s engineering conditions.

Receipt(r) ≜ VP(r) ∧ AuditLog(r) ∧ ⟨content_hash, jurisdictional_profile, recognition_chain⟩ ⊥ Receipt

✓ Defended

A civic-action-receipt is a commitment object in the (Subject, Verifier) → Audit direction, carried by a 14-field schema + V_receipt six conditions + four-primitive implementation

A civic-action-receipt occupies a different formal position from a VP — a VP is a disclosure object in the Subject → Verifier direction, while a receipt is a commitment object in the (Subject, Verifier) → Audit direction, produced by the verifier side, with a copy retained by the holder side and the audit trail side. The schema comprises 14 field groups (approximately 23 leaf fields when nested and expanded), inheriting from F1 §5.4 DeliberationRecord and §7.3.1 enabling envelope, and adding 9 field groups corresponding to the engineering carriers of SA1–SA4 (cryptosuite_id / preservation_layer + retention_floor / content_hash + qualified_person_attestation + jurisdictional_profile / recognition_chain + cross_border_envelope). V_receipt is defined by the conjunction of C1–C6; Theorem T3 decomposes it into four primitive sub-clauses, and Theorem T4 maps it to F1's three-layer distinguishability (ex_ante_deliberation ∧ ex_post_reversibility ∧ decision_trace).

V_receipt(r) ⇔ V_cryptosuite(r) ∧ V_preservation(r) ∧ V_admissibility(r) ∧ V_recognition(r)  ;  CriticalPath: SA1 → SA2 → SA3 → SA4  ;  FeedbackLoop: SA4 → SA1

The distinction is merely a declaration. Proving that civic receipts require a 14-field schema + four-primitive conjunction (rather than simply "adding an audit log to a VP") calls for five independent lines of support — the deductive strand provides the formal skeleton of the 14-field schema and V_receipt six conditions; the inductive-causal strand provides the engineering constraints of three cryptosuite families (SD-JWT-VC / BBS+ / ZK-SNARK) under verifier policy three-point negotiation; the abductive strand provides the normative inference of the 30-year floor derived from three windows and the exclusion of Design B; the analogical strand provides the bearing structure for three-jurisdiction mapping, ESI analogy limitations, and the Apostille public/private document split; and the forward-looking strand provides the three-phase soft-law timeline (5 / 10 / 15 years) and non-OECD parallel tracks. The five pillars correspond to five argument types — any one missing and the position degrades to advocacy.

supporting arguments

§3 — Deductive (14-field schema + V_receipt six conditions + Theorems T1–T4)

The 14-field schema and V_receipt function constitute the formal skeleton of the four primitives

whyProvides the formal skeleton of conjoint analysis — without formalising the schema and V_receipt as a function, the four primitives remain at the linguistic level; without explicitly stating the cell correspondences of the four primitives in the F1 5×3 matrix, Lemma T1 (coverage) and Lemma T2 (unreachable) are merely rhetorical.

Merging the F1 §5.4 DeliberationRecord (11 field groups) with the §7.3.1 enabling envelope yields a 14-field schema with approximately 23 leaf fields when nested and expanded. The schema adopts a two-level counting convention — "field group" as the top-level naming unit and "leaf field" as the terminal item expanded to base type; inherited from DR / ENV: 11 groups; newly added: 9 groups (counted by strongest attribution), in a 1.22:1 ratio with the leaf level. Each newly added field corresponds to specific sub-arg engineering requirements: cryptosuite_id corresponds to SA1 mixed-strategy three-point negotiation; preservation_layer / retention_floor to SA2 dual-track design; content_hash / qualified_person_attestation to SA3 FRE 901(b)(9) mapping; jurisdictional_profile to SA3 three-jurisdiction branching; recognition_chain / cross_border_envelope to SA4 three-phase soft-law; and audit_release_policy to GDPR Art 5(1)(b)(c) and EDPB Statement 1/2024. V_receipt is defined by the conjunction of: C1 (cryptosuite robustness) + C2 (agent-vs-holder distinguishability) + C3 (preservation) + C4 (admissibility) + C5 (recognition) + C6 (revocability). τ is the moment V_receipt is verified; AcceptedSuites(τ) is the set of cryptosuites not yet broken and still on the SDO approved list at time τ. The four primitives cover the 9-✓ and 4-△ cells in the F1 5×3 matrix within the Z₂ scope (Lemma T1); for RT-ℬ ✗ and AA-ℬ ✗ they represent the cryptographically unreachable boundary (Lemma T2); Theorem T3 decomposes V_receipt into four primitive sub-clauses; Theorem T4 maps it to F1's three-layer distinguishability.

The 14-field schema and V_receipt function constitute the formal skeleton of the F2 four primitives. T1 and T2 simultaneously fix the coverage boundary and the unreachable boundary. Downstream writers may not claim that civic-action-receipts solve the fundamental accountability problem of AI agents (violation of T2).

schema = 14 group / 23 leaf  ;  V_receipt(r) = ⋀_{i=1..6} Cᵢ(r)  ;  T1: ∀ cell ∈ (✓ ∪ △) , ∃ σ : P_degrade(cell|σ) ≤ θ₂  ;  T2: ∀ σ , P_degrade(M[RT,ℬ]|σ) > θ₂ ∧ P_degrade(M[AA,ℬ]|σ) > θ₂

§4 — Inductive + Causal (SD-JWT-VC / BBS+ / ZK-SNARK three families + verifier policy three-point negotiation)

The mixed strategy is an engineering structure reverse-constrained by verifier policy; three-point negotiation bears the decision

whyProvides the engineering foundation for SA1 cryptosuite selection — without explicitly presenting the three cryptosuite families as each having distinct trade-offs across six dimensions (standards maturity / signature size / verification cost / unlinkability / quantum-safety / hardware key custody), the conditional-layering claim that "BBS+ is advanced" will be read as marketing; if mixed strategy is read as "the same credential simultaneously carrying all three-family signatures," the engineering structure is missed.

SD-JWT-VC belongs to the IETF OAuth WG track: RFC 9901 (2025-04) + draft-16 (2026-04-24) stable; EUDI Wallet ARF 2025-12 iteration §2.3.1 explicitly MUST support; hardware key custody fully supported (Secure Enclave / StrongBox / TPM); PQC migration straightforward (swap to ML-DSA / Falcon); no unlinkability. BBS+ Cryptosuite belongs to the W3C VC WG track: W3C vc-di-bbs entered CRD on 2026-04-07; IRTF CFRG draft-07 passed Last Call on 2025-08; W3C VC WG 2025-10 charter renewal uses "best-effort Q4 2026 / Q1 2027" language for Recommendation timeline. Native multi-message selective disclosure + unlinkable proof generation; Secure Enclave / StrongBox / TPM do not natively support BLS12-381, so the prover must execute in application memory; BLS12-381 is insecure against quantum computers with no near-term PQC substitute. ZK-SNARK on VC belongs to vendor implementation tracks; W3C Explorer Note (2024-09) explicitly marks it "not on Recommendation track"; positioned as an advanced narrow profile for complex predicates, not a replacement for baseline. "BBS+ is advanced" uses normative, conditionally valid layering — condition: W3C BBS Cryptosuite reaches Recommendation; if not reached by 2027 Q1, baseline reverts to SD-JWT-VC only and BBS+ layering is deferred to 2028. Mixed strategy is an engineering structure reverse-constrained by verifier policy on issuer and holder choices, with three decision points: (a) issuance-time (issuer selects cryptosuite; one credential uses one family) + (b) presentation-time (holder selects from multiple wallet credentials the presentation method matching verifier policy) + (c) verification-time (verifier accepts or rejects and returns fallback hints). Negotiation channels: OpenID4VP draft-23 + DIF Presentation Exchange v2.1.

The engineering landscape of the three cryptosuite families determines the bearing structure of SA1 mixed strategy. Verifier policy three-point negotiation is the specific mechanism by which SA1 generates engineering constraints on the three downstream primitives SA2–SA4. Hardware key custody in BBS+'s engineering gap is the §11 open question O9 (ARM TrustZone BBS+ prover) issue.

Cryptosuite ∈ {SD-JWT-VC (RFC 9901 + draft-16, MUST baseline), BBS+ (CRD, conditional advanced), ZK-SNARK (Explorer Note, narrow profile)}  ;  MixedStrategy ≜ ⟨issuance-time, presentation-time, verification-time⟩  ;  verifier-policy reverse-constrains AcceptedSuites(τ)

§5 — Abductive (30-year floor derived from three windows + three failure modes + Design A / B / C)

The 30-year floor is derived by aggregating three normative windows; dual-track design excludes Design B

whyProvides the abductive argument for SA2 long-term preservation — inferring engineering design criteria in reverse from the 30-year normative requirement of supported decision-making. Without deriving the 30-year floor from three windows, it degrades to an arbitrary choice; without explicitly excluding Design B, court override + third-party independent key exercise will pull SA2 as a whole back within the scope of the CRPD §28 substituted prohibition.

The 30-year floor is derived by aggregating the maximum of three normative windows under both normative and empirical evidence: (i) CRPD benefit claim litigation period (Germany BGB §197(1) Nr. 1 — 30 years for confirmed court-adjudicated pension claims + SGB I §45 uninformed extension, taking the maximum window of 30 years) + (ii) incapacity guardianship declaration dispute lookback period (extreme cases: 30 years) + (iii) Toeslagenaffaire-level ex-post lookback period (own estimate: 8 years post-discovery + 14-year relief tail = 22 years). The three-window aggregate falls in the 22–30 year range; this paper takes 30 years and limits scope to "OECD and CRPD states parties without declared reservations" (explicitly noting that India DPDP, Brazil LGPD, Indonesia PDP, and Aadhaar UIDAI short limitation periods are not universally applicable). Holder-only design fails in three scenarios — dementia (wallet private key incapacitated after CDR ≥ 2) + device loss / damage / OS forced update + post-death digital estate (RUFADAA assumes the fiduciary can retrieve credentials, but a self-custody wallet without continuing instructions to fiduciary leaves the fiduciary unable to access). Comparison of three dual-track designs: Design A (third party holds encrypted backup; holder holds the only decryption key) + Design C (threshold signatures, recommended starting point t=2 / n=3) pass the CRPD §28 test; Design B (multi-sig escrow with court override, third party exercises private key independently) directly violates §28's prohibition on substituted, and this paper does not adopt it. The third-party notary in the dual-track design is positioned as "preservation agent" — QPSP holds the encrypted backup and integrity evidence chain without holding the decryption key, and without substituting the holder. Estonia X-Road 25-year preservation practice + Nordic BankID deceased cardholder handling (family must provide death certificate + heiress qualification skifteattest + existing identification data) constitute case evidence.

The 30-year floor is an "analytical recommendation value," not a "normative hard constraint," with scope explicitly stated. Design A and Design C pass the §28 test; Design B violates it. The dual-track design adopts a three-layer approach: daily holder-controlled / court proceedings holder + third-party co-custody / disputed full third-party management.

retention_floor = max(W_CRPD_claim, W_capacity_dispute, W_Toeslagen) ≥ 30y  ;  scope ≜ OECD ∩ CRPD_party ∖ reserved  ;  Design = A (QPSP encrypted backup) ⊕ C (threshold t/n)  ;  Design B ⊨ violates CRPD §28

§6 — Inductive + Analogical (three-jurisdiction mapping + ESI analogy + Apostille public/private document distinction)

Court admissibility mapped to FRE 901(b)(9) / amended eIDAS §7–§8 / Taiwan Electronic Signatures Act §4–§10; Apostille public/private document distinction as a gap

whyProvides the mapping structure for SA3 court admissibility — without explicitly mapping three-jurisdiction admissibility profiles, the jurisdictional_profile field has no semantic boundary; without fixing the limitations of the ESI analogy, Sedona Principles 6 / 11 on receipt disclosure scope and metadata boundaries will be misapplied, hollowing out the chooser_signature engineering; without positioning Mata v Avianca as a negative precedent, agent-mediated receipts without chooser_signature may be entirely rejected by courts as ChatGPT hallucination records.

The three-jurisdiction mapping table splits admissibility profiles into three tracks — US: FRE 901, 902(14), 803(6) + Lorraine v Markel ESI authentication five-step test + Daubert five factors; EU: Regulation (EU) 2024/1183 Chapter III §7 (preservation; predecessor Art 33–34) + §8 (QES automatically equivalent to handwritten signature; predecessor Art 35) + ETSI TS 119 511 / 512; Taiwan: Electronic Signatures Act §4 / §10 + Civil Procedure Act Art 363 / 363-1 + Executive Yuan 2026 draft amendment (under Legislative Yuan review). Holder-controlled receipts do not take the FRE 902(14) self-authentication path; instead they take the heavier FRE 901(b)(9) "process or system description + accuracy proof" path, carried by the three-part suite of chooser_signature + audit-by-design + revocation_endpoint. The ESI analogy has limits — FRCP 26(f) / 34(b) + Sedona Principles presuppose "enterprise records"; civic receipts presuppose "holder-controlled assertions" with litigation motivation. FRE 803(6) hearsay rule for receipts has three response paths — verbal act (the occurrence of the act, falling outside the scope of hearsay) + present sense impression (FRE 803(1), carried by the three timestamps timestamp_proposed / decided / presented) + 803(6) extension (Grimm-Capra-Joseph 2017 argue for personal regularly conducted personal record-keeping). Mata v Avianca, 22-cv-1461 (S.D.N.Y. 2023) is a negative precedent / counter-example, not a legitimate template — any agent-mediated receipt without a chooser_signature explicitly confirming the holder's in-person signing may be entirely rejected by courts as a ChatGPT-style hallucination record. The schema designs agent_did as nullable; when agent_did ≠ null, agent_delegation_proof and agent_delegation_capability_hash must both be non-null and verifiable back to subject_did — this is the engineering correction to this negative precedent. The Apostille public/private document distinction is a gap in the cross-border recognition layer — if the civic receipt issuer is a public authority (e.g., the National Health Insurance Administration, Long-Term Care Management Centre), it may claim to be a broad public document; if by a private issuer, it is a private document, Apostille does not apply, and cross-border recognition must proceed via the 1965 Service Convention or case-by-case diplomatic certification. The Daubert five factors' tension with BBS+ and ZK-SNARK: BBS+ has evidentiary pressure on the fourth and fifth factors (standards / general acceptance) and must cite Tessaro-Zhu (2023) EUROCRYPT and Camenisch-Drijvers-Lehmann (2016) TRUST security proofs; ZK-SNARK has not established general acceptance in federal civic-action scenarios, positioned as a narrow profile.

SA3 court admissibility has a clear three-jurisdiction mapping path. The Apostille public/private document distinction constitutes a gap in the cross-border recognition layer (whether civic receipts qualify as public documents requires supplementary argument). Mata v Avianca is a negative precedent; chooser_signature engineering is the specific correction to this negative precedent. The three hearsay rule response paths are listed as "preliminary claims" in §11 open questions.

jurisdictional_profile ∈ {us-fre-901b9, eu-eidas-art25-35 (amended §7-§8), tw-esign-art4-10}  ;  holder-controlled → 901(b)(9) heavier path (¬ 902(14))  ;  hearsay-response ∈ {verbal_act, present_sense_impression, 803(6)-extension}  ;  Apostille(receipt) ⇔ public_document(issuer)

§7 — Analogical + Forward-looking (5 / 10 / 15-year three-phase timeline + non-OECD parallel tracks)

G_recognition^A soft-law layer in three phases; OECD coverage gaps acknowledged, not predicted

whyProvides the governance response for SA4 cross-border mutual recognition — without splitting the FTLA third layer G_recognition^A into three phases (OECD AI Principles supplementary guidance 5-year, CETS 225 supplementary protocol 10-year, Hague PIL e-APP extension 15-year), the entire layer's estimate will be hollowed out by the objection "cross-border governance is always politically infeasible"; without explicitly acknowledging OECD coverage gaps as "acknowledgement" rather than "prediction," non-OECD parallel track design will be misread as a Western-centric patch.

G_recognition^A in F1 §7.8 is an overall 10–15 year estimate; F2 splits it into three phases: (i) OECD AI Principles supplementary guidance (5-year phase 2026–2031): in 2026–2027 OECD AI Working Party lists civic receipts as a work item; 2027–2029 OECD publishes supplementary guidance; 2029–2031 OECD AI Principles second-round revision writes into Principle 1.5 accountability implementation guidance. Conditional variables: uninterrupted political will within OECD, at least one leading member early adopter, G7 Hiroshima Process Friends Group uninterrupted. (ii) CETS 225 supplementary protocol (10-year phase 2026–2035): 2027–2028 Conference of Parties launches the topic; 2028–2030 Drafting Committee drafts; 2030–2032 Committee of Ministers passes; 2032–2035 supplementary protocol enters into force. Conditional variables: CETS 225 signatories maintain signatures; CoE supplementary protocol drafting historical average of 5–8 years constitutes the lower bound. (iii) Hague PIL e-Apostille extension (15-year phase 2026–2041): 2026–2028 Special Commission lists as work item; 2028–2031 Permanent Bureau preliminary document; 2031–2034 Recommendations passed; 2034–2041 domestic implementation in each country and full operation. The fundamental extension of the Apostille concept may not suit HCCH's conservative style and may instead proceed via digitisation of the 1965 Service Convention — this is "most likely," not "the only possibility." OECD covers approximately 65% of global GDP but only approximately 18% of global population (F1 §7.5.4); all three soft-law pathways have OECD coverage gaps. OECD coverage gaps are "acknowledged," not "predicted" — a non-eliminable boundary not eliminable through SA4. Non-OECD parallel track design: (a) AU Continental AI Strategy 2024 (mobile-money + foundational ID integration) + (b) APEC CBPR + Global CBPR Forum 2024 Declaration (especially important for Taiwan — main acceptance track for non-OECD / non-CoE / non-EU) + (c) India DEPA consent artefact (structurally isomorphic to civic-action-receipt; schema-level functional equivalence pending further public release of DEPA normative text) + (d) Brazil LGPD + ANPD adequacy / Indonesia PDP / GCC Mutual Recognition Initiative / ASEAN DEFA. The EUDI mandatory phase (Regulation (EU) 2024/1183 Art 5a requiring member states to mandatorily provide from December 2026) is an accelerator for the OECD 5-year pathway. Soft-law historical conversion trajectory: 1980 OECD Privacy Guidelines → 2018 GDPR in 38 years; 1990 OECD Cryptography Guidelines → 2001 Budapest Cybercrime Convention in 11 years; 2019 OECD AI Principles → 2024 CETS 225 in 5 years. Conversion pathways exist, but the variable is political will and time.

The G_recognition^A three-phase timeline is a conditional estimate, order of magnitude — not an absolute sentence. OECD coverage gaps are acknowledged, not predicted. Taiwan's specific bearing: APEC CBPR + Global CBPR Forum is the main acceptance track. CF4 triggering structural cross-strait track breakage is F2 thesis's weakest commitment to Taiwan scenarios.

G_recognition^A = ⟨anchor_OECD (≈ 5y), anchor_CETS225 (≈ 10y), anchor_Hague (≈ 15y)⟩  ;  parallel-track ∈ {AU, APEC-CBPR, India-DEPA, LGPD, PDP, GCC, ASEAN-DEFA}  ;  OECD-coverage-gap ≜ recognition ¬ prediction

The pillars constitute the affirmative argument. But the claim that "the critical path is an engineering dependency chain, not rhetoric" must be sustained by a concrete dependency chain. SA1 → SA2 → SA3 → SA4 chains the four primitives with three formal conditions D1–D3 into a linear closure — D1 is that the cryptosuite remains verifiable during the retention period, D2 is that preservation integrity is a prerequisite for admissibility, and D3 is that admissibility in the originating jurisdiction is a prerequisite for recognition in the target jurisdiction. The SA4 → SA1 feedback loop shows that jurisdictional_profile reverse-constrains AcceptedSuites(τ) (e.g., BBS+ over BLS12-381 is not in FIPS 186-5). Unfolding the chain translates the abstract "four-primitive conjunction" into mechanistically traceable dependency conditions and embeds temporally sensitive issues such as "PQC threats" and "30-year preservation" into the chain structure.

causal chain

Four-Primitive Verification Dependency SA1 → SA2 → SA3 → SA4 Linear Closure + SA4 → SA1 Design-Stage Feedback Loop

D1 ⇒

SA1 → SA2 formal condition: preservation requires that a verifier can still verify after 30 years, iff the cryptosuite hash + signature has not been broken during the retention_floor period, or QPSP executes timestamp re-signing (V_preservation(r) ⇒ Crypto_Robust(r.cryptosuite_id, r.retention_floor) ∨ TimestampReseal(r.timestamp_token, r.retention_floor)). SD-JWT-VC's JOSE signatures can be re-verified within 30 years; BBS+ over BLS12-381 public keys for 30-year preservation requires accumulator state continuous maintenance — cryptosuite selection structurally determines preservation engineering burden.

D2 ⇒

SA2 → SA3 formal condition: admissibility requires the receipt to be "reproducible + verifiable" at the time of litigation; preservation is a prerequisite for admissibility (V_admissibility(r) ⇒ V_preservation(r) ∧ ContentHashMatch(r.content_hash, retrieved_content) ∧ QualifiedPersonCertification(r.qualified_person_attestation)). If the receipt has been tampered with or lost before litigation begins, FRE 902(14)'s process of digital identification does not hold — preservation structurally determines admissibility possibility.

D3 ⇒

SA3 → SA4 formal condition: cross-border recognition requires the receipt to have admissibility in the originating jurisdiction J₁, and the target jurisdiction J₂ to recognise J₁'s admissibility via a recognition mechanism (V_recognition(r, J₁, J₂) ⇒ V_admissibility(r) under J₁ ∧ Recognize(J₂, J₁, r.jurisdictional_profile) ∧ ∃ ra ∈ r.recognition_chain : ra.target = J₂). Single-jurisdiction admissibility structurally determines the possibility of cross-border recognition.

F1 ◊⇒

SA4 → SA1 feedback loop (design-stage constraint): jurisdictional_profile reverse-constrains the AcceptedSuites(τ) set. FRE 902(14) self-authentication's recognition of "digital signature" presupposes NIST-approved algorithm — SD-JWT-VC's ES256 / EdDSA are NIST-approved; BBS+ over BLS12-381 is not within FIPS 186-5 scope; 902(14) self-authentication for BBS+ is undetermined (no case precedent). The formal semantics (lattice over (cryptosuite, jurisdiction) pairs) is an §11 open question O1, but the feedback loop is empirically visible at the design stage.

T-CRPD ◊⇒

Time dependency of CRPD §29 audit trail obligation: 30-year retention_floor + 5–10-year PQC migration = 35–40 years. If a cryptographically relevant quantum computer emerges in 2035–2045 (mainstream estimate range), receipts generated in 2026–2035 will be unsafe to verify in 2045–2055 (Mosca's theorem mechanism). Crypto-agility by design (cryptosuite abstraction layer + hybrid signing during transition + archive re-anchoring automation) is a mitigation pathway, but the BBS+ PQC substitute (lattice-based unlinkable signature; Bootle et al. 2024 follow-on work) remains at the IACR ePrint research stage.

T-Feedback ◊⇒

CRPD GC1 §29 → §12 reverse-use loop: after CF2 triggers (persons with dementia receipts collectively fail), the CRPD Committee cites the §29 audit trail requirement as evidence of §12 violation — civic receipts engineering that fails to distinguish supported / substituted constitutes proof of Art 12 violation rather than compliance. The strengthened thesis blocks this reverse use through three critical-path mitigations (threshold + court anchor + cognitive endorsement engineering); the working thesis empirically fails under CF2 trigger.

⇒ Mechanistic necessity (structural dependency; does not depend on external trigger)

◊⇒ Probabilistic (requires external trigger to materialise, but probability non-negligible)

Once the position and the causal chain hold, objections become genuinely threatening. Among the five counterfactual stress tests, CF1 (BBS+ standardisation delay), CF2 (persons with dementia collective failure), and CF4 (BRICS rejection of the OECD pathway) each constitute an independent threat to SA1 / SA2 / SA4's main trunk. Careful examination of the likelihood-by-mechanism inference of each objection reveals that they not only fail to overturn the map's position but actually flip to support the necessity of three critical-path mitigations — the evidentiary structure of each objection turns out to be the strengthened thesis's second-order support. CF3 (court rejection) and CF5 (PQC threat) are handled as chain effects in the conditions and conclusion sections to avoid overloading the borders section.

border cases — flip to support

Objection 1

CF1 BBS+ standardisation delay — advanced layering fails so mixed strategy is over-engineering

pivotW3C BBS Cryptosuite WG 2026 Q4 scheduled Recommendation delayed to 2029; delay reasons can be broken into three mechanism chains — interoperability test failure chain (BLS12-381 and hardware token batch verification incompatible) + IPR disclosure chain (IBM 2004–2009 group signature patent family and Microsoft anonymous credential application's W3C PAG processing timeline unpredictable) + policy dispute chain (EU, US, Japan diverge on unlinkability strength assessment). The first chain has partially materialised — as of mid-2025, the W3C BBS Cryptosuite WG issue tracker's issue on BLS12-381 and hardware compatibility remained unclosed. Trigger probability: medium. Empirically, if BBS+ is delayed to 2029–2031, the high-level tier of SA1's "baseline + advanced" two-tier division disappears; mixed strategy degrades to SD-JWT-VC-only; the anti-complexity objection to the entire four-primitive architecture holds.

On closer inspection, CF1 triggering supports the discipline that "mixed strategy is a conditionally valid engineering structure." F2 thesis in §4.4 already explicitly states that "BBS+ is advanced" uses normative, conditionally valid layering (condition: W3C BBS Cryptosuite reaches Recommendation), with fallback: "if not reached by 2027 Q1, baseline reverts to SD-JWT-VC only and BBS+ layering is deferred to 2028." After CF1 triggers, SA1 degrades to SD-JWT-VC-only baseline, but SA1's main structure (verifier policy three-point reverse constraint) still holds — OpenID4VP + DIF PE negotiation channels do not depend on BBS+. IETF JOSE/COSE independent RFC path for BBS algorithm as a fallback for the W3C path, plus EU Wallet Consortium Phase 2 dual-issuance pilot (DE / NL / SE three member states) constitute the bearing structure. The CF1 objection, read carefully, supports the strengthened thesis's commitment to "conditional feasibility" — the working thesis's dependence on the BBS+ advanced tier requires conditional restatement under CF1 triggering, which is precisely the specific expression of the strengthened thesis's "not dependent on a single technology pathway" discipline.

Objection 2

CF2 persons with dementia receipts collectively fail — holder-controlled default collapses so SA2 entire layer fails

pivotIn 2030, Taiwan / EU / Japan simultaneously discover the substituted regime degradation problem of civic receipts in dementia scenarios. WHO 2024 estimates global dementia population approximately 78 million in 2030; 65+ dementia prevalence in the three jurisdictions approximately 7–10% in 2030, totalling approximately 12–15 million. Even taking the conservative estimate of a "30% degradation rate" (assumed value requiring pilot study validation), the scale of substituted-ified receipts is approximately ≥ 3.5 million persons. Three mechanism chains — cognitive endorsement engineering gap (wallet UX universally presupposes fully cognitively capable adults) + long-term care staff routine co-signing (foreign caregivers routinely operate wallet for efficiency; holder-side biometric authentication in dementia scenarios is easily physically guided to completion, creating physical-holder but cognitive-non-holder status) + legal representative gap (Taiwan's 2019 guardianship declaration reform "supplementary declaration + voluntary guardianship" coverage rate still below 5% of dementia population as of 2024). Trigger probability: medium-high (50–65%). Empirically, if large-scale degradation of persons with dementia to substituted occurs, the CRPD GC1 §29 audit trail obligation is difficult to fulfil within the 30-year window; §29 will be used by the CRPD Committee in reverse as evidence of §12 violation — the normative basis of SA2 holder-controlled is reversed.

On closer inspection, CF2 triggering supports the discipline that "dual-track design (Design A + C mixture) with threshold signatures + supporter co-signing critical-path mitigations." F2 strengthened thesis in §5.3 already establishes — daily receipts holder-controlled; long-term care scenario holder + legal representative + medical institution representative three-party threshold signatures (recommended starting point t=2 / n=3, with configurable space); after dementia declaration, wallet receipt generation requires court-approved guardian / supporter signature anchor; cognitive endorsement engineering mandatory (EUDI ARF future versions add micro-consent confirmation delay and supporter co-signing mandatory for accounts of persons with dementia declarations). The CF2 objection, read carefully, supports that §29 audit trail obligation needs dual-layer fulfilment through "engineering correction + legal institution" — supported decision-making legal basis (Taiwan 2019 guardianship declaration reform, Israel 2016 §67B-67F, Peru DL 1384 (2018)) and civic receipts engineering correction jointly bear it. CF2 also fixes the specific policy implication of the working / strengthened thesis distinction — the working thesis empirically fails under CF2 alone; the strengthened thesis blocks §29 reverse use through three critical-path mitigations. This is the most direct evidence for F2's distinction between two levels of proposition. Residual risk (UX cost of threshold signatures for large-scale deployment in incapacity groups; court order anchors' accessibility for rural low-income elderly) is the §11 open question O38 (threshold signatures pilot study need) issue.

Objection 3

CF4 BRICS collective rejection of OECD pathway — G_recognition^A three-phase timeline fails in a multipolar world

pivotIn 2032, expanded BRICS (China, Russia, India, Brazil, South Africa, UAE, Iran, Egypt, Ethiopia, Saudi Arabia) collectively reject the OECD AI Principles 2024 update as the core of the global civic receipts mutual recognition pathway and instead promote a BRICS-led alternative AI governance framework. Three mechanism chains — China's *Administrative Measures on Generative AI Services* (2023-08) Art 4 outward projection (government pre-approval of issuer lists; cross-border verifiers must register in China) + BRICS Kazan Declaration 2024 + Rio 2025 positions on "Global South agency," "equivalent technology governance," "rejection of unipolar technology standards" + data sovereignty legislation wave (India DPDP 2023, Indonesia PDP 2022, Brazil LGPD 2018, Russia 152-FZ 2022 revision). Collective rejection probability: medium; partial rejection probability: high. Empirically, if BRICS collectively rejects the OECD pathway, all three soft-law pathways are affected; global civic receipts split into non-interoperable OECD track and BRICS-AAGF track networks; the G_recognition^A entire layer estimate fails.

On closer inspection, CF4 triggering supports the discipline that "OECD coverage gaps are acknowledged not predicted + APEC CBPR / ITU neutral dialogue bridge + Taiwan's cross-strait track special impact." F2 thesis in §7.2 already explicitly states that "OECD covers approximately 65% of global GDP but only approximately 18% of global population," all three soft-law pathways have OECD coverage gaps, OECD coverage gaps are "acknowledged" not "predicted," and non-OECD parallel tracks (AU, APEC CBPR, India DEPA, Brazil LGPD, Indonesia PDP, GCC, ASEAN DEFA) are designed as "parallel" not "substitute." After CF4 triggers, mitigation designs — APEC CBPR as an intermediate bridge (China, Vietnam, Taiwan, Korea, Japan, Philippines, Mexico, Canada, US, Chile, New Zealand, Australia all in APEC) + ITU AI for Good as non-aligned dialogue (193 members, no OECD / BRICS axis preset) + Hague PIL maintaining neutrality (91 members including China, Russia, India, Brazil). Taiwan's special impact appears simultaneously in three scenarios — mainland-born spouses' rights protection (dependency residence receipts vs. mainland court evidence capability) + Taiwan businesspeople's long-term residency receipts (20–40-year career spanning cross-border falls precisely within the core preservation window of receipts design) + cross-strait investor rights protection (CIETAC's reliability assessment of holder-controlled receipts lacks precedent + *Cross-Strait Investment Protection and Promotion Agreement* (2012) presupposes paper-based written evidence). The CF4 objection, read carefully, supports the commitment gap between working thesis and strengthened thesis for Taiwan scenarios — strengthened thesis's commitment to cross-strait cross-border rights claim scenarios is weaker than to OECD-internal mutual recognition scenarios; working thesis empirically fails for Taiwan scenarios under CF4 triggering. This is the most concrete policy implication of F2's distinction between two proposition levels for Taiwan scenarios, leading to the specific recommendation for TW DIW v1.0 spec to explicitly include QPSP integration provisions + 30-year preservation commitment.

Once the objections are absorbed, what remains are design implications — under what conditions can the four primitives be translated into verifiable engineering or legal obligations? Six conditions translate the abstract "within Z₂, CRPD GC1 §29 audit trail is fulfillable" into testable provisions, while filling in the C1–C6 sub-clause positions of V_receipt. These six conditions constitute the concrete expansion of the V_receipt structure across engineering / legal / normative layers (not merely another name for V_receipt) — cryptosuite mixed strategy, 30-year floor and Design B exclusion, three-jurisdiction admissibility profiles, three soft-law anchors, working / strengthened thesis distinction, and CRPD §29 audit trail obligation (including reverse-use protection).

procedural conditions

Translating civic receipts' four primitives into verifiable engineering or legal obligations requires passing six conditions

deployable_receipt(r) ⇔ V_cryptosuite(r) ∧ V_preservation(r) ∧ V_admissibility(r) ∧ V_recognition(r) ∧ V_thesis_layer(r) ∧ V_crpd_audit(r)

V_cryptosuite — mixed strategy three-point decision + AcceptedSuites(τ) temporal evolution

SA1 cryptosuite selection must adopt three-point mixed-strategy decisions — (a) issuance-time decision (issuer selects cryptosuite; one credential uses one family) + (b) presentation-time decision (holder selects from multiple wallet credentials the presentation method matching verifier policy) + (c) verification-time decision (verifier accepts or rejects and returns fallback hints). Negotiation channels: OpenID4VP draft-23 `client_metadata.vp_formats_supported` + DIF Presentation Exchange v2.1 `submission_requirements`. AcceptedSuites(τ) temporal evolution rules fall under the G_industry^A layer, governed by SDO mechanism design (§11 open question O2). "BBS+ is advanced" is a conditionally valid layering — if W3C BBS Cryptosuite does not reach Recommendation by 2027 Q1, baseline reverts to SD-JWT-VC only and BBS+ layering is deferred to 2028. Hardware key custody's engineering gap in BBS+ may be partially mitigated through an ARM TrustZone BBS+ prover (§11 open question O9).

V_cryptosuite: r.cryptosuite_id ∈ AcceptedSuites(τ) ∧ SigVerify(r.chooser_signature, r.subject_did) ∧ HolderBind(r.holder_binding_method, r.cryptosuite_id)

V_preservation — 30-year floor + Design A encrypted backup (QPSP does not hold decryption key) + Design B excluded

SA2 dual-track preservation must adopt Design A (QPSP holds encrypted backup and integrity evidence chain; holder holds the only decryption key) + Design C (threshold signatures, recommended starting point t=2 / n=3, with configurable space) mixture, excluding Design B (multi-sig escrow with court override; third-party independent key exercise violates CRPD §28). The 30-year floor is an "analytical recommendation value," not a "normative hard constraint," limited to "OECD and CRPD states parties without declared reservations." The normative floor should cite eIDAS implementing acts or domestic law. When preservation_layer ≠ holder-controlled, timestamp_token must be non-null (IETF RFC 3161 TSP or RFC 5816 upgraded version). The third-party notary in the dual-track design is positioned as "preservation agent" (avoid using "trust intermediary" language) — does not hold the decryption key and does not substitute the holder.

V_preservation: r.preservation_layer ∈ {holder-controlled, QPSP, dual} ∧ (now − r.timestamp_decided) ≤ r.retention_floor ∧ (r.preservation_layer ≠ holder-controlled → r.timestamp_token ≠ null) ∧ Design ∈ {A, C, A⊕C} ∧ Design ≠ B

V_admissibility — three-jurisdiction branching + chooser_signature + chain-of-custody log

SA3 court admissibility branches into three tracks by jurisdictional_profile — us-fre-901b9 requires qualified_person_attestation ≠ null (taking the heavier FRE 901(b)(9) process / system description + accuracy proof path, not 902(14) self-authentication) + eu-eidas-art25-35 (amended Chapter III §7–§8) requires timestamp_token ≠ null (QPSP integration) + tw-esign-art4-10 requires chooser_signature satisfying Electronic Signatures Act §4 element completeness. content_hash aligned to retrieved_content is the starting point of the Lorraine five-step test in the ESI framework. The three hearsay rule response paths (verbal act / present sense impression / 803(6) extension) are "preliminary claims"; specific selection is left to case-by-case litigation tactics. Mata v Avianca is a negative precedent — when agent_did ≠ null, agent_delegation_proof and agent_delegation_capability_hash must both be non-null and verifiable back to subject_did.

V_admissibility: ContentHashMatch(r.content_hash, retrieved_content) ∧ (us-fre-901b9 → r.qualified_person_attestation ≠ null) ∧ (eu-eidas-art25-35 → r.timestamp_token ≠ null) ∧ (tw-esign-art4-10 → r.chooser_signature ⊨ §4) ∧ (r.agent_did ≠ null → r.agent_delegation_proof ≠ null ∧ VC_Verify(r.agent_delegation_capability_hash, r.subject_did))

V_recognition — three soft-law anchors in three phases (5 / 10 / 15 years) + Apostille public/private document supplementary argument

SA4 cross-border mutual recognition must connect through recognition_chain to three soft-law anchors — OECD AI Principles supplementary guidance (≈ 5-year phase 2026–2031) + CETS 225 supplementary protocol (≈ 10-year phase 2026–2035) + Hague PIL e-APP digital identity extension (≈ 15-year phase 2026–2041). The three-phase timeline is a conditional estimate, order of magnitude — not an absolute sentence. The Apostille public/private document distinction is a gap in the cross-border recognition layer — whether civic receipts qualify as public documents requires supplementary argument: if the issuer is a public authority (National Health Insurance Administration, Long-Term Care Management Centre), it may claim to be a broad public document; if by a private issuer, it is a private document, Apostille does not apply, and cross-border recognition must proceed via the 1965 Service Convention. OECD coverage gaps are "acknowledged" not "predicted" — non-OECD parallel tracks (AU, APEC CBPR, India DEPA, Brazil LGPD, Indonesia PDP, GCC, ASEAN DEFA) are designed as "parallel." Taiwan is not a Hague Apostille signatory; APEC CBPR + Global CBPR Forum is the main acceptance track.

V_recognition: ∀ J₂ ∈ targetJurisdictions(r) , ∃ ra ∈ r.recognition_chain : ra.target = J₂ ∧ Anchor_Valid(ra)  ;  recognition_chain ⊆ {OECD-supp (5y), CETS225-protocol (10y), Hague-eAPP-ext (15y)}  ;  parallel-track for non-OECD

V_thesis_layer — strict distinction between working thesis and strengthened thesis + three critical-path mitigations

F2 adopts the strengthened thesis as the formal position; the working thesis serves only as the starting point of argumentation. The working thesis (without mitigations) empirically fails under either CF2 (persons with dementia degradation) or CF5 (PQC threat) triggering alone. The strengthened thesis (including three critical-path mitigations — crypto-agility by design, third-party trusted preservation service integration, G_recognition^A multi-track fallback) retains core functionality under the extreme scenario of all five CFs triggering simultaneously (third phase: global mutual recognition fails; second phase: OECD-internal mutual recognition partially preserved; first phase: single-primitive cryptographic bearing fully preserved). Three critical-path mitigation deployment timelines — mitigation 1 crypto-agility: 2026–2028 standards integration, 2028–2030 engineering implementation; mitigation 2 QPSP integration: 2026–2028 EU-internal integration, 2028–2030 OECD expansion; mitigation 3 multi-track recognition: 2026–2032 interface coordination, 2032–2040 specific mutual recognition operations.

V_thesis_layer: strengthened_thesis ≜ working_thesis ∧ crypto_agility ∧ QPSP_interface ∧ multi-track_recognition  ;  ∀ CFᵢ , strengthened_thesis ⊨ partial_survival(CFᵢ)  ;  working_thesis ⊭ survive(CF2 ∨ CF5)

V_crpd_audit — CRPD GC1 §29 audit trail obligation (including reverse-use protection)

Fulfilment of CRPD Art 12 GC1 §29 audit trail obligation within the Z₂ scope — the mandatory audit_release_policy must be able to switch between two states: "prior" strict access control (to avoid becoming personal surveillance infrastructure) and "post" court order openable (to avoid blocking relief procedures with access denial). revocation_window ≠ null ∧ revocation_endpoint reachable; §29 independent review is carried by V_receipt C5 + C6 sub-clauses (recognition_chain provides cross-jurisdictional anchors; audit_release_policy provides court order opening conditions). Against the risk of §29 being used in reverse as §12 violation evidence after CF2 triggers, three-layer blocking is adopted — threshold signatures (Design C) + court-anchored backup (wallet after dementia declaration subject to court-approved guardian / supporter anchor) + cognitive endorsement engineering (micro-consent confirmation delay, supporter co-signing mandatory). Exceeding Z₂ and entering Z₃-intrinsic (RT-ℬ ✗ / AA-ℬ ✗ two cells) is the Theorem T2 unreachable boundary — any claim that civic-action-receipts can solve the fundamental accountability problem of AI agents violates this boundary.

V_crpd_audit: hard_constraint(GC1 §29) ∧ Reachable(r.audit_release_policy) under {subject, court_order} ∧ ¬reverse_use(§29 → §12 violation) under strengthened_thesis  ;  T2: ∀ σ , P_degrade(M[RT,ℬ]|σ) > θ₂ ∧ P_degrade(M[AA,ℬ]|σ) > θ₂

Drawing together six layers — the matrix, dependency chain, three objections, six conditions, CRPD constraints, and time staging — the map ultimately argues that engineering limits are not normative limits, and that three things must simultaneously hold before any commitment can be made: the conditional feasibility of four-primitive implementation, the time staging of cross-border governance, and the strict distinction between working thesis and strengthened thesis. For readers in Taiwan: when the TW DIW moves into the LLM-agent phase, if civic receipts engineering is absent, the supported decision evidence chain cannot be reconstructed within the 30-year civil litigation window. Specific recommendations land on: TW DIW v1.0 spec explicitly including QPSP integration provisions + 30-year preservation commitment.

Conditional feasibility of four-primitive implementation. Civic receipts, as the cryptographic bearer of supported / substituted distinguishability within the conditionally delegable zone Z₂, can achieve standardised implementation within 5–10 years under five existing standards pathways: W3C VCDM v2.0 Recommendation (2025-05-15), IETF SD-JWT-VC draft-16 (2026-04-24), W3C BBS Cryptosuite CRD (2026-04-07), EUDI ARF 2025-12 iteration, and IRTF CFRG BBS Signatures draft-07. The formal bearer of implementation is the 14-field schema and V_receipt function's C1–C6 six conditions. Conditional statement — if W3C BBS Cryptosuite reaches Recommendation before 2027 Q1, the first primitive mixed strategy adopts a two-tier division of baseline SD-JWT-VC + advanced BBS+; otherwise baseline reverts to SD-JWT-VC only and BBS+ layering is deferred to 2028. The 30-year floor is an "analytical recommendation value," not a "normative hard constraint," limited to "OECD and CRPD states parties without declared reservations." FRE 902(14) for holder-controlled is not the primary path; the heavier 901(b)(9) path is taken instead. The Apostille public/private document distinction constitutes a gap in the cross-border recognition layer; whether civic receipts qualify as public documents requires supplementary argument.

Cross-border governance time staging. Cross-border mutual recognition advances through the G_recognition^A soft-law layer in three phases of 5 / 10 / 15 years — OECD AI Principles supplementary guidance 2029–2031, CETS 225 supplementary protocol 2030–2035, Hague PIL e-Apostille digital identity extension 2038–2041. The timeline is a conditional estimate, order of magnitude — not an absolute sentence. OECD covers approximately 65% of global GDP but only approximately 18% of global population; OECD coverage gaps are acknowledged, not predicted. Non-OECD parallel tracks (AU, APEC CBPR, India DEPA, Brazil LGPD, Indonesia PDP, GCC, ASEAN DEFA) are designed as "parallel" not "substitute." The EUDI mandatory phase is an accelerator for the OECD 5-year pathway. Taiwan's specific bearing: APEC CBPR + Global CBPR Forum is the main acceptance track for non-OECD / non-CoE / non-EU. Under CF4 triggering, cross-strait structural breakage is F2 thesis's weakest commitment to Taiwan scenarios — the three scenarios (mainland-born spouses' rights protection, Taiwan businesspeople's long-term residency receipts, cross-strait investor rights protection) simultaneously exhibit structural breakage, and SA4 mitigation design can only provide downgraded interoperability, not equivalent mutual recognition.

Strict distinction between working thesis and strengthened thesis, with three critical-path mitigations bearing the survival gap. F2 working thesis (without mitigations) empirically fails under either CF2 or CF5 triggering alone; F2 strengthened thesis (including three critical-path mitigations — crypto-agility by design, third-party trusted preservation service integration, G_recognition^A multi-track fallback) retains core functionality under the extreme scenario of all five CFs triggering simultaneously (third phase: global mutual recognition fails; second phase: OECD-internal mutual recognition partially preserved; first phase: single-primitive cryptographic bearing fully preserved). F2 main text adopts the strengthened thesis as the formal position; the working thesis serves only as the starting point of argumentation. Regarding CRPD GC1 §29 audit trail obligation — the strengthened thesis fulfils it within Z₂ via the four primitives; beyond Z₂ entering Z₃-intrinsic (RT-ℬ ✗ and AA-ℬ ✗ two cells) it is unfulfillable — this is the unreachable boundary of cryptographic primitives against ontological structure (Theorem T2). A specific warning for Taiwan's TW DIW before entering the LLM-agent phase — if civic receipts engineering is absent, the supported decision evidence chain cannot be reconstructed within the 30-year civil litigation window; DIW v1.0 spec should explicitly include QPSP integration provisions + 30-year preservation commitment.

Final form:
  Receipt(r) ≜ ⟨cryptosuite_id, holder_did, agent_did?, deliberation_hash, retention_floor,
                jurisdictional_profile, audit_release_policy, recognition_chain, ...⟩  (14 group / 23 leaf)

  V_receipt(r) ⇔ ⋀_{i=1..6} Cᵢ(r)
              ⇔ V_cryptosuite(r) ∧ V_preservation(r) ∧ V_admissibility(r) ∧ V_recognition(r)         (T3)
              ⇔ ex_ante_deliberation(r) ∧ ex_post_reversibility(r) ∧ decision_trace(r)               (T4)

  CriticalPath : SA1 → SA2 → SA3 → SA4   (linear verification closure with deterministic D1, D2, D3)
  FeedbackLoop : SA4 → SA1               (jurisdictional_profile reverse-constrains AcceptedSuites(τ))

  Cryptosuite ∈ {SD-JWT-VC (RFC 9901 + draft-16, MUST baseline),
                 BBS+ (W3C CRD, conditional advanced — IF W3C Rec by 2027 Q1 ELSE 2028),
                 ZK-SNARK (Explorer Note, narrow profile, F3 issue)}
  Preservation = {holder-controlled} ⊕ {QPSP encrypted backup, threshold signatures t=2/n=3}
                 ;  retention ≥ 30y  (limited to "OECD + CRPD states parties without declared reservations")
                 ;  Design ∈ {A, C, A⊕C}  ;  Design B ⊨ violates CRPD §28
  Admissibility-profile(j) ∈ {us-fre-901b9 (901(b)(9) heavier path),
                              eu-eidas-art25-35 (amended Chapter III §7-§8),
                              tw-esign-art4-10}
                            ;  hearsay-response ∈ {verbal_act, present_sense_impression, 803(6)-ext}
                            ;  Apostille(receipt) ⇔ public_document(issuer)  (public/private document gap)
  Recognition-anchor ∈ {OECD-supp (≈ 5y, 2029-2031), CETS225-protocol (≈ 10y, 2030-2035),
                         Hague-eAPP-ext (≈ 15y, 2038-2041)}
                      ;  parallel-track for non-OECD ≜ recognition ¬ prediction

  T1 (Z₂ coverage lemma)         : ∀ cell ∈ M[i,j] (✓ ∪ △) , ∃ σ ⊆ {SA1..SA4} : P_degrade(cell|σ) ≤ θ₂ ≈ 0.7
  T2 (Z₃-intrinsic unreachable) : ∀ σ , P_degrade(M[RT,ℬ]|σ) > θ₂ ∧ P_degrade(M[AA,ℬ]|σ) > θ₂

  CF1..CF5 ⇒ working_thesis ≠ strengthened_thesis
  strengthened_thesis ≜ working_thesis ∧ crypto_agility ∧ QPSP_interface ∧ multi-track_recognition
                      ⊨ partial_survival(CF1 ∧ CF2 ∧ CF3 ∧ CF4 ∧ CF5)
  working_thesis ⊭ survive(CF2 ∨ CF5)

  CRPD GC1 §29 ≜ hard_constraint(audit_trail)
  ¬ reverse_use(§29 → §12 violation) under strengthened_thesis
  Z₂ ⊨ V_receipt-deployable   ;   Z₃-intrinsic ⊭ V_receipt-deployable   (T2 boundary)

  Time-staging:
    crypto-agility   :  2026-2028 standards integration / 2028-2030 engineering implementation
    QPSP interface   :  2026-2028 EU-internal integration / 2028-2030 OECD expansion
    multi-track recog:  2026-2032 interface coordination / 2032-2040 specific mutual recognition operations

Argdown

Formal Render

HTML Source

Civic Receipts and Provenance Chain: Auditable Engineering Primitives for the Conditionally Delegable Zone Argdown graph

Source

===
title: Civic Receipts 與證據鏈：條件可委任區的可審計工程原語
subTitle: Civic Receipts and Provenance Chain — Argument Map (v2)
slug: 2026-05-11-civic-receipts-provenance
author: research-article-pipeline argdown export
model:
  removeTagsFromText: true
===

# Central Thesis

[Core Thesis]
  + <Formal Core>
  + [Accepted]
  + <P1>
  + <P2>
  + <P3>
  + <P4>
  + <P5>
  + <Causal Chain>
  + [Deployment Conditions]
  + <Conclusion>
  - [Rejected]
    - [Accepted]
  + [Accepted]
  - [Objection 1]
    - <Reply 1>
  + <Reply 1>
  - [Objection 2]
    - <Reply 2>
  + <Reply 2>
  - [Objection 3]
    - <Reply 3>
  + <Reply 3>

[Core Thesis]: civic receipts 是條件可委任區 Z₂ 中 supported substituted 可區分性的密碼學承載 落地需四原語 SA1-SA4——baseline SD-JWT-VC 加上條件性高階 BBS Cryptosuite 由 verifier policy 反向約束的混合策略 holder-controlled 為主搭配第三方 qualified preservation service 加密 backup 的雙軌設計，保存時長下限為 30 年（限「無聲明保留之 OECD 與 CRPD 締約國」範圍） 法庭可採性對接 US FRE 901(b)(9)、eIDAS 2024 1183 Chapter III 7-8、台灣電子簽章法 4 10，跨境承認透過 Hague e-APP 跨境互認透過 G recognition A 軟法層 5 10 15 年三段推進。四原語對 F1 3 5 3 矩陣 9- 與 4- cell 在 Z₂ 範圍內覆蓋（定理 T1），對 Z₃-intrinsic 兩 cell（RT-ℬ AA-ℬ ）為密碼學原語不可達邊界（定理 T2）。SA1 SA2 SA3 SA4 為驗證依賴線性閉包，SA4 SA1 為設計階段反饋環路。working thesis 與 strengthened thesis 嚴格區分 後者透過 crypto-agility by design、第三方 trusted preservation service 對接、G recognition A 多軌備援三大緩解 critical path 在五 CF 全觸發下保留核心功能。 #thesis

<Formal Core>: Formula Receipt(r) cryptosuite id, holder did, agent did , deliberation hash, retention floor, jurisdictional profile, audit release policy, recognition chain, ... (14 group 23 leaf) V receipt(r) V cryptosuite(r) V preservation(r) V admissibility(r) V recognition(r) (T3) ex ante deliberation(r) ex post reversibility(r) decision trace(r) (T4) CriticalPath SA1 SA2 SA3 SA4 (linear verification closure) FeedbackLoop SA4 SA1 (jurisdictional profile 反向約束 AcceptedSuites(τ)) Distinguishability(supported, substituted) ex ante ex post rev trace CRPD GC1 29 hard constraint(audit trail) Cryptosuite SD-JWT-VC (baseline) , BBS (advanced, conditional on W3C Rec) , ZK-SNARK (narrow profile, F3 議題) Preservation holder-controlled QPSP encrypted backup, threshold signatures retention 30y (限「無聲明保留之 OECD CRPD 締約國」) Admissibility-profile(j) us-fre-901b9 , eu-eidas-art25-35 (修正後 Chapter III 7-8) , tw-esign-art4-10 Recognition-anchor OECD-AI-Principles-supplement ( 5y) , CETS-225-protocol ( 10y) , Hague-e-APP-extension ( 15y) T1 (Z₂ 包覆引理) cell M i,j ( ) , σ SA1..SA4 P degrade(cell σ) θ₂ 0.7 T2 (Z₃-intrinsic 不可達) σ , P degrade(M RT,ℬ σ) θ₂ P degrade(M AA,ℬ σ) θ₂ StressTest CF1..CF5 working thesis strengthened thesis strengthened thesis working thesis crypto agility QPSP interface multi-track recognition Caption civic-action-receipt 由 14 個欄位群 23 個 leaf field 承載，V receipt 由 C1-C6 六道條件合取定義，定理 T3 把它拆為四原語子句、定理 T4 把它對應到 F1 三層可區分性。SA1 SA2 SA3 SA4 為驗證依賴線性閉包，SA4 SA1 是 jurisdictional profile 反向約束 cryptosuite 集合的設計階段環路。Z₂ 範圍內 9- 與 4- cell 由四原語覆蓋（T1），Z₃-intrinsic 兩 cell（RT-ℬ AA-ℬ ）為定理 T2 不可達邊界。五個反事實壓力測試把 working thesis 與 strengthened thesis 拉開——後者透過三大緩解 critical path（crypto-agility QPSP 對接 多軌承認）在 5 CF 全觸發下保留核心功能。 #formal

[Accepted]: civic-action-receipt 是 (Subject, Verifier) Audit 方向的 commitment 物件，由 14 欄位 schema V receipt 六道條件 四原語落地承載. civic-action-receipt 與 VP 的形式位置不同——VP 是 Subject Verifier 方向的 disclosure 物件，receipt 是 (Subject, Verifier) Audit 方向的 commitment 物件，由 verifier 端產出、holder 端與 audit trail 端各保留一份。schema 為 14 個欄位群（巢狀展開合計約 23 個 leaf field），繼承 F1 5.4 DeliberationRecord 與 7.3.1 enabling envelope，新增 9 個欄位群對應 SA1-SA4 四原語的工程承載（cryptosuite id preservation layer retention floor content hash qualified person attestation jurisdictional profile recognition chain cross border envelope）。V receipt 由 C1-C6 六道條件合取定義，定理 T3 把它拆為四原語子句、定理 T4 把它對應到 F1 三層可區分性（ex ante deliberation ex post reversibility decision trace）。 #accepted

[Rejected]: civic-action-receipt 可化約為 VC Presentation 加 audit log. 把 civic-action-receipt 視為 W3C VCDM v2.0 5.7 7.1 範疇下 VP 的別名，由 wallet 端在每次出示時寫入 audit log 即完成。在這個分類下，supported substituted 區分由 wallet UI 承擔，跨境互認由 EUDI Wallet ARF OpenID4VP 三件套覆蓋，30 年保存與法庭可採性是「下游」工程議題、不影響 schema 設計。混淆 VP 與 receipt 會帶來兩個論證代價——其一，VCDM v2.0 5.7 對 ZKP 採「合成自原始 VC 但不含原始資料」的表述，audit trail 對「可被 court order 解開的 content hash 對位」需求即無從成立，正面違反 CRPD GC1 29 independent review 程序要求 其二，FRE 902(14) 的 process of digital identification 在 Advisory Committee Note 中以 hash value comparison 為典型例，VP 本身不含 hash 對位欄位，receipt 必須含 content hash 才能符合 902(14) 的工程化條件。 #rejected

<P1>: Title 14 個欄位群 schema 與 V receipt 函數構成四原語的形式骨架 Section 3 — 演繹（14 欄位 schema V receipt 六道條件 定理 T1-T4） Role 提供合取分析骨架——若 schema 與 V receipt 不能形式化為函數，四原語只能停在語言層 若四原語在 F1 5 3 矩陣的對應 cell 不明示，T1 包覆引理與 T2 不可達引理就只是修辭。 把 F1 5.4 DeliberationRecord（11 個欄位群）與 7.3.1 enabling envelope 合併得到 14 個欄位群 schema，巢狀展開合計約 23 個 leaf field。schema 採兩層計數規約——「欄位群」為最上層命名單元、「leaf field」為展開至基本型別之終端條目 繼承自 DR ENV 共 11 群、新增 9 群（計數以最強歸屬計），與 leaf 層 1.22 1 比例對位。新增欄位均對應具體 sub-arg 工程需求 cryptosuite id 對應 SA1 mixed strategy 三時點協商、preservation layer retention floor 對應 SA2 雙軌設計、content hash qualified person attestation 對應 SA3 FRE 901(b)(9) 對接、jurisdictional profile 對應 SA3 三法域分軌、recognition chain cross border envelope 對應 SA4 軟法層三段、audit release policy 對應 GDPR Art 5(1)(b)(c) 與 EDPB Statement 1 2024。V receipt 由 C1（cryptosuite robustness） C2（agent-vs-holder distinguishability） C3（preservation） C4（admissibility） C5（recognition） C6（revocability）六道條件合取定義，τ 為 receipt 被驗證的當下時間，AcceptedSuites(τ) 是 τ 時點仍未被破解且仍在 SDO 認可清單內的 cryptosuite 集合。四原語對 F1 5 3 矩陣 9- 與 4- cell 在 Z₂ 範圍內覆蓋（T1 包覆引理） 對 RT-ℬ 與 AA-ℬ 兩 cell 為密碼學原語不可達邊界（T2 不可達引理） 定理 T3 把 V receipt 拆為四原語子句、定理 T4 把它對應到 F1 三層可區分性。 Finding 14 欄位 schema 與 V receipt 函數構成 F2 四原語的形式骨架 T1 與 T2 把覆蓋邊界與不可達邊界同時釘住，下游 writer 不可主張 civic-action-receipt 能解決 AI 代理根本責任問題（違反 T2）。 Formal schema 14 group 23 leaf V receipt(r) i 1..6 Cᵢ(r) T1 cell ( ) , σ P degrade(cell σ) θ₂ T2 σ , P degrade(M RT,ℬ σ) θ₂ P degrade(M AA,ℬ σ) θ₂ #pillar

<P2>: Title 混合策略是 verifier policy 反向約束的工程結構，三時點決策承擔協商 Section 4 — 歸納 因果（SD-JWT-VC BBS ZK-SNARK 三族 verifier policy 三時點） Role 提供 SA1 cryptosuite 選擇的工程基底——若三族技術不被明示為「規範成熟度 簽章大小 驗證成本 unlinkability quantum-safe hardware key custody 六維各有取捨」，「BBS 為高階」的條件成立分層會被讀成 marketing 若 mixed strategy 被當作「同份 credential 同時帶三族簽章」會錯失工程結構。 SD-JWT-VC 屬 IETF OAuth WG 軌道，RFC 9901（2025-04） draft-16（2026-04-24）穩定，EUDI Wallet ARF 2025-12 iteration 2.3.1 明文 MUST 支援 hardware key custody 全面支援（Secure Enclave StrongBox TPM），PQC 遷移直接（換 ML-DSA Falcon 即可），但無 unlinkability。BBS Cryptosuite 屬 W3C VC WG 軌道，W3C vc-di-bbs 於 2026-04-07 進入 CRD、IRTF CFRG draft-07 於 2025-08 通過 Last Call、W3C VC WG 2025-10 charter renewal 對 Recommendation 時程的字眼為「best-effort Q4 2026 Q1 2027」 原生 multi-message selective disclosure unlinkable proof generation，但 Secure Enclave StrongBox TPM 不原生支援 BLS12-381，prover 須在 application memory 執行 BLS12-381 在量子電腦下不安全、無近期 PQC 替代路徑。ZK-SNARK on VC 屬廠商實作軌道，W3C Explorer Note (2024-09) 明文標示「not on Recommendation track」，定位為 complex predicate 專用 advanced narrow profile，不替代 baseline。「BBS 為高階」採規範性的、條件成立的分層論述——條件為 W3C BBS Cryptosuite 達 Recommendation 若 2027 Q1 前未達，baseline 退回到只用 SD-JWT-VC、BBS 分層推遲到 2028。mixed strategy 是 verifier policy 反向約束 issuer 與 holder 選擇的工程結構，由三個時點承擔——(a) issuance-time（issuer 選 cryptosuite，一張 credential 用一族） (b) presentation-time（holder 從 wallet 多份 credentials 挑選符合 verifier policy 的呈現方式） (c) verification-time（verifier 接受或拒絕，並回傳 fallback 提示）。協商通道為 OpenID4VP draft-23 DIF Presentation Exchange v2.1。 Finding 三族技術的工程版圖決定 SA1 mixed strategy 的承載結構 verifier policy 三時點協商是 SA1 對 SA2-SA4 三條下游原語產生工程約束的具體機制，hardware key custody 在 BBS 的工程缺口為 11 open question O9（ARM TrustZone BBS prover）議題。 Formal Cryptosuite SD-JWT-VC (RFC 9901 draft-16, MUST baseline), BBS (CRD, conditional advanced), ZK-SNARK (Explorer Note, narrow profile) MixedStrategy issuance-time, presentation-time, verification-time verifier-policy reverse-constrains AcceptedSuites(τ) #pillar

<P3>: Title 30 年下限由三規範性窗口聚合推導，雙軌設計排除設計 B Section 5 — 溯因（30 年下限三窗口推導 三失效模式 設計 A B C） Role 提供 SA2 長期保存的溯因論證——從 supported decision-making 的 30 年規範要求反推工程設計判準。若 30 年下限沒有三窗口推導，「分析性建議數」會退化為任意選擇 若設計 B 不被明示排除，court override 第三方獨立行使私鑰會把 SA2 整體拉回 CRPD 28 substituted 禁令範圍。 30 年下限採規範性與經驗性兩類證據的下限均衡推導，由三規範性窗口的最大值聚合——(i) CRPD 給付請領訴訟時效（德國 BGB 197(1) Nr. 1 對確定判決所確認之退休給付請求權 30 年 SGB I 45 未告知延長，取窗口最大值 30 年） (ii) 失能監護宣告爭議的回溯期（極端案例 30 年） (iii) Toeslagenaffaire 級事後追溯期（自行推估事後 8 年發現 14 年救濟長尾共 22 年）。三窗口聚合落在 22-30 年區間，本文取 30 年並限定為「無聲明保留之 OECD 與 CRPD 締約國」範圍（明示印度 DPDP、巴西 LGPD、印尼 PDP、Aadhaar UIDAI 短時效不普適）。holder-only 設計在三場景下失效——失智症（CDR 2 後 wallet 私鑰失能） 裝置遺失 損壞 OS 強制更新 死亡後 digital estate（RUFADAA 假設 fiduciary 能拿到 credentials，self-custody wallet 在缺乏 continuing instructions to fiduciary 時 fiduciary 無法取得）。三種雙軌設計比較中——設計 A（第三方持加密 backup，holder 持唯一解密鑰） 設計 C（threshold signatures，建議起點 t 2 n 3）通過 CRPD 28 檢驗 設計 B（multi-sig escrow with court override，第三方獨立行使私鑰）直接違反 28 對 substituted 的禁令，本文不採。第三方公證人在雙軌設計下採「保存代理」定位——QPSP 持加密 backup 與完整性證據鏈，不持解密鑰，不替代 holder。Estonia X-Road 25 年保存實踐 北歐 BankID 死亡持卡人處理（家屬須提供死亡證明 繼承資格 skifteattest 既存識別資料）構成案例證據。 Finding 30 年下限為「分析性建議數」而非「規範性硬約束」，限定範圍明示 設計 A 與設計 C 通過 28 檢驗、設計 B 違反，雙軌設計採「日常 holder-controlled 法庭 holder 第三方共管 爭議全程第三方主管」三層方案。 Formal retention floor max(W CRPD claim, W capacity dispute, W Toeslagen) 30y scope OECD CRPD party reserved Design A (QPSP encrypted backup) C (threshold t n) Design B violates CRPD 28 #pillar

<P4>: Title 法庭可採性對接 FRE 901(b)(9) eIDAS 修正後 7- 8 台灣電子簽章法 4- 10，Apostille 公私文書區分為破口 Section 6 — 歸納 類比（三法域對接 ESI 類比 Apostille 公私文書區分） Role 提供 SA3 法庭可採性的對接結構——若三法域 admissibility profile 不被明示對位，jurisdictional profile 欄位即無語義邊界 若 ESI 類比的限制不被釘住，Sedona Principles 6 11 對 receipts 揭露範圍與 metadata 邊界的混用會掏空 chooser signature 工程 若 Mata v Avianca 不被定位為負面先例，agent-mediated receipts 在缺乏 chooser signature 時可能被法院視為 ChatGPT 幻覺紀錄整批不採。 三法域對接表把 admissibility profile 拆為三軌——US 採 FRE 901, 902(14), 803(6) Lorraine v Markel ESI authentication 五步測試 Daubert 五因子 EU 採 Regulation (EU) 2024 1183 Chapter III 7（preservation 前身 Art 33-34） 8（QES 自動等同手寫簽章 前身 Art 35） ETSI TS 119 511 512 台灣採電子簽章法 4 10 民訴法 363 363-1 條 行政院 2026 修正草案（立法院審議中）。holder-controlled receipts 不走 FRE 902(14) 自證真實，改走 FRE 901(b)(9)「process or system 描述 accuracy 證明」較重路徑，由 chooser signature audit-by-design revocation endpoint 三件套承擔。ESI 類比有限——FRCP 26(f) 34(b) Sedona Principles 預設「enterprise records」，civic receipts 預設「holder-controlled assertion」帶有訴訟動機 FRE 803(6) hearsay rule 對 receipts 有三條應對路徑——verbal act（行為之發生，落出 hearsay 適用範圍） present sense impression（FRE 803(1)，由 timestamp proposed decided presented 三時點承載） 803(6) 擴張（Grimm-Capra-Joseph 2017 主張個人 regularly conducted personal record-keeping）。Mata v Avianca, 22-cv-1461 (S.D.N.Y. 2023) 是負面先例 反面教材而非合法樣板——任何 agent-mediated receipt 若無 chooser signature 明示 holder 在場簽署，可能被法院視為 ChatGPT-style 幻覺紀錄整批不採 schema 將 agent did 設計為 nullable、要求 agent did null 時 agent delegation proof 與 agent delegation capability hash 兩欄位皆非 null 且可驗證至 subject did，即此負面先例的工程修正。Apostille 公私文書區分為跨境承認層破口——civic receipt 若由公權力機關（如健保署、長照管理中心）為 issuer，可主張屬廣義 public document 由私人 issuer 則屬私文書，Apostille 不適用、跨境承認須改走 1965 服務公約或個案外交認證。Daubert 五因子在 BBS 與 ZK-SNARK 上的張力——BBS 第四、第五因子（standards general acceptance）有舉證壓力，須援引 Tessaro-Zhu (2023) EUROCRYPT 與 Camenisch-Drijvers-Lehmann (2016) TRUST 安全證明 ZK-SNARK 在 federal civic-action 場景未建立 general acceptance，定位為 narrow profile。 Finding SA3 法庭可採性對接三法域有明確路徑，Apostille 公私文書區分構成跨境承認層破口（civic receipts 是否屬 public document 須補論） Mata v Avianca 為負面先例，chooser signature 工程是回應此負面先例的具體修正 hearsay rule 三條應對路徑為「初步主張」並列入 11 open question。 Formal jurisdictional profile us-fre-901b9, eu-eidas-art25-35 (修正後 7- 8), tw-esign-art4-10 holder-controlled 901(b)(9) 較重路徑 ( 902(14)) hearsay-response verbal act, present sense impression, 803(6)-extension Apostille(receipt) public document(issuer) #pillar

<P5>: Title G recognition A 軟法層分三段、OECD 外覆蓋空白為承認而非預測 Section 7 — 類比 前瞻（5 10 15 年三段時程 非 OECD 並行軌） Role 提供 SA4 跨境互認的治理回應——若 FTLA 第三層 G recognition A 不被拆為 OECD AI Principles 補充指引 5 年期、CETS 225 補充協議 10 年期、Hague PIL e-APP extension 15 年期三段，整層估計會被「跨境治理永遠是政治不可行」反論掏空 若 OECD 外覆蓋空白不被明示為「承認」而非「預測」，非 OECD 並行軌的設計會被誤讀為西方中心主義的補丁。 G recognition A 在 F1 7.8 既有用法為 10-15 年總體估計，F2 拆為三段——(i) OECD AI Principles 補充指引（5 年期 2026-2031） 2026-2027 OECD AI Working Party 將 civic receipts 列入工作項、2027-2029 OECD 發布 supplementary guidance、2029-2031 OECD AI Principles 第二輪修訂寫入 Principle 1.5 accountability implementation guidance 條件變項為 OECD 內政治意願不中斷、至少一個 leading member 率先採納、G7 Hiroshima Process Friends Group 不中斷。(ii) CETS 225 補充協議（10 年期 2026-2035） 2027-2028 Conference of Parties 啟動議題、2028-2030 Drafting Committee 草擬、2030-2032 Committee of Ministers 通過、2032-2035 補充協議生效 條件變項為 CETS 225 簽署國維持簽署地位、CoE 補充協議起草歷史平均耗時 5-8 年構成下限。(iii) Hague PIL e-Apostille extension（15 年期 2026-2041） 2026-2028 Special Commission 列入工作項、2028-2031 Permanent Bureau preliminary document、2031-2034 通過 Recommendations、2034-2041 各國內法 implementation 與全面運作 Apostille 概念之根本擴展可能不適合 HCCH 保守風格、亦可能改走 1965 服務公約之數位化，是「最有可能」而非「唯一可能」。OECD 涵蓋全球 GDP 約 65% 但人口僅約 18%（F1 7.5.4），三條軟法路徑均存在 OECD 外覆蓋空白 OECD 外覆蓋空白為「承認」而非「預測」、並非透過 SA4 可消除的不可消除邊界。非 OECD 並行軌設計——(a) AU Continental AI Strategy 2024（mobile-money foundational ID 整合） (b) APEC CBPR Global CBPR Forum 2024 Declaration（對台灣特別重要——非 OECD 非 CoE 非 EU 之主要承接軌道） (c) 印度 DEPA consent artefact（與 civic-action-receipt 結構同構，schema-level functional equivalence 待 DEPA 規範文本進一步公開） (d) 巴西 LGPD ANPD adequacy 印尼 PDP GCC Mutual Recognition Initiative ASEAN DEFA。EUDI 強制階段（Regulation (EU) 2024 1183 Art 5a 要求 2026-12 起會員國強制提供）為 OECD 5 年路徑 accelerator。軟法歷史轉化軌跡——1980 OECD Privacy Guidelines 2018 GDPR 經 38 年 1990 OECD Cryptography Guidelines 2001 Budapest Cybercrime Convention 經 11 年 2019 OECD AI Principles 2024 CETS 225 經 5 年 轉化路徑存在但變項是政治意願與時間。 Finding G recognition A 三段時程為條件性估計、order of magnitude，非絕對句式 OECD 外覆蓋空白為承認非預測 對台灣的具體承載——APEC CBPR Global CBPR Forum 為主要承接軌道 CF4 觸發下兩岸軌結構性斷裂為 F2 thesis 對台灣場景的最弱承諾。 Formal G recognition A anchor OECD ( 5y), anchor CETS225 ( 10y), anchor Hague ( 15y) parallel-track AU, APEC-CBPR, India-DEPA, LGPD, PDP, GCC, ASEAN-DEFA OECD-coverage-gap recognition prediction #pillar

<Causal Chain>: Title 四原語驗證依賴 SA1 SA2 SA3 SA4 線性閉包 SA4 SA1 設計階段反饋環路 D1 (deterministic) SA1 SA2 形式條件 preservation 對 30 年後 verifier 仍可驗證，iff cryptosuite 在 retention floor 期間內 hash signature 未被破解、或 QPSP 執行 timestamp 重簽（V preservation(r) Crypto Robust(r.cryptosuite id, r.retention floor) TimestampReseal(r.timestamp token, r.retention floor)）。SD-JWT-VC 的 JOSE 簽章在 30 年內可重新驗證、BBS 在 BLS12-381 公鑰的 30 年保存上需 accumulator 狀態持續維護——cryptosuite 選擇結構性決定 preservation 工程負擔。 D2 (deterministic) SA2 SA3 形式條件 admissibility 要求 receipt 在訴訟發生時可被「再現 驗證」，preservation 是 admissibility 的前置條件（V admissibility(r) V preservation(r) ContentHashMatch(r.content hash, retrieved content) QualifiedPersonCertification(r.qualified person attestation)）。若 receipt 在訴訟提起前已被竄改或遺失，FRE 902(14) 的 process of digital identification 不成立——preservation 結構性決定 admissibility 可能性。 D3 (deterministic) SA3 SA4 形式條件 跨境互認要求 receipt 在來源法域 J₁ 已具備 admissibility、且目標法域 J₂ 透過 recognition mechanism 承認 J₁ 的 admissibility（V recognition(r, J₁, J₂) V admissibility(r) under J₁ Recognize(J₂, J₁, r.jurisdictional profile) ra r.recognition chain ra.target J₂）。單一法域內 admissibility 結構性決定跨境承認的可能性。 F1 (probabilistic) SA4 SA1 反饋環路（設計階段約束） jurisdictional profile 反向約束 AcceptedSuites(τ) 集合。FRE 902(14) 自證真實對「數位簽章」的承認以 NIST-approved algorithm 為前提——SD-JWT-VC 的 ES256 EdDSA 屬於 NIST-approved，BBS over BLS12-381 不在 FIPS 186-5 範圍，902(14) 自證真實對 BBS 屬未確定（無判例）。形式語義（lattice over (cryptosuite, jurisdiction) 對）歸 11 open question O1，但反饋環路在設計階段已實證可見。 T-CRPD (probabilistic) CRPD 29 audit trail 義務的時間性依賴 30 年 retention floor 5-10 年 PQC migration 35-40 年 若 cryptographically relevant quantum computer 在 2035-2045 出現（主流估計區間），2026-2035 期間生成的 receipts 在 2045-2055 期間 verification 不安全（Mosca s theorem 機制）。crypto-agility by design（cryptosuite 抽象層 hybrid signing during transition archive re-anchoring 自動化）是緩解路徑，但 BBS 的 PQC 替代（lattice-based unlinkable signature, Bootle et al. 2024 後續）仍在 IACR ePrint 研究級階段。 T-Feedback (probabilistic) CRPD GC1 29 12 反向使用環路 CF2 觸發後（失智長者 receipts 集體失效），CRPD Committee 援引 29 audit trail 要求作為 12 違反證據——civic receipts 工程未能區分 supported substituted 即構成 Art 12 違反證明而非合規證明。strengthened thesis 透過三大緩解 critical path（threshold court anchor cognitive endorsement engineering）阻擋此反向使用 working thesis 在 CF2 觸發下實證失效。 #chain

[Deployment Conditions]: 把 civic receipts 四原語翻譯成可被檢驗的工程或法律義務，必須通過六道條件. deployable receipt(r) V cryptosuite(r) V preservation(r) V admissibility(r) V recognition(r) V thesis layer(r) V crpd audit(r) #conditions

<C1>: Title V cryptosuite — mixed strategy 三時點決策 AcceptedSuites(τ) 時點演化 SA1 cryptosuite 選擇須採 mixed strategy 三時點決策——(a) issuance-time decision（issuer 選 cryptosuite，一張 credential 用一族） (b) presentation-time decision（holder 從 wallet 多份 credentials 挑選符合 verifier policy 的呈現方式） (c) verification-time decision（verifier 接受或拒絕，並回傳 fallback 提示）。協商通道為 OpenID4VP draft-23 client metadata.vp formats supported DIF Presentation Exchange v2.1 submission requirements AcceptedSuites(τ) 在 τ 時點演化規則歸 G industry A 層，由 SDO 機制設計（ 11 open question O2）。「BBS 為高階」為條件成立分層——若 2027 Q1 前 W3C BBS Cryptosuite 未達 Recommendation，baseline 退回到只用 SD-JWT-VC、BBS 分層推遲到 2028。hardware key custody 在 BBS 的工程缺口可透過 ARM TrustZone BBS prover 部分緩解（ 11 open question O9）。 Formal V cryptosuite r.cryptosuite id AcceptedSuites(τ) SigVerify(r.chooser signature, r.subject did) HolderBind(r.holder binding method, r.cryptosuite id) #condition

<C2>: Title V preservation — 30 年下限 設計 A 加密 backup（QPSP 不持解密鑰） 排除設計 B SA2 雙軌保存須採設計 A（QPSP 持加密 backup 與完整性證據鏈、holder 持唯一解密鑰） 設計 C（threshold signatures，建議起點 t 2 n 3，並開放配置空間）混合，排除設計 B（multi-sig escrow with court override，第三方獨立行使私鑰違反 CRPD 28）。30 年下限為「分析性建議數」而非「規範性硬約束」，限定為「無聲明保留之 OECD 與 CRPD 締約國」範圍 規範性下限應引自 eIDAS implementing acts 或國內法。preservation layer holder-controlled 時 timestamp token 須非 null（IETF RFC 3161 TSP 或 RFC 5816 升級版）。第三方公證人在雙軌設計下採「保存代理」定位（避用「中介信任」措辭），不持解密鑰、不替代 holder。 Formal V preservation r.preservation layer holder-controlled, QPSP, dual (now r.timestamp decided) r.retention floor (r.preservation layer holder-controlled r.timestamp token null) Design A, C, A C Design B #condition

<C3>: Title V admissibility — 三法域分軌 chooser signature chain-of-custody log SA3 法庭可採性按 jurisdictional profile 三軌分流——us-fre-901b9 須 qualified person attestation null（走 FRE 901(b)(9) process system 描述 accuracy 證明較重路徑，不走 902(14) 自證真實） eu-eidas-art25-35（修正後 Chapter III 7- 8）須 timestamp token null（QPSP 對接） tw-esign-art4-10 須 chooser signature 符合電子簽章法 4 要件齊備。content hash 對位 retrieved content 是 ESI 框架下的 Lorraine 五步測試起點 hearsay rule 三條應對路徑（verbal act present sense impression 803(6) 擴張）為「初步主張」，具體選擇歸個案訴訟戰術。Mata v Avianca 是負面先例——agent did null 時 agent delegation proof 與 agent delegation capability hash 兩欄位皆非 null 且可驗證至 subject did。 Formal V admissibility ContentHashMatch(r.content hash, retrieved content) (us-fre-901b9 r.qualified person attestation null) (eu-eidas-art25-35 r.timestamp token null) (tw-esign-art4-10 r.chooser signature 4) (r.agent did null r.agent delegation proof null VC Verify(r.agent delegation capability hash, r.subject did)) #condition

<C4>: Title V recognition — 三軟法 anchor 5 10 15 年三段 Apostille 公私文書區分補論 SA4 跨境互認須透過 recognition chain 對接三軟法 anchor——OECD AI Principles 補充指引（ 5y 期 2026-2031） CETS 225 補充協議（ 10y 期 2026-2035） Hague PIL e-APP digital identity extension（ 15y 期 2026-2041）。三段時程為條件性估計、order of magnitude，非絕對句式。Apostille 公私文書區分為跨境承認層破口——civic receipts 是否屬 public document 須補論 若由公權力機關（健保署、長照管理中心）為 issuer 可主張屬廣義 public document 若由私人 issuer 則屬私文書、Apostille 不適用、跨境承認須改走 1965 服務公約。OECD 外覆蓋空白為「承認」而非「預測」——非 OECD 並行軌（AU、APEC CBPR、印度 DEPA、巴西 LGPD、印尼 PDP、GCC、ASEAN DEFA）以「並行」設計。台灣非 Hague Apostille 締約國，APEC CBPR Global CBPR Forum 為主要承接軌道。 Formal V recognition J₂ targetJurisdictions(r) , ra r.recognition chain ra.target J₂ Anchor Valid(ra) recognition chain OECD-supp (5y), CETS225-protocol (10y), Hague-eAPP-ext (15y) parallel-track for non-OECD #condition

<C5>: Title V thesis layer — working thesis 與 strengthened thesis 嚴格區分 三大緩解 critical path F2 採 strengthened thesis 為正式立場、working thesis 僅作為論證起點。working thesis（無緩解版）在 CF2（失智長者退化）或 CF5（PQC 威脅）任一單獨觸發下實證失效 strengthened thesis（含三大緩解 critical path——crypto-agility by design、第三方 trusted preservation service 對接、G recognition A 多軌備援）在五個 CF 全部觸發的極端情境下保留核心功能（第三段全球互認失敗、第二段 OECD 內互認部分保留、第一段單原語密碼學承載完整保留）。三大緩解部署估期——緩解 1 crypto-agility 2026-2028 規範整合、2028-2030 工程實作 緩解 2 QPSP 對接 2026-2028 EU 內整合、2028-2030 OECD 推展 緩解 3 多軌承認 2026-2032 介面協調、2032-2040 具體互認操作。 Formal V thesis layer strengthened thesis working thesis crypto agility QPSP interface multi-track recognition CFᵢ , strengthened thesis partial survival(CFᵢ) working thesis survive(CF2 CF5) #condition

<C6>: Title V crpd audit — CRPD GC1 29 audit trail 義務（含反向使用防護） Z₂ 範圍內 CRPD Art 12 GC1 29 audit trail 義務的履行——強制 audit release policy 須能在「事前」嚴格 access control（避免被作為個人監控基礎設施）、「事後」court order 可解（避免救濟程序受 access denial 阻擋）兩態切換 revocation window null revocation endpoint 可達 29 independent review 由 V receipt C5 C6 子句承載（recognition chain 提供跨法域 anchor、audit release policy 提供 court order 解開條件）。對 CF2 觸發後 29 被反向使用為 12 違反證據的風險，採三層阻擋——threshold signatures（設計 C） court-anchored backup（失智宣告後 wallet 受法院核可監護人 輔助人 anchor） cognitive endorsement engineering（micro-consent 確認延遲、supporter co-signing 強制）。超出 Z₂ 進入 Z₃-intrinsic（RT-ℬ AA-ℬ 兩 cell）為定理 T2 不可達邊界——任何宣稱 civic-action-receipt 可解決 AI 代理根本責任問題的論述都違反此邊界。 Formal V crpd audit hard constraint(GC1 29) Reachable(r.audit release policy) under subject, court order reverse use( 29 12 violation) under strengthened thesis T2 σ , P degrade(M RT,ℬ σ) θ₂ P degrade(M AA,ℬ σ) θ₂ #condition

<Conclusion>: 四原語落地的條件性可行性 。civic receipts 作為條件可委任區 Z₂ 中 supported substituted 可區分性的密碼學承載，在 W3C VCDM v2.0 Recommendation (2025-05-15)、IETF SD-JWT-VC draft-16 (2026-04-24)、W3C BBS Cryptosuite CRD (2026-04-07)、EUDI ARF 2025-12 iteration、IRTF CFRG BBS Signatures draft-07 五條既有規範路徑下，可在 5-10 年內標準化落地。落地的形式承載為 14 欄位 schema 與 V receipt 函數的 C1-C6 六道條件。條件性表述——若 W3C BBS Cryptosuite 在 2027 Q1 前達 Recommendation，第一原語 mixed strategy 採 baseline SD-JWT-VC 高階 BBS 雙層分工 否則 baseline 退回到只用 SD-JWT-VC、BBS 分層推遲到 2028。30 年下限為「分析性建議數」而非「規範性硬約束」、限定為「無聲明保留之 OECD 與 CRPD 締約國」範圍 FRE 902(14) 對 holder-controlled 屬非主路徑、改走 901(b)(9) 較重路徑 Apostille 公私文書區分構成跨境承認層破口、civic receipts 是否屬 public document 須補論。 跨境治理時間階段化 。跨境互認透過 G recognition A 軟法層 5 10 15 年三段推進——OECD AI Principles 補充指引 2029-2031、CETS 225 補充協議 2030-2035、Hague PIL e-Apostille digital identity extension 2038-2041 時程為條件性估計、order of magnitude，非絕對句式。OECD 涵蓋全球 GDP 約 65% 但人口僅約 18%， OECD 外覆蓋空白為承認非預測 ，非 OECD 並行軌（AU、APEC CBPR、印度 DEPA、巴西 LGPD、印尼 PDP、GCC、ASEAN DEFA）以「並行」而非「替代」角度設計。EUDI 強制階段為 OECD 5 年路徑 accelerator。對台灣的具體承載——APEC CBPR Global CBPR Forum 為非 OECD 非 CoE 非 EU 的主要承接軌道 CF4 觸發下兩岸軌結構性斷裂為 F2 thesis 對台灣場景的最弱承諾，三個場景（陸配權利保護、台商長期居留 receipts、兩岸投資人權利保護）同時顯現結構性斷裂、SA4 緩解設計只能提供降級互通而非對等互認。 working thesis 與 strengthened thesis 的嚴格區分，三大緩解 critical path 承擔生存差距 。F2 working thesis（無緩解版）在 CF2 或 CF5 任一單獨觸發下實證失效 F2 strengthened thesis（含三大緩解 critical path——crypto-agility by design、第三方 trusted preservation service 對接、G recognition A 多軌備援）在五個 CF 全部觸發的極端情境下保留核心功能（第三段全球互認失敗、第二段 OECD 內互認部分保留、第一段單原語密碼學承載完整保留）。F2 主文採 strengthened thesis 為正式立場、working thesis 僅作為論證起點。對 CRPD GC1 29 audit trail 義務——strengthened thesis 在 Z₂ 範圍內透過四原語可履行、超出 Z₂ 進入 Z₃-intrinsic（RT-ℬ 與 AA-ℬ 兩 cell）不可履行，這是密碼學原語對存在論結構的不可達邊界（定理 T2）。對台灣 TW DIW 進入 LLM-agent 階段前的具體警示—— 若未具備 civic receipts 工程，supported decision 證據鏈無法在民事訴訟 30 年窗口內被重建 DIW v1.0 spec 應明文 QPSP 對接條款 30 年保存承諾 。 Formal Coda Final form Receipt(r) cryptosuite id, holder did, agent did , deliberation hash, retention floor, jurisdictional profile, audit release policy, recognition chain, ... (14 group 23 leaf) V receipt(r) i 1..6 Cᵢ(r) V cryptosuite(r) V preservation(r) V admissibility(r) V recognition(r) (T3) ex ante deliberation(r) ex post reversibility(r) decision trace(r) (T4) CriticalPath SA1 SA2 SA3 SA4 (linear verification closure with deterministic D1, D2, D3) FeedbackLoop SA4 SA1 (jurisdictional profile 反向約束 AcceptedSuites(τ)) Cryptosuite SD-JWT-VC (RFC 9901 draft-16, MUST baseline), BBS (W3C CRD, conditional advanced — IF W3C Rec by 2027 Q1 ELSE 2028), ZK-SNARK (Explorer Note, narrow profile, F3 議題) Preservation holder-controlled QPSP encrypted backup, threshold signatures t 2 n 3 retention 30y (限「無聲明保留之 OECD CRPD 締約國」) Design A, C, A C Design B violates CRPD 28 Admissibility-profile(j) us-fre-901b9 (901(b)(9) heavier path), eu-eidas-art25-35 (修正後 Chapter III 7- 8), tw-esign-art4-10 hearsay-response verbal act, present sense impression, 803(6)-ext Apostille(receipt) public document(issuer) (公私文書區分破口) Recognition-anchor OECD-supp ( 5y, 2029-2031), CETS225-protocol ( 10y, 2030-2035), Hague-eAPP-ext ( 15y, 2038-2041) parallel-track for non-OECD recognition prediction T1 (Z₂ 包覆引理) cell M i,j ( ) , σ SA1..SA4 P degrade(cell σ) θ₂ 0.7 T2 (Z₃-intrinsic 不可達) σ , P degrade(M RT,ℬ σ) θ₂ P degrade(M AA,ℬ σ) θ₂ CF1..CF5 working thesis strengthened thesis strengthened thesis working thesis crypto agility QPSP interface multi-track recognition partial survival(CF1 CF2 CF3 CF4 CF5) working thesis survive(CF2 CF5) CRPD GC1 29 hard constraint(audit trail) reverse use( 29 12 violation) under strengthened thesis Z₂ V receipt-deployable Z₃-intrinsic V receipt-deployable (T2 邊界) Time-staging crypto-agility 2026-2028 規範整合 2028-2030 工程實作 QPSP interface 2026-2028 EU 內整合 2028-2030 OECD 推展 multi-track recog 2026-2032 介面協調 2032-2040 具體互認操作 #conclusion

# Deployment Conditions

[Deployment Conditions]
  + <C1>
  + <C2>
  + <C3>
  + <C4>
  + <C5>
  + <C6>

# Objections And Replies

[Objection 1]: CF1 BBS 標準化順延 — 高階分層不成立故 mixed strategy 是過度設計. W3C BBS Cryptosuite WG 2026 Q4 預定 Recommendation 順延至 2029，順延原因可拆三條機制鏈——互操作測試失敗鏈（BLS12-381 與 hardware token batch verification 不相容） IPR 揭露鏈（IBM 2004-2009 group signature 專利族與 Microsoft anonymous credential 申請的 W3C PAG 處理時程不可預期） 政策爭議鏈（歐盟、美國、日本對 unlinkability 強度評估分歧）。第一條已部分顯現——2024 W3C BBS Cryptosuite WG issue tracker 中關於 BLS12-381 與 hardware 相容性的 issue 至 2025 中尚未關閉。觸發機率 medium。實證強度上，若 BBS 延後到 2029-2031，SA1「baseline 高階」雙層分工的高階層消失，mixed strategy 退化為 SD-JWT-VC-only，整個四原語架構的工程複雜度反論成立。 #objection

<Reply 1>: Title CF1 BBS 標準化順延 — 高階分層不成立故 mixed strategy 是過度設計 仔細看，CF1 觸發反向支撐「mixed strategy 是條件成立的工程結構」這條紀律。F2 thesis 在 4.4 已明示「BBS 為高階」採規範性的、條件成立的分層論述（條件為 W3C BBS Cryptosuite 達 Recommendation），fallback 表述為「若 2027 Q1 前未達，baseline 退回到只用 SD-JWT-VC、BBS 分層推遲到 2028」。CF1 觸發後 SA1 退化為 SD-JWT-VC-only baseline，但 SA1 主結構（verifier policy 三時點反向約束）仍成立，OpenID4VP DIF PE 協商通道不依賴 BBS IETF JOSE COSE 對 BBS 演算法獨立 RFC 路徑作為 W3C 路徑的 fallback、EU Wallet Consortium Phase 2 dual-issuance 試行（DE NL SE 三成員國）構成承載結構。CF1 反論反向支撐 strengthened thesis 對「條件性可行性」的承諾——working thesis 對 BBS 高階層的依賴在 CF1 觸發下需條件化重述，這正是 strengthened thesis 主張的「不依賴單一技術路徑」紀律的具體表現。 #reply

[Objection 2]: CF2 失智長者 receipts 集體失效 — holder-controlled 預設崩塌故 SA2 整層失效. 2030 年台灣 EU 日本三地同時發現 civic receipts 在失智長者場景的 substituted regime 退化問題。WHO 2024 估計全球失智人口 2030 約 7,800 萬，三地 65 失智盛行率 2030 約 7-10%、合計約 1,200-1,500 萬人 即使「30% 退化率」（假設值，需 pilot study 驗證）取保守估計，substituted 化 receipts 規模約 350 萬人份。機制鏈三條——cognitive endorsement 工程缺口（wallet UX 普遍預設成人完全認知） 長照人員代簽常態化（外籍看護為效率代為操作 wallet，holder 端 biometric authentication 在失智者場景容易被物理引導完成，形成物理 holder 但 cognitive non-holder 狀態） 法定代理人空窗（台灣 2019 監護宣告改革「輔助宣告 意定監護」覆蓋率 2024 仍不足失智人口 5%）。觸發機率 medium-high (50-65%)。實證強度上，若失智長者規模化退化為 substituted，CRPD GC1 29 audit trail 義務在 30 年窗口內難以履行， 29 會被 CRPD Committee 反向使用為 12 違反證據——SA2 holder-controlled 規範基礎被翻轉。 #objection

<Reply 2>: Title CF2 失智長者 receipts 集體失效 — holder-controlled 預設崩塌故 SA2 整層失效 仔細看，CF2 觸發反向支撐「雙軌設計（設計 A C 混合）與 threshold signatures supporter co-signing 緩解 critical path」這條紀律。F2 strengthened thesis 在 5.3 已建立——日常 receipts holder-controlled、長照場景 holder 法定代理人 醫療機構代表三方 threshold signatures（建議起點 t 2 n 3，並開放配置空間）、失智宣告後 wallet 在 receipts 生成前須有法院核可的監護人 輔助人簽字 anchor、cognitive endorsement 工程強制（EUDI ARF 後續版本加入失智宣告者帳戶的 micro-consent 確認延遲與 supporter co-signing 強制）。CF2 反論反向支撐 29 audit trail 義務需透過「工程修正 法律制度」雙層履行——supported decision-making 法律基礎（台灣 2019 監護宣告改革、Israel 2016 67B-67F、Peru DL 1384 (2018)）與 civic receipts 工程修正共同承擔。CF2 也釘住 working strengthened thesis 區分的具體政策意涵——working thesis 在 CF2 單獨觸發下實證失效、strengthened thesis 透過三大緩解阻擋 29 反向使用，這是 F2 區分兩層命題的最直接證據。剩餘風險（threshold signatures 在失能群體規模化部署的 UX 成本、法院命令 anchor 對偏鄉低收入長者可近性不足）為 11 open question O38（threshold signatures pilot study 需求）議題。 #reply

[Objection 3]: CF4 BRICS 集體拒絕 OECD 路徑 — G recognition A 三段時程在多極世界不成立. 2032 年 BRICS 擴員（中、俄、印、巴、南非、阿聯酋、伊朗、埃及、衣索比亞、沙烏地阿拉伯）集體拒絕以 OECD AI Principles 2024 update 為核心的全球 civic receipts 互認路徑，轉而推動 BRICS-led AI 治理替代框架。機制鏈三條——中國 生成式人工智慧服務管理暫行辦法 (2023-08) Art 4 外推（政府預審 issuer 列表、跨境 verifier 須在中國境內備案） BRICS Kazan Declaration 2024 Rio 2025 對「全球南方主體性」「對等技術治理」「拒絕單極技術標準」三項立場 資料 sovereignty 立法浪潮（印度 DPDP 2023、印尼 PDP 2022、巴西 LGPD 2018、俄 152-FZ 2022 修訂）。集體拒絕機率 medium、部分拒絕機率 high。實證強度上，若 BRICS 集體拒絕 OECD 路徑，三條軟法路徑皆受影響，全球 civic receipts 分裂為 OECD 軌與 BRICS-AAGF 軌兩個不互通網絡，G recognition A 整層估計失效。 #objection

<Reply 3>: Title CF4 BRICS 集體拒絕 OECD 路徑 — G recognition A 三段時程在多極世界不成立 仔細看，CF4 觸發反向支撐「OECD 外覆蓋空白為承認非預測 APEC CBPR ITU 中性對話橋樑 台灣對中軌道特殊衝擊」這條紀律。F2 thesis 在 7.2 已明示「OECD 涵蓋全球 GDP 約 65% 但人口僅約 18%」、三條軟法路徑均存在 OECD 外覆蓋空白、OECD 外覆蓋空白為「承認」而非「預測」、非 OECD 並行軌（AU、APEC CBPR、印度 DEPA、巴西 LGPD、印尼 PDP、GCC、ASEAN DEFA）以「並行」而非「替代」角度設計。CF4 觸發後緩解設計——APEC CBPR 作為中間橋樑（中、越、台、韓、日、菲、墨、加、美、智利、紐、澳皆在 APEC） ITU AI for Good 作為非結盟對話（193 成員、無 OECD BRICS 軸線預設） Hague PIL 維持中性（91 成員含中、俄、印、巴）。對台灣的特殊衝擊在三個場景同時顯現——陸配權利保護（依親居留 receipts vs 大陸法院證據能力） 台商長期居留 receipts（生涯 20-40 年跨境正好落在 receipts 設計核心保存窗口內） 兩岸投資人權利保護（CIETAC 對 holder-controlled receipts reliability 評估缺乏先例 海峽兩岸投資保障和促進協議 (2012) 預設紙本書面證據）。CF4 反論反向支撐 working strengthened thesis 對台灣場景的承諾差距——strengthened thesis 對台灣兩岸跨境權利主張場景的承諾弱於對 OECD 內互認場景的承諾、working thesis 在 CF4 觸發下對台灣場景實證失效 這是 F2 區分兩層命題後在台灣場景的最具體政策意涵，並導出對 TW DIW v1.0 spec 明文 QPSP 對接條款 30 年保存承諾的具體建議。 #reply