Argument Map — The Cognitive Limits of Selective Disclosure UX: Human Factors Bottleneck of Auditable Engineering Primitives

F2's four primitives (cryptosuite / preservation / admissibility / recognition) hold at the cryptographic + legal layer but degrade at scale at the UX layer — the `Informed(holder, r)` assumption of selective disclosure cannot be fulfilled under four cognitive-normative bottlenecks: (i) Miller 7±2 / Cowan 2001 working memory 4±1 + Sweller cognitive load theory cause selective disclosure multi-option decision-making to degrade significantly when attribute_count > 3; (ii) consent fatigue and dark patterns identically replay the eight-year GDPR cookie banner failure in wallet scenarios (Nouwens 2020 UK Top 10k compliance rate 11.8%); (iii) capacity fluctuation invalidates "previously informed consent," degrading to substituted in CDR ≥ 2 scenarios with mechanism-based likelihood medium-high (conservatively ≥ 50%, pending pilot study calibration); (iv) ambiguous supporter intervention boundaries cause "assisting understanding" to slide into "deciding on behalf." Implementation requires four UX engineering primitives UX1 progressive_disclosure_ui / UX2 dark_patterns_firewall / UX3 capacity_aware_consent / UX4 supporter_ui_three_layer, carried conjunctively as V_ux ≜ C7 ∧ C8 ∧ C9 ∧ C10; V_receipt' ≜ V_receipt ∧ V_ux is the upgraded verifiable condition. The four primitives constitute a reinforcement of F2's critical path's "actual fulfillability" layer; any one missing raises the F2 SA2 CRPD §29 reverse-use risk to high. Working thesis and strengthened thesis are strictly distinguished; the latter retains core functionality under full activation of all five counterfactuals through three critical-path mitigations (UX-agility by design, threshold signatures plus court-supervised downgrade, agent vs. supporter cryptographic split plus AgentDelegationProof institutionalisation) — first segment baseline retained, second segment timeline extended by ≥ 10 years, third segment conditionally failing. F1 RT-ℬ ✗ / AA-ℬ ✗ two intrinsic boundary cells are explicitly stated via extended theorem T2' — unreachable by any UX primitive subset.

F2's four primitives hold cryptographically and legally but degrade at the UX layer; restoring informed consent requires four UX engineering primitives (V_ux = C7 ∧ C8 ∧ C9 ∧ C10) plus three critical-path mitigations, while leaving F1's intrinsic non-delegable cells RT-ℬ ✗ / AA-ℬ ✗ untouched (theorem T2').

Formal Notation

V_receipt'(r) ⇔ V_receipt(r) ∧ V_ux(r)                                    (extend F2)
V_ux(r)      ⇔ V_cognitive(r) ∧ V_dark_patterns(r) ∧ V_capacity(r) ∧ V_supporter(r)
             ≡ C7 ∧ C8 ∧ C9 ∧ C10

C7 V_cognitive(r)     ⇔ attribute_count(r) ≤ 3 ∧ progressive_disclosure(r) ∧ issuer_defaults(r)
C8 V_dark_patterns(r) ⇔ D(r.verifier_policy_hash) = 0 ∧ scope_change_delay ≥ 10s ∧ symmetric_layout(r)
                       ∧ ∀ p ∈ forbidden_patterns : p ∉ ExtractPatterns(r.verifier_policy_hash)
C9 V_capacity(r)      ⇔ ∃ path ∈ {self_assess, supporter_trigger, issuer_hint} : path satisfies CRPD GC1 §29
                       ∧ KeyDistinct(comprehension_attestation.key, chooser_signature.key)
C10 V_supporter(r)    ⇔ comprehension_attestation.signer ≠ chooser_signature.signer
                       ∧ chooser_signature.signer = subject_did
                       ∧ supporter_did ≠ subject_did
                       ∧ VerificationMethodDisjoint(supporter_signature_l1, subject_signature_l3)

Definitions:
  D : verifier_policy → {clean, dark}     (EDPB Guidelines 03/2022 + EU AI Act §5(1)(b))
  CDR ≥ 2 ⇒ require(V_capacity downgrade path activated)
  Supporter ∈ {family, social_worker, care_worker, trustee, peer, other}  ≠ Guardian

CriticalPath_UX : UX1 →[D7] UX2 →[D8] UX3 →[D9] UX4    (linear closure)
FeedbackLoop    : SA3 → SA4                            (capacity auto-triggers supporter widget)
                  SA4 → SA1                            (supporter intervention: attribute_count cap 3 → 2)

T_UX1 : ∀ p , attribute_count(p) > 3 ⇒ Pr(informed_consent(p) = true) < θ_inform ≈ 0.5
T_UX2 : ∀ r , D(r.verifier_policy_hash) = 1 ⇒ V_ux(r) = false ⇒ V_receipt'(r) = false
                                        ⇒ CRPD §29 reverse_use_risk(r) = high
T_UX3 : ∀ holder h , receipt r , capacity_state(h) ∈ {moderate, severe, terminal}
                                 ∧ ui_downgrade_level(r) = none
                                 ⇒ Pr(supported → substituted) ≥ θ_2 ≈ 0.7
T_UX4 : ∀ r , signatures_disjoint(r) = true ∧ VerificationMethodDisjoint = true
              ⇒ ¬CryptographicallyCollapsible(supporter, subject, r)

T2' (F3 extended Z₃-intrinsic unreachable lemma) :
  ∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} , ¬∃ σ_ux ⊆ {UX1, UX2, UX3, UX4} : P_degrade(cell, σ_ux) ≤ θ_2

StressTest CF1..CF5 ⇒ working_thesis ≠ strengthened_thesis
strengthened_thesis ≜ working_thesis ∧ UX_agility ∧ threshold_with_court_anchor ∧ agent_vs_supporter_crypto_split
                    ⊨ partial_survival(CF1 ∧ CF2 ∧ CF3 ∧ CF4 ∧ CF5)
working_thesis ⊭ survive(CF2 ∨ CF5)

V_ux is defined by the conjunction of conditions C7–C10, each corresponding to one UX engineering primitive. V_receipt' upgrades F2 V_receipt to an extended function incorporating UX fulfillability. CriticalPath_UX is a linear closure UX1 → UX2 → UX3 → UX4, with two feedback loops SA3 → SA4 and SA4 → SA1. The UX layer critical path is not a DAG but a system graph with finite loops; loops are statically eliminated at the schema layer by two invariants — signatures_disjoint = true and monotonic degradation of capacity_state. T_UX1–T_UX4 formalise the bearing conditions of the four primitives as formal theorems. T2' extends F1's RT-ℬ ✗ / AA-ℬ ✗ boundary to the UX primitive level — no UX subset can mitigate these two cells. CF1–CF5 separate working thesis from strengthened thesis; the latter retains core functionality under full activation of all five CFs through three critical-path mitigations — first segment baseline retained, second segment timeline extended by ≥ 10 years, third segment conditionally failing.

UX1 / UX2 / UX3 / UX4: Four UX engineering primitives (progressive_disclosure_ui / dark_patterns_firewall / capacity_aware_consent / supporter_ui_three_layer)
V_ux(r): UX fulfillability function, defined by the conjunction of conditions C7–C10; V_receipt'(r) ⇔ V_receipt(r) ∧ V_ux(r)
C7 / C8 / C9 / C10: Four conjunctive sub-clauses (cognitive load / dark patterns / capacity / supporter), corresponding to V_cognitive / V_dark_patterns / V_capacity / V_supporter
T_UX1 / T_UX2 / T_UX3 / T_UX4: Cognitive load degradation theorem / dark patterns reverse-use theorem / capacity-supported degradation probability theorem / supporter non-substitutability cryptographic hard constraint theorem
T2': F3 extended version of F2 Theorem T2's Z₃-intrinsic unreachable lemma; asserts that no UX primitive subset can reach RT-ℬ ✗ / AA-ℬ ✗ two cells
D: Dark patterns detection function verifier_policy → {clean, dark}, aligned with EDPB Guidelines 03/2022 and EU AI Act §5(1)(b)
CDR: Clinical Dementia Rating (Morris 1993) five-stage scale 0 / 0.5 / 1 / 2 / 3; used here as "target classification language," not as a medical determination
θ_inform / θ_2: Informed consent effective probability lower bound ≈ 0.5 (analytical recommendation value) / supported → substituted degradation probability upper bound ≈ 0.7 (citing F1 §3.2 definition)
Supporter: CRPD GC1 §29 third-party supporter (family / social worker / care worker / trust representative / peer of own choosing / other); need not be family; need not have guardianship declaration
signatures_disjoint: Cryptographic hard constraint that comprehension_attestation.key ≠ chooser_signature.key and supporter_did ≠ subject_did
≜: Defined as
⇔: If and only if
∧: Conjunction

The formal expression states the position; the next step is to separate common misreadings. After F2 is complete, the wallet engineering community commonly treats selective disclosure as simply a UI interface matter — "the holder clicking 'agree to disclose' on the wallet UI constitutes informed consent," borne by UI design choices. If this classification stands, the existing EUDI ARF 2025-12 iteration §6.6.3 + OpenID4VP draft-23 + DIF PE v2.1 triple already covers the holder informed consent problem, and UX is a "downstream" engineering issue not involving cryptographic or legal normative layers. The map's first move is to draw a line between this reductionist account and "four UX engineering primitives + V_ux function + four formal theorems" — the informed consent of selective disclosure is a conjunctive bearer problem of four cognitive-normative bottlenecks, not UI polish.

foundational distinction

❌ Rejected

The informed consent of selective disclosure is a UI design choice, borne by the wallet UX team

Treats the informed consent of selective disclosure as a design choice of the wallet UI / UX team, borne by visual contrast, button labels, font size adjustments, and animation smoothness. As long as the UI is user-friendly and meets the surface requirements of EUDI ARF §6.6.3's unambiguous / granular / prior three elements, holder informed consent is established. Under this classification, the cognitive load ceiling is at the wallet vendor's discretion, dark patterns are naturally eliminated by market competition, capacity fluctuation is handled by family members acting on behalf, and the supporter role is carried by existing iOS Family Sharing or Android Family Link infrastructure. Conflating UI with UX fulfillability carries three argumentative costs — first, the GDPR cookie banner proved the failure of "regulation in place, UI engineering autonomy" over 2018–2024 eight years (Nouwens 2020 UK Top 10k compliance rate only 11.8%, Sanchez-Rola 2019 reject still tracking 49%); second, POTENTIAL UC6 mid-term report 2025-09 shows 47 of 122 tested 65+ participants handed PIN directly to family members for operation, and 0/122 wallets provided a supporter co-presence widget — UI design choices cannot prevent substituted degradation; third, if the CRPD §29 audit trail requirement for "supported / substituted distinguishability" is borne only by the UI, the audit trail in the 30-year preservation window conversely becomes "evidence that the holder agreed to this dark pattern" (formalised as T_UX2).

Informed(holder, r) ≜ UI_polish(r) ∧ ⟨V_cognitive, V_dark_patterns, V_capacity, V_supporter⟩ ⊥ Informed

✓ Defended

The informed consent of selective disclosure is conjunctively borne by four UX engineering primitives as V_ux, an independent third bearer layer beyond cryptography and law

F2 V_receipt has established a 14-field schema and C1–C6 six conjunctive conditions, with `Informed(holder, r)` as its unformalised premise (F2 §3.4, F2 §11 yet-to-be-developed 6.4). F3 expands this premise into four conjunctive sub-clauses C7–C10, each corresponding to one UX engineering primitive: C7 V_cognitive is borne by UX1 progressive_disclosure_ui; C8 V_dark_patterns by UX2 dark_patterns_firewall; C9 V_capacity by UX3 capacity_aware_consent; C10 V_supporter by UX4 supporter_ui_three_layer. V_receipt is upgraded in F3 to V_receipt' ≜ V_receipt ∧ V_ux, extending the critical path at the "presentation time point" with a holder-side fulfilment chain. The cryptographic bearing corresponding to the four UX engineering primitives — UX1 corresponds to W3C VCDM v2.0 §4.12 securing mechanisms and DIF PE v2.1 submission_requirements; UX2 to OpenID4VP draft-23 / draft-24 presentation_definition and transaction_data extension; UX3 to EUDI Wallet ARF 2025-12 iteration §6.6.3.9 user binding; UX4 to W3C DID Core v1.0 §5 verificationMethod and §8 controller-subject separation.

V_receipt'(r) ⇔ V_receipt(r) ∧ V_ux(r)  ;  V_ux(r) ⇔ C7 ∧ C8 ∧ C9 ∧ C10  ;  CriticalPath_UX : UX1 → UX2 → UX3 → UX4  ;  FeedbackLoop : SA3 → SA4, SA4 → SA1

The distinction is merely a declaration. Proving that F2's four primitives require four-primitive conjunctive reinforcement at the UX layer (rather than simply "writing good UI") calls for five independent lines of support — the deductive strand provides the formal skeleton of the V_ux function's C7–C10 and the four theorems T_UX1–T_UX4; the inductive-causal strand provides the engineering implications of cognitive science Cowan 4±1 + Sweller cognitive load theory + updated Miller; the inductive-analogical strand provides the specific mechanism chain by which the GDPR cookie banner eight-year failure (11.8% compliance rate) identically replays in wallet scenarios; the abductive strand provides the legal / engineering / privacy tradeoff for three alternative pathways under capacity fluctuation and a 15-row intermediate evidence strength assessment table; and the deductive-analogical strand provides the cryptographic bearing of supporter UI three-layer separation and the legal normative alignment with Israel §67B–67F and Peru DL 1384. The five pillars correspond to five argument types — any one missing and the position degrades to advocacy.

supporting arguments

§3 — Deductive (V_ux function + four UX primitive schemas + T_UX1–T_UX4 + T2')

V_ux function and four primitive schemas constitute the formal skeleton of UX fulfillability

whyProvides the formal skeleton of conjoint analysis — without formalising V_ux and V_receipt' as functions, the four UX primitives remain at the linguistic level; without explicitly stating the four theorems T_UX1–T_UX4 and T2', "F1 RT-ℬ ✗ / AA-ℬ ✗ boundary unreachable by UX" is merely rhetorical, and CF5's "LLM-agent as substitute" will be read as bypassing F1's conclusion.

Each of the four UX engineering primitives has at least six fields, adopting the same two-level counting convention as F2 §3.1 (field group / leaf field) — UX1 progressive_disclosure_ui covers fields such as attribute_count / cognitive_load_threshold = 3 / display_layers ≥ 2 / issuer_supplied_defaults / per_item_override / disclosure_session_id / attribute_groups / comprehension_checkpoint; UX2 dark_patterns_firewall covers verifier_policy_hash / forbidden_patterns / pattern_detection_result / scope_change_delay_ms ≥ 5000 / symmetry_check / minimum_info_disclosure / ref_eu_ai_act_art / ref_edpb_guideline / audit_log_endpoint; UX3 capacity_aware_consent covers capacity_state (full / mild / moderate / severe / terminal) / capacity_assessment_method (wallet-self-assessment / supporter-triggered / issuer-side-hint) / reassessment_period_days ≤ 180 / ui_downgrade_level / downgrade_trigger_rule / comprehension_attestation / ref_crpd_gc1_section; UX4 supporter_ui_three_layer covers layer_1_comprehension_aid / layer_2_operation_interface / layer_3_decision_bearing / supporter_signature_l1 / subject_signature_l3 / l2_signature / signatures_disjoint = true / supporter_role_scope / ref_did_verificationmethod. V_ux is defined by the conjunction of C7–C10. T_UX1 formalises attribute_count > 3 ⇒ Pr(informed_consent) < θ_inform. T_UX2 formalises D = 1 ⇒ V_ux = false ⇒ CRPD §29 reverse-use risk = high. T_UX3 formalises capacity_state ∈ {moderate, severe, terminal} ∧ ui_downgrade_level = none ⇒ Pr(supported → substituted) ≥ θ_2. T_UX4 formalises signatures_disjoint = true ⇒ ¬CryptographicallyCollapsible(supporter, subject, r). T2' extends F2 Theorem T2, asserting that no UX subset can reach RT-ℬ ✗ / AA-ℬ ✗.

V_ux function + four primitive schemas + T_UX1–T_UX4 and T2' constitute F3's formal extension of F2 V_receipt. Downstream writers may not claim UX primitives solve the fundamental accountability problem of AI agents (violation of T2'), nor reduce informed consent to UI polish (violation of T_UX1).

V_ux(r) ⇔ ⋀_{i=7..10} Cᵢ(r)  ;  V_receipt'(r) ⇔ V_receipt(r) ∧ V_ux(r)  ;  T_UX1: attribute_count > 3 ⇒ Pr(informed) < θ_inform  ;  T2': ∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} , ¬∃ σ_ux : P_degrade(cell, σ_ux) ≤ θ_2

§4 — Inductive + Causal (Miller → Cowan → Sweller → wallet scenario three conservative coefficients)

Cognitive load ceiling derived from Cowan 4±1 plus three wallet conservative coefficients to ≤ 3 attribute groups

whyProvides the inductive-causal argument for SA1 cognitive load ceiling — without updating Miller 7±2 to Cowan 2001 working memory 4±1, the "≤ 3 attribute group" ceiling will be read as an arbitrary choice; without explicitly stating the three conservative coefficients (time pressure / dual-task / stakes) for wallet scenarios, the ecological validity gap of cognitive load theory in wallet scenarios will be ignored; without fixing the asymmetric influence of defaults and nudges, the tension between issuer-supplied defaults and GDPR Art 25 and holder autonomy will be overlooked.

Miller 1956's 7±2 is replaced in Cowan 2001 *Behavioral and Brain Sciences* 24(1) target article with three revisions — first, 7±2 conflates short-term memory (passive storage) and working memory (active manipulation) as two constructs; second, working memory ceiling is 4±1, relatively stable after controlling for chunking / rehearsal / long-term memory intervention; third, focus of attention is the key regulatory variable of working memory capacity. Cowan 2010 further notes that under dual-task conditions working memory capacity drops to 3±1, and under time pressure further compresses to 2–3. Baddeley 1992, 2003 working memory model provides detailed mechanism here — wallet multi-attribute decisions simultaneously occupy visuospatial sketchpad (attribute label image parsing, verifier logo recognition, button position tracking) and central executive (necessity assessment, consequence reasoning, disclosure trade-off). Sweller 1988, Sweller & Chandler 1994 cognitive load theory tripartition (intrinsic / extraneous / germane) maps onto wallet scenarios — intrinsic load relatively fixed; extraneous load is an engineering-controllable variable; germane load virtually nonexistent in wallet scenarios. Deriving ≤ 3 from Cowan 4±1 to wallet scenarios, this paper adopts three conservative coefficients — time pressure (public place decision time ≤ 3–30 seconds), dual-task (background situational awareness + decision evaluation simultaneously occupying central executive), irreversible stakes (disclosed attributes cannot be recalled; Acquisti / Brandimarte / Loewenstein 2015 shows privacy decision-making is significantly more sensitive to framing / anchoring / defaults than other domains). ≤ 3 is an "analytical recommendation value," not experimentally measured. POTENTIAL UC6 mid-term report 2025-09 shows "in 2 → 5 group scenarios, correct identification rate drops from ≥ 80% to ≤ 50%" — though not directly validating the "3" cut-point, the direction is consistent with the Cowan 4±1 + three conservative coefficients estimate. WEIRD sample bias constitutes the honesty boundary. Issuer-supplied defaults must be privacy-conservative (disclose minimum attributes; reverse disclosure is override); CRPD §29's "autonomy" does not mean "no defaults" but rather that the holder can still exercise choice within a cognitively fulfillable range.

Cowan 4±1 plus wallet three conservative coefficients estimates ≤ 3 attribute groups as the SA1 ceiling. Three progressive disclosure variants (wizard / accordion / paginated) lack comparative studies in wallet scenarios — a known gap. Issuer-supplied defaults + per-item override + privacy-conservative defaults constitute the nudge protection mechanism design.

C7: attribute_count ≤ 3 ∧ progressive_disclosure ∧ issuer_defaults  ;  T_UX1: attribute_count > 3 ⇒ Pr(informed) < θ_inform ≈ 0.5  ;  Cowan_WM = 4±1 ; wallet_WM_eff = 2-3 (time_pressure ∧ dual_task ∧ stakes_irreversible)

§5 — Inductive + Analogical (GDPR cookie banner eight-year failure + Mathur 2019 + five cases)

Dark patterns identically replay GDPR cookie banner failure in wallet scenarios; D1–D7 seven normative requirements provide protection

whyProvides the inductive-analogical argument for SA2 identical replay — without citing the GDPR cookie banner eight-year empirical record as a baseline (Nouwens 2020 UK Top 10k 11.8% / Matte 2020 54% / Sanchez-Rola 2019 reject still tracking 49%), "wallet scenarios will replay cookie banner" will be read as analogical inference rather than industry empirical evidence; without explicitly stating that dark patterns are broader than GDPR Art 5(1)(a) transparency violations, the extended enforcement pathway of EU AI Act §5(1)(b) and DSA Art 25 will be read as overreach; without case-tracing the five cases (FTC v Epic / FTC v Amazon Prime / CNIL v Google / Apple ATT / EU v Meta DSA) against D1–D7, the seven normative requirements will be read as fabricated.

Brignull 2010's 11 types, Mathur 2019's seven refined types (sneaking / urgency / misdirection / social proof / scarcity / obstruction / forced action), Gray 2018's five strategies, Mathur / Kshirsagar / Mayer 2021's five normative attributes, EDPB Guidelines 03/2022's six categories, and EU AI Act §5(1)(b)'s subliminal or manipulative techniques constitute four-source dark patterns academic taxonomy. GDPR cookie banner eight years (2018–2024) industrial statistics — Nouwens 2020 UK Top 10k compliance rate 11.8%; Matte 2020 1,426 EU websites 54% violating at least one GDPR provision; Sanchez-Rola 2019 2,000 websites reject still tracking 49% / accept one-click vs reject multi-layer 92% asymmetric; Utz 2019 six A/B experiments nudge effect on consent rate +22.2pp; Habib 2020 average 5.6 clicks; noyb 2024 EU 31 countries 800 sites Art 7 violation rate 67%; CNIL SAN-2022-021 / 022 Google + Microsoft combined €210M fine; FTC v Epic Games 2022 $245M damages. Wallet scenario identical replay (structural homomorphism, not direct applicability) four mechanisms — (a) OpenID4VP scope change causes input descriptor to change with each request producing scope creep; (b) verifier policy chain transitive consent not mandated at second and third layers; (c) re-consent fatigue (Bohme & Köpsell 2010 80,000+ participant experiment proves repeated exposure significantly raises acceptance rate; Luguri & Strahilevitz 2021 aggressive dark patterns push acceptance from 11% to 41.9%); (d) terminology obscurity (Utz 2019 measures 41% of participants not understanding "legitimate interest"; wallet scenario terminology density is higher). Aligned with EDPB Guidelines 03/2022 six categories, this paper proposes seven normative requirements D1–D7 to be written into OpenID4VP 1.0 and EUDI Wallet ARF subsequent iterations: D1 (scope change mandatory delay ≥ 10s) + D2 (symmetric option layout ±5%) + D3 (necessary information disclosure) + D4 (high-stakes two-step confirmation) + D5 (withdrawal path symmetry) + D6 (pre-check and nudge prohibited) + D7 (terminology plain-language A2 reading level). Five case-tracing cases (FTC v Epic Games 2022 / FTC v Amazon Prime 2023 / CNIL v Google + Microsoft 2022 / Apple ATT 2021– / EU v Meta DSA 2024–) provide enforcement alignment for D1–D7.

The four mechanisms of dark patterns' identical replay in wallet scenarios (scope creep / transitive consent / re-consent fatigue / terminology obscurity) are countered by D1–D7 seven normative requirements. T_UX2 formalises D = 1 ⇒ V_ux = false ⇒ CRPD §29 reverse-use risk high. EU AI Act §5(1)(b)'s application to wallets is conditional (pending AI Office implementing guidance 2026 Q4); DSA Art 25's application boundary to wallet endpoints requires further investigation.

C8: D(verifier_policy_hash) = 0 ∧ scope_change_delay ≥ 10s ∧ symmetric_layout ∧ ∀ p ∈ {D1..D7} : enforced(p)  ;  T_UX2: D = 1 ⇒ V_ux = false ⇒ CRPD §29 reverse_use_risk = high  ;  homomorphism (cookie_banner ↦ wallet_consent) ≠ direct_applicability

§6 — Abductive (dementia → wallet three-segment intermediate chain + CDR three alternative pathways + 15-row evidence strength assessment table)

Capacity-aware UX borne by three alternative pathways; three-segment intermediate chain and mechanism-based likelihood replace absolute sentences

whyProvides the abductive argument for SA3 capacity-aware UX — inferring engineering design criteria in reverse from the normative risk of "CDR ≥ 2 scenario degrading to substituted." Without establishing the necessity of dementia patients using wallets via a three-segment intermediate chain (EUDI mandatory phase + existing digitalisation + "no wallet = losing welfare"), the entire argument will be read as invisible exclusion of persons with dementia. Without splitting the CDR-wallet UX phase connection into three alternative pathways (self-assessment / supporter-triggered / issuer-side-hint) with explicit tradeoffs for each in legal / engineering / privacy, "medical-side automated wallet notification" impossibility will be misread as SA3 overall infeasibility. Using absolute sentences (100% / necessary) for likelihood damages the rigour of mechanism-based inference. Without distinguishing supporter from family category, CRPD §29 supporter's five source types (family / social worker / care worker / trust representative / peer of own choosing) will be reduced to a single category.

Three-segment intermediate chain explaining why elderly persons with dementia must use wallets — chain 1.1 EUDI Wallet 2026–2027 mandatory phase has no age exemption for middle-to-old-age; POTENTIAL UC6 §4.3 explicitly identifies dementia onset as the largest unresolved UX gap in the mandatory phase; chain 1.2 existing financial / government / healthcare digitalisation has already drawn in middle-to-old-age incapacity groups (NHS Login 60 million users 65+ proportion 24%; My Number Card 75+ possession rate 72.4%; Nordic BankID 70+ coverage rate 92%; Taiwan Alzheimer's Disease Association interviews show 71% caregivers have assisted with national health IC card operations; Alzheimer's Association 2025: 41% caregivers have assisted with online banking); chain 1.3 concrete cases of elderly persons with dementia "no wallet = losing welfare" (Netherlands Open Universiteit / Alzheimer Nederland 2023 interviews: 62% persons with dementia cannot independently complete DigiD two-factor verification / 84% caregiver holds dementia patient's password; India IFF 2024 Aadhaar biometric fingerprint degradation rate 35% for elderly persons with dementia; Brazil TJSP 2023–2024 LGPD precedents; Taiwan Ministry of Health and Welfare white paper acknowledges family substitute filing as common practice). Three alternative pathways for CDR and wallet UX phased connection — pathway (i) wallet built-in functional self-assessment (Apple Health Cognitive / Google Health Connect / Cambridge CANTAB Mobile as theoretical alignment; legal tradeoff: GDPR Art 9 special category data compliance uncertainty; engineering tradeoff: high false positive rate; privacy tradeoff: cognitive proxy subsequent sync leakage); pathway (ii) supporter triggered downgrade (CRPD §29 supporter pre-designated, strictly separated from chooser_signature private key; legal tradeoff: supporter certification procedures not yet legalised in most OECD jurisdictions; engineering tradeoff: supporter unilateral trigger may be used in reverse; privacy tradeoff: three-layer safeguard needed); pathway (iii) issuer-side capacity hint (issuer embeds capacityProfile field in credential; normative tradeoff: fundamental tension between CRPD GC1 §15 opposing mental capacity concept and §29 opposing functional capacity test; limiting to holder active opt-in plus alternative pathway priority as conservative position). Degradation pathway described in five-segment mechanism chain: (a) no capacity-aware downgrade → (b) Cowan + Sweller overload → (c) family substitute operation becomes de facto norm → (d) chooser_signature actually signed by substitute holder → (e) engineering fact is substituted. Overall (a) → (e) trigger probability medium-high (conservatively ≥ 50%); not taking high because: three-factor verification, supporter-assisted pathway, pilot study absence. Intermediate evidence strength assessment table with 15 rows covers ten rows for three-segment intermediate chain + three rows for three alternative pathways + one row for likelihood + one row for scope distinction. Supporter vs. family scope distinction four items — supporter may be family / social worker / care worker / trust representative / peer of own choosing / community care professional / attorney; supporter need not have guardianship or property agency rights; Taiwan's new voluntary guardianship system activates on guardianship declaration condition, differing from CRPD §29; §1113-2 appointee's legal status remains a guardian role.

The three alternative pathways of SA3 each have unresolved tradeoffs. Pathway (i) is "wallet automatic suggestion" as first signal but must not auto-trigger downgrade; pathway (ii) is the primary downgrade trigger mechanism with three-layer safeguard; pathway (iii) is "conditionally adoptable" pending resolution of the CRPD §29 functional test prohibition dispute, limited to opt-in. Mechanism-based likelihood medium-high explicitly states probability is not certainty. The 15-row intermediate evidence strength assessment table is a starting point for cross-jurisdictional evidence inventory.

C9: ∃ path ∈ {self_assess, supporter_trigger, issuer_hint} : path ⊨ CRPD GC1 §29 ∧ reassessment ≤ 180d ∧ KeyDistinct(comprehension_attestation, chooser_signature)  ;  T_UX3: capacity ∈ {moderate, severe, terminal} ∧ downgrade = none ⇒ Pr(supported → substituted) ≥ θ_2  ;  Likelihood(a → e) = medium-high (≥ 50%, pending pilot)

§7 — Deductive + Analogical (supporter UI three-layer separation + Israel §67B-67F + Peru DL 1384)

Supporter UI three-layer separation carried by two cryptographic hard constraints — signatures_disjoint = true and VerificationMethodDisjoint = true

whyProvides the deductive-analogical argument for SA4 supporter UI — without carrying CRPD §29's "supporter necessary, non-substitutable" principle at the cryptographic layer as a hard constraint, wallet engineering will dilute supported under a "gradual transition to agency" framework; without explicitly stating the legal normative alignment of Israel §67B-67F + Peru DL 1384, the three-layer separation will be read as invented design; without acknowledging the offline substitute-signing attack surface as a known gap, SA4 will be misread as claiming to solve all threat models; without explicitly stating Nordic BankID fullmakt and iOS / Android Family Link as counter-examples or rejected models, the supporter role will slide back to family-substitute defaults.

CRPD §29's normative claims regarding supporters are decomposed into four auditable conditions — supporter necessary (wallet UX must provide supporter widget entry); supporter non-substitutable (chooser_signature's verificationMethod must have controller = subject DID); unconflicting interest (supporter must declare upon registration + wallet must prompt conflict-of-interest check); safeguards not removed (three layers each independent + auditable + revocation_endpoint). Three independent cryptographic objects — (a) Comprehension Attestation (VC type ComprehensionAttestationCredential; issuer is supporter DID; proof uses assertionMethod purpose, signed by supporter private key; semantics: "supporter witnesses that subject has expressed understanding of disclosure scope" — not "subject agrees to disclosure"); (b) Operation Assist Trace (pure UX behaviour log stored locally in wallet, not on-chain, not in VC); (c) Chooser Signature (VP-level proof; purpose authentication; signed by subject private key; supporter private key may not bypass under any circumstances). UI layer three independent widgets — Widget 1 Comprehension Widget is an independent modal, supporter biometric unlock, touch isolation must be completed without subject present; Widget 2 Operation Assist Widget is an inline panel, does not provide any substitute-signing button, any cryptographic action jumps to Widget 3; Widget 3 Decision Widget is the final confirmation modal, the subject unlocks subject DID private key with biometric / PIN and signs CS themselves, touch isolation physical separation, hardware detection immature UX fallback is 90-second delay plus second confirmation. Existing UI model comparison — iOS Family Sharing / Android Family Link is a minor scenario with single organiser model, not adopted; Hyperledger Aries Mediator is a technical intermediary not a supporter, structural reference for its "non-signing intermediary" position; Nordic BankID fullmakt is a single BankID substitute-signing substituted counter-example; Israel §67B-67F and Peru DL 1384 apoyos are the only two jurisdictions that have fully implemented supporter three-permission segmentation at the legal layer (assisting understanding / assisting expression / assisting execution): Israel 2017–2018 200 agreements 0% supporter signing legal documents; Peru Lima 350 apoyo agreements: comprehension 65% + expression 28% + execution-of-non-legal-acts 7%. Offline substitute-signing attack surface is a known gap — supporter obtaining subject biometric / PIN offline to operate Widget 3 cannot be distinguished at the cryptographic layer. SA4 claims "does not slide into substituted in cooperative scenarios" at two levels (normative + engineering). Malicious scenarios covered by audit-by-design + revocation_endpoint. Three-layer separation can significantly reduce the probability of "unintentional substitute-signing" (POTENTIAL UC6 phase 2 47/122 PIN hand-over) triggering; specific reduction pending pilot calibration.

SA4 supporter UI three-layer separation carries CRPD §29's "supporter necessary, non-substitutable" principle via two cryptographic hard constraints — signatures_disjoint = true and VerificationMethodDisjoint = true. F2 §5.3 Design B (threshold signatures with supporters in quorum) violating CRPD §28 is reaffirmed in F3. Offline substitute-signing is a known gap; malicious scenarios covered by F1 §5.4 audit-by-design + revocation_endpoint. Schema-layer obligations include supporterRole field enumeration and conflict-of-interest disclosure.

C10: signatures_disjoint = true ∧ supporter_did ≠ subject_did ∧ KeyDistinct(comprehension_attestation, chooser_signature) ∧ VerificationMethodDisjoint(supporter_signature_l1, subject_signature_l3)  ;  T_UX4: signatures_disjoint ∧ VerificationMethodDisjoint ⇒ ¬CryptographicallyCollapsible(supporter, subject, r)

The pillars constitute the affirmative argument. But the claim that "the critical path is a UX fulfillability dependency chain, not rhetoric" must be sustained by a concrete dependency chain. UX1 →[D7] UX2 →[D8] UX3 →[D9] UX4 chains the four primitives with three formal conditions D7–D9 into a linear closure — D7 is the prerequisite that attribute_count control is "meaningful" for UX2 dark pattern detection (if the holder has already entered mechanical-clicking mode, dark patterns need not be actively detected); D8 is the prerequisite that verifier policy contains no dark patterns for UX3 capacity-aware downgrade to be effective; D9 is the prerequisite that capacity judgement is correct for UX4 supporter intervention path to be triggered. Two feedback loops also exist — SA3 → SA4 (capacity_state ∈ {moderate, severe} auto-triggers supporter widget loading), SA4 → SA1 (supporter intervention: attribute_count cap 3 → 2, display_layers 2 → 3). Unfolding the chain translates the abstract "four-primitive conjunction" into mechanistically traceable dependency conditions and embeds engineering implementation-level issues such as "LLM-agent as substitute" into the chain structure.

causal chain

Four UX Primitive Fulfilment Dependency UX1 → UX2 → UX3 → UX4 Linear Closure + SA3 → SA4 + SA4 → SA1 Dual Feedback Loops

D7 ⇒

UX1 → UX2 formal condition — if attribute_count > cognitive_load_threshold (= 3), the holder enters "mechanical click-through acceptance" mode; the verifier's dark pattern does not need to be actively detected (since the holder is no longer in decision-making mode). Formal statement: ∀ r : C8(r) meaningful ⇒ C7(r) = true. C7 is the validity prerequisite for C8; the UX2 firewall loses its meaning when UX1 fails.

D8 ⇒

UX2 → UX3 formal condition — if the verifier policy contains dark patterns (D(r.verifier_policy_hash) = 1), the effectiveness of capacity_aware downgrade is consumed (the holder will accept manipulative design even at mild capacity). Formal statement: ∀ r : C9(r) meaningful ⇒ C8(r) = true. C8 is the validity prerequisite for C9; UX3 phased downgrade degrades into formal compliance formalism when the UX2 firewall collapses.

D9 ⇒

UX3 → UX4 formal condition — if capacity_state is misjudged (CDR ≥ 2 holder not triggered for downgrade by any of the three alternative pathways), the supporter intervention pathway is simply never triggered. Formal statement: ∀ r : C10(r) meaningful ⇒ C9(r) = true. C9 is the validity prerequisite for C10; even if UX4 supporter widget three-layer separation exists, it has no field of use when UX3 fails.

F-SA3-SA4 ⇒

SA3 → SA4 feedback loop — capacity_state ∈ {moderate, severe} auto-triggers supporter UI widget loading. capacity_aware_consent.ui_downgrade_level ∈ {supporter-required, blocked} triggers the wallet to present Widget 1 Comprehension Widget and Widget 2 Operation Assist Widget at the next presentation. This loop is structural, depending on C9's capacity_state determination being truthful and C10's supporter_did being pre-registered.

F-SA4-SA1 ⇒

SA4 → SA1 feedback loop — when supporter intervenes, the progressive disclosure UI reorganises into "supporter-assisted simplified" mode: attribute_count ceiling drops from ≤ 3 to ≤ 2; display_layers increases from 2 to 3; issuer-supplied defaults intensity strengthens to "single best practice." The two feedback loops mean F3's critical path is no longer a DAG; but loops can still be statically verified at the protocol and schema layers — two invariants (signatures_disjoint = true and monotonic degradation of capacity_state) jointly eliminate infinite loops.

T-CRPD-29 ◊⇒

Time dependency of CRPD §29 audit trail obligation — T_UX2 has already formalised "D = 1 ⇒ V_ux = false ⇒ V_receipt' = false ⇒ CRPD §29 reverse-use risk high." Within F2 §5.2's 30-year preservation window, the audit trail without UX correction conversely becomes "evidence that the holder agreed to this dark pattern." The CRPD Committee's Concluding Observations to EU member states (which have ratified CRPD) can be expected to appear in the 2028–2030 reporting cycle with Art 12 violation accusations against EUDI Wallet UX.

T-LLM-Agent ◊⇒

CF5 LLM-agent substitute loop — when LLM-agent in wallet provides three services in 2027–2030 (comprehension assistance, attribute filtering suggestions, decision suggestions), the holder's "confirmation" is in substance "agreement to the agent's simplified version," and the agent thereby substantively determines which options the holder sees. The mitigation design is three-part: F1 §7.3.1 AgentDelegationProof + presentationOrigin tag + separation of comprehension_attestation and chooser_signature — limited to extension within Z₂ scope, not bypassing F1's RT-ℬ ✗ / AA-ℬ ✗ two intrinsic non-delegable boundaries.

⇒ Mechanistic necessity (structural dependency; does not depend on external trigger)

◊⇒ Probabilistic (requires external trigger to materialise, but probability non-negligible)

Once the position and causal chain hold, objections become genuinely threatening. Among the five counterfactual stress tests, CF1 (cognitive science new research revising Cowan 4±1 downward), CF2 (EUDI mandatory phase replaying cookie banner), and CF5 (LLM-agent as substitute) each constitute an independent threat to SA1 / SA2 / the four primitives as a whole. Careful examination of the likelihood-by-mechanism inference of each objection reveals that they not only fail to overturn the map's position but actually flip to support the necessity of three critical-path mitigations — the evidentiary structure of each objection turns out to be the strengthened thesis's second-order support. CF3 (all three capacity-aware pathways failing) and CF4 (supporter UI lacking hardware carrier) are handled as chain effects in the conditions and conclusion sections to avoid overloading the borders section.

border cases — flip to support

Objection 1

CF1 cognitive science new research revises Cowan 4±1 downward — ≤ 3 attribute group ceiling inaccurate so SA1 entire layer needs redoing

pivotIn 2027–2028, a new generation of cognitive science research based on three ecologically valid conditions (cross-cultural, mobile context, time-pressure) shows that working memory capacity in wallet scenarios is lower than 1990s–2000s laboratory conditions, with estimated values falling in the 2±1 range (a downward revision from Cowan 2001's 4±1). Three mechanism chains — cross-cultural axis (Adams-Nguyen-Cowan 2018 has established revision direction), mobile context axis (Wilmer-Sherman-Chein 2017 has revealed smartphone use negatively correlates with attention capacity), time-pressure axis (wallet UX 30-second to 2-minute decision timeline). Trigger probability: medium (30–50%). Empirically, if new research revises effective working memory in wallet scenarios to 2±1, the "≤ 3 attribute group" ceiling becomes inaccurate; SA1 baseline needs downward revision from "≤ 3" to "≤ 1–2." UX smoothness drops sharply; average holder presentation time rises from ≤ 60 seconds to ≥ 120 seconds; the engineering complexity objection to integration holds.

On closer inspection, CF1 triggering supports the argument's discipline that "UX-agility by design is a conditionally valid engineering discipline." F3 thesis in §3.4 already explicitly states θ_inform = 0.5 and attribute_count ≤ 3 as "analytical recommendation values," with wallet scenario pilots not yet calibrated. The mitigation design corresponding to the strengthened thesis is "UX-agility by design" — progressive disclosure UI supports dynamic adjustment of attribute group ceiling; wallet configuration files allow issuers or verifiers to declare target cognitive load level in cryptosuite metadata; issuer-supplied defaults play a larger role in low-ceiling scenarios; dual-track UX (guided mode + expert mode). After CF1 triggers, SA1 ceiling is revised down to ≤ 1–2, but SA1's main structure (progressive disclosure three-layer architecture) still holds — OpenID4VP + DIF PE negotiation channels do not depend on specific ceiling values. W3C VC v2.0 §4.12 securingMechanism abstraction layer plus EUDI ARF profile abstraction layer constitute the bearing structure. The CF1 objection, read carefully, supports the strengthened thesis's commitment to "conditional fulfillability" — the working thesis's dependence on specific ceiling values requires conditional restatement under CF1 triggering, which is precisely the specific expression of the strengthened thesis's "not dependent on a single ceiling value" discipline.

Objection 2

CF2 EUDI mandatory phase replays GDPR cookie banner failure — verifier dark patterns at scale so SA2 firewall collapses

pivotIn 2026–2027 after the EUDI Wallet mandatory phase launches, verifier policy consent UX replays the GDPR cookie banner failure pattern within 6–18 months. Expected wallet scenario "accept all" rate reaches 75–85%; dark patterns prevalence reaches the same level as Mathur 2019 shopping sites (≥ 11%). Three trigger mechanism chains — enforcement mechanism gap (DPA enforcement authority and technical capability for wallet scenarios both inadequate), verifier motivation (obtaining attributes beyond minimisation principle via dark patterns), wallet provider competitive pressure (UX smoothness and dark patterns are difficult to distinguish engineering-wise). Trigger probability: medium-high (55–70%). Empirically, if dark patterns scale in wallet scenarios, SA2 firewall collapses (scope change mandatory delay bypassed by "reset process"; option symmetry bypassed by visual contrast; necessary information disclosure folded into "more information" at second layer); SA1 cognitive load ceiling loses meaning (consent fatigue means users no longer read attribute descriptions); SA3 capacity-aware UX automatic downgrading experienced by users as "annoying" and turned off; SA4 supporter UI three-layer separation collapses to single layer "supporter clicks on behalf." CRPD Committee Concluding Observations to EU member states can be expected to appear in the 2028–2030 reporting cycle with Art 12 violation accusations against EUDI Wallet UX — F3's connection to CRPD §29 flips from "fulfillability reinforcement" to "formal compliance formalism."

On closer inspection, CF2 triggering supports the discipline that "EU AI Act §5(1)(b) extension + DSA Art 25 extension + EDPB enforcement-grade guidance three-track mitigation critical path." F3 strengthened thesis in §9.2 already establishes — EU AI Act §5(1)(b) extended to wallet scenarios (requires EDPB and European AI Office to jointly issue guidance explicitly including wallet scenario dark patterns within the §5(1)(b) prohibition); DSA Art 25 extension to wallet interface design (requires European Commission to include wallets in DSA implementing guidelines); EDPB enforcement-grade guidance (wallet scenario-specific guidelines with quantitative standards); conformance suite adding dark patterns detection. The CF2 objection, read carefully, supports that T_UX2's "D = 1 ⇒ V_ux = false ⇒ V_receipt' = false ⇒ CRPD §29 reverse-use risk high" needs dual-layer fulfilment through "normative extension + engineering mandate" — D1–D7 seven normative requirements written into OpenID4VP 1.0 and EUDI Wallet ARF subsequent iterations; conformance suite adding dark patterns automated detection. CF2 also fixes the specific policy implication of the working / strengthened thesis distinction — working thesis empirically fails under CF2 alone; strengthened thesis blocks §29 reverse use through three critical-path mitigations. Residual risk: from GDPR 2018 implementation to EDPB Guidelines 03/2022, the actual enforcement statistics showing cookie banner "accept all" rate declining are still not complete; if EUDI Wallet mandatory phase launches in 2026–2027, dark patterns enforcement fully in place may take until 2032–2034; EU AI Act §5(1)(b) wallet applicability is conditional (pending AI Office implementing guidance 2026 Q4).

Objection 3

CF5 LLM-agent substitute — agent and supporter role slide makes F1 RT-ℬ ✗ / AA-ℬ ✗ boundary crossed by engineering

pivotIn 2027–2030, LLM-agent in wallet becomes a functional substitute or supplement for F3's four UX primitives — comprehension assistance (LLM-agent explains attribute meaning, verifier trustworthiness, data minimisation principles), attribute disclosure simplification (recommended disclosure profile), legal terminology real-time translation, decision suggestions. This scenario has both mitigation aspects (solving the SA4 supporter mobilisation at scale problem, SA1 cognitive load problem) and threat aspects (LLM-agent sliding into supporter's "non-substitutable" boundary). Trigger probability: high (≥ 70%) — LLM-agent in wallet is a certain 2026–2030 path; the question is only whether governance keeps up. Empirically, three threats — LLM-agent interpretation bias (influenced by training data, prompt design, wallet provider commercial interests), prompt injection attacks (verifier embeds prompt injection in OpenID4VP request metadata), agent-mediated consent replacing informed consent (what the holder agrees to is in fact an agent-simplified version, already deviating from the original verifier policy) — together constitute the engineering bypass risk for F1's RT-ℬ ✗ / AA-ℬ ✗ boundary. Agent slides between "assisting understanding" and "deciding on behalf" with every wallet operation; the boundary exists at the user subjective layer, not the cryptographic layer.

On closer inspection, CF5 triggering supports the discipline that "F1 §7.3.1 AgentDelegationProof + presentationOrigin tag + separation of comprehension_attestation and chooser_signature + agent vs. supporter cryptographic split four-part design conjunctively maintaining the boundary." F3 strengthened thesis in §9.5 and §9.5.1 already explicitly states — CF5's impact on F1's two boundaries is "engineering implementation-level extension honesty boundary" not bypassing F1's conclusion. F1 RT-ℬ ✗ (responsibility bearing requires first-personal mens rea) and AA-ℬ ✗ (contestation bearer requires Pettit active-stance) remain intrinsic non-delegable conclusions — T2' has already formalised "∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} , ¬∃ σ_ux : P_degrade(cell, σ_ux) ≤ θ_2." What CF5 handles is the engineering implementation fragility inside the Z₂ boundary — agent_signature / supporter_signature / holder_signature three types are mandatorily distinguished at the credential schema layer; EU AI Act §5(1)(b) and DSA Art 25 enforcement extension to wallet scenarios for manipulative techniques and dark patterns; F1's RT-ℬ ✗ normative education form a three-party cooperative mitigation. Even with all three in place, agent and supporter role slide will still occur in practice. The CF5 objection, read carefully, supports the strengthened thesis's commitment gap for F1 boundary — working thesis has no engineering bearing for F1 boundary under CF5 alone; strengthened thesis blocks engineering bypass through three critical-path mitigations but still acknowledges conditional failure of boundary maintenance. This is F3's most concrete extension of F1's conclusion, leading to specific recommendations for TW DIW before entering the LLM-agent phase: supporter sub-account specifications and conformance test adding agent-mediated consent detection.

Once the objections are absorbed, what remains are design implications — under what conditions can the four UX engineering primitives be translated into verifiable engineering or legal obligations? Six conditions translate the abstract "F2 V_receipt upgraded to V_receipt' at the UX layer" into testable provisions, while filling in the C7–C10 sub-clause positions of V_ux plus cross-layer obligations. The six conditions constitute the concrete expansion of the V_ux structure across engineering / legal / normative layers — cognitive load bound (≤ 3 attribute group + progressive disclosure + issuer defaults), dark patterns firewall (D function determination + 10s scope change delay + symmetric layout + EDPB D1–D7), capacity-aware downgrade (at least one of three alternative pathways + 6-month reassessment + comprehension_attestation separation), supporter role separation (signature separation + verificationMethod separation + supporter ∉ subject keypair), working / strengthened thesis strict distinction plus three critical-path mitigations, F1 RT-ℬ ✗ / AA-ℬ ✗ boundary explicit statement and CF5 LLM-agent substitute limited to Z₂.

procedural conditions

Translating F3's four UX engineering primitives into verifiable engineering or legal obligations requires passing six conditions

deployable_ux(r) ⇔ V_cognitive(r) ∧ V_dark_patterns(r) ∧ V_capacity(r) ∧ V_supporter(r) ∧ V_thesis_layer(r) ∧ V_f1_boundary(r)

V_cognitive — ≤ 3 attribute group + progressive disclosure + issuer-supplied defaults

UX1 progressive_disclosure_ui must adopt three-part conjunctive design — attribute_count ≤ cognitive_load_threshold = 3 (analytical recommendation value derived from Cowan 4±1 plus wallet three conservative coefficients, pending calibration from EUDI POTENTIAL / EWC / DC4EU / NOBID LSP final reports), display_layers ≥ 2 (three progressive disclosure variants wizard / accordion / paginated lack comparative studies in wallet scenarios; recommend "wizard + accordion review at final step"), issuer_supplied_defaults ≠ ∅ ∨ per_item_override = true (issuer provides privacy-conservative default + per_item_override must enable reverse operation not limited to submit action). WEIRD sample bias is a known gap; cross-cultural application requires explicit honesty boundary statement. Individual differences (age / education / digital literacy / language) affecting attribute group ceiling is §11 open question O8.

V_cognitive: r.ux.attribute_count ≤ 3 ∧ r.ux.display_layers ≥ 2 ∧ (r.ux.per_item_override = true ∨ r.ux.issuer_supplied_defaults ≠ ∅)

V_dark_patterns — OpenID4VP scope change ≥ 10s mandatory delay + symmetric option layout + EDPB D1–D7

UX2 dark_patterns_firewall must adopt seven normative requirements conjunctively — D1 scope change mandatory delay ≥ 10s with accept button disabled during period; D2 symmetric option layout accept / reject same size ±5%, same font, same colour contrast, same z-order; D3 necessary information disclosure (attribute / verifier identity / purpose / retention period / third-party forwarding chain); D4 high-stakes two-step confirmation (mandatory two-step for sensitive attributes such as salary / address / political affiliation); D5 withdrawal path symmetry (withdrawal click count ≤ consent click count); D6 pre-check and nudge prohibited (no pre-ticking; no one-click accept while reject requires multiple layers); D7 terminology plain-language (provide A2 reading level equivalent explanation for selective disclosure / ZK). D function (dark patterns binary detection) specific algorithm is §11 open question O9; EDPB Guidelines 03/2022 are descriptive not machine-executable. D1's 10-second ceiling is an estimated value pending conformance test validation. EU AI Act §5(1)(b) wallet applicability is conditional; pending AI Office implementing guidance 2026 Q4.

V_dark_patterns: D(r.ux.verifier_policy_hash) = 0 ∧ r.ux.scope_change_delay_ms ≥ 5000 ∧ r.ux.symmetry_check = true ∧ ∀ p ∈ {D1..D7} : enforced(p)

V_capacity — at least one of three alternative pathways + 6-month reassessment + comprehension_attestation and chooser_signature separation

UX3 capacity_aware_consent must adopt at least one of three alternative pathways (self-assessment / supporter-triggered / issuer-side-hint), with 6-month capacity reassessment (CRPD §29 regular review) and KeyDistinct constraint of comprehension_attestation against chooser_signature. Tradeoffs of three pathways — pathway (i) wallet-self-assessment: GDPR Art 9 special category data compliance uncertainty (Art 9(2)(g) public interest exception justification pending CJEU ruling, §11 open question O15); pathway (ii) supporter triggered: voluntary guardianship legal bearing gap (supporter certification procedures not yet legalised in most OECD jurisdictions, §11 open question O21); pathway (iii) issuer-side hint: fundamental tension with CRPD §29 functional test prohibition (limited to holder active opt-in; CRPD Committee acceptance unknown, §11 open question O16). No single pathway can independently complete capacity-aware downgrade. ui_downgrade_level adopts capacity_state conditional (full → none / moderate → simplified ∨ supporter-required / severe ∨ terminal → supporter-required ∨ blocked).

V_capacity: ∃ path ∈ {wallet-self-assessment, supporter-triggered, issuer-side-hint} : path satisfies CRPD GC1 §29  ;  (now − r.ux.capacity_timestamp) ≤ 180 × 86400  ;  KeyDistinct(r.ux.comprehension_attestation.key, r.chooser_signature.key) = true

V_supporter — comprehension_attestation.signer ≠ chooser_signature.signer + supporter ∉ subject keypair

UX4 supporter_ui_three_layer must adopt three independent cryptographic objects — (a) Comprehension Attestation (VC type ComprehensionAttestationCredential; issuer is supporter DID; proof uses assertionMethod purpose), (b) Operation Assist Trace (pure UX behaviour log; not on-chain; not in VC), (c) Chooser Signature (VP-level proof; purpose authentication; signed by subject private key). UI layer three independent widgets (Comprehension / Operation Assist / Decision) must have touch isolation. signatures_disjoint = true and VerificationMethodDisjoint = true are two cryptographic hard constraints. supporter_role_scope ∈ {family, social-worker, care-staff, trust-representative, peer, other} must be registered and declared with conflict-of-interest disclosure. F2 §5.3 Design B (threshold signatures with supporters in quorum) violating CRPD §28 is reaffirmed in F3 and not adopted. Offline substitute-signing attack surface is a known gap (§11 open question O4); malicious scenarios covered by F1 §5.4 audit-by-design + revocation_endpoint. Hardware-backed signatures_disjoint enforcement in mobile wallets is a known engineering gap.

V_supporter: r.ux.signatures_disjoint = true ∧ r.ux.supporter_did ≠ r.subject_did ∧ SigVerify(r.ux.subject_signature_l3, r.subject_did) = true ∧ VerificationMethodDisjoint(r.ux.supporter_signature_l1, r.ux.subject_signature_l3) = true

V_thesis_layer — strict distinction between working thesis and strengthened thesis + three critical-path mitigations

F3 adopts the strengthened thesis as the formal position; the working thesis serves only as the starting point of argumentation and stress test comparison. The working thesis (without mitigations) empirically fails under either CF2 (dark patterns replay) or CF5 (LLM-agent substitute) triggering alone. The strengthened thesis (including three critical-path mitigations — mitigation 1 UX-agility by design for CF1 + CF2; mitigation 2 threshold signatures + court-supervised downgrade for CF3 + CF4; mitigation 3 agent vs. supporter cryptographic split + AgentDelegationProof institutionalisation for CF5) retains core functionality under the extreme scenario of all five CFs triggering simultaneously (first segment: baseline progressive disclosure + supporter UI framework fully retained; second segment: CRPD §29 fulfillability reinforcement at-scale timeline extended by ≥ 10 years; third segment: LLM-agent boundary maintenance conditionally failing). "Retaining core" must not be misread as "all four primitives unaffected" — T_UX3–T_UX4 conditionally fail under simultaneous CF3 + CF4 triggering. Three critical-path mitigation deployment timelines — mitigation 1: 2026–2028 W3C / IETF / EUDI ARF standards integration / 2028–2030 wallet and verifier engineering implementation / 2030–2032 dark patterns automated conformance; mitigation 2: 2026–2028 BLS threshold in W3C VC v2.0 / IETF JOSE/COSE standards integration / 2028–2030 EUDI ARF and each country's wallet implementation / 2030–2032 supporter wallet government distribution; mitigation 3: 2027–2029 W3C VC + EUDI ARF agent_signature structure / 2028–2030 EDPB + AI Office wallet scenario joint guidance / 2029–2032 enforcement-grade implementation.

V_thesis_layer: strengthened_thesis ≜ working_thesis ∧ UX_agility ∧ threshold_with_court_anchor ∧ agent_vs_supporter_crypto_split  ;  ∀ CFᵢ , strengthened_thesis ⊨ partial_survival(CFᵢ)  ;  working_thesis ⊭ survive(CF2 ∨ CF5)

V_f1_boundary — F1 RT-ℬ ✗ / AA-ℬ ✗ boundary explicit statement + CF5 LLM-agent substitute limited to Z₂

F3's four UX engineering primitives operate entirely within the Z₂ (conditionally delegable zone) scope; no claim is made that any UX engineering can reach F1's RT-ℬ ✗ (responsibility bearing requires first-personal mens rea) and AA-ℬ ✗ (contestation bearer requires Pettit active-stance) two cells. T2' has already formalised "∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} , ¬∃ σ_ux ⊆ {UX1, UX2, UX3, UX4} : P_degrade(cell, σ_ux) ≤ θ_2." UX1 progressive_disclosure_ui can reduce cognitive load but cannot generate first-personal mens rea. UX2 dark_patterns_firewall can protect holders from being misled but cannot generate contestation's active-stance — this is ontological incapacity; UX engineering cannot reach it. CF5's impact on F1's two boundaries is "engineering implementation-level extension honesty boundary" not bypass — agent and supporter role slide is engineering implementation fragility inside the Z₂ boundary, maintained by four-part design conjunctively: F1 §7.3.1 AgentDelegationProof + presentationOrigin tag + separation of comprehension_attestation and chooser_signature + agent vs. supporter cryptographic split. Any claim that "UX engineering primitives can solve the fundamental accountability problem of AI agents" violates T2'.

V_f1_boundary: ∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} , ¬∃ σ_ux ⊆ {UX1, UX2, UX3, UX4} : P_degrade(cell, σ_ux) ≤ θ_2  ;  CF5 ⇒ Z₂_internal_engineering_extension ∧ ¬bypass(F1 RT-ℬ ✗ ∨ F1 AA-ℬ ✗)

Drawing together seven layers — V_ux function, four UX primitives, critical path and feedback loops, three objections, six conditions, CRPD §29 constraint, and T2' boundary — the map ultimately argues three things that must simultaneously hold before any commitment can be made: UX layer fulfillability is not equal to UI layer visual quality; the conditional validity of four UX engineering primitive implementation; CF5's engineering implementation-level extension of F1 boundaries (not bypass); and separate recommendations for three target reader groups (UX engineering community / CRPD policy researchers / disability policy scholars). For readers in Taiwan: if the TW DIW lacks capacity-aware UX and supporter UI three-layer separation before entering the LLM-agent phase, the degradation pathway of A15 §6.2's three default presuppositions in dementia scenarios will trigger on the very first day of the mandatory wallet phase. Specific recommendations: DIW v1.0 spec to explicitly include capacity-aware UX provisions + supporter sub-account specifications + EUDI Phase 2 conformance adding dark patterns automated detection.

Conditional validity of four UX engineering primitive implementation. The conditional validity of F2's four cryptographic engineering primitives at the cryptographic selection / long-term preservation / court admissibility / cross-border mutual recognition four layers has as its premise Informed(holder, r) — without UX engineering correction, this premise cannot be fulfilled under four cognitive-normative bottlenecks. The specific bottlenecks are — Miller / Cowan cognitive ceiling plus cognitive load theory in multi-attribute selective disclosure scenarios makes informed consent P(informed_consent) < θ_inform when attribute_count > 3; verifier policy dark patterns identically replay the GDPR cookie banner eight-year failure in wallet scenarios (Nouwens 2020 UK Top 10k compliance rate 11.8%, Sanchez-Rola 2019 reject still tracking 49%, Matte 2020 54% violating at least one GDPR provision); capacity fluctuation invalidates "previously informed consent" and with mechanism-based likelihood medium-high (conservatively ≥ 50%) degrades to substituted; supporter intervention boundary ambiguity causes "assisting understanding" to slide into "deciding on behalf." V_receipt is upgraded in F3 to V_receipt' ≜ V_receipt ∧ V_ux, the latter conjunctively borne by four UX engineering primitives. Any one missing raises F2 SA2 CRPD §29 reverse-use risk to high. "≤ 3 attribute group" and θ_inform = 0.5 are analytical recommendation values, pending calibration from EUDI POTENTIAL / EWC / DC4EU / NOBID LSP final reports on ecologically valid pilot studies in wallet scenarios.

CF5's engineering implementation-level extension of F1 boundaries (not bypass). F3's four UX engineering primitives operate entirely within the Z₂ (conditionally delegable zone) scope; no claim is made that any UX engineering can reach F1's RT-ℬ ✗ and AA-ℬ ✗ two cells. T2' has already formalised "no UX primitive subset exists that makes degradation probability P_degrade fall below threshold θ_2" — UX1 progressive_disclosure_ui can reduce cognitive load but cannot generate first-personal mens rea; UX2 dark_patterns_firewall can protect holders from being misled but cannot generate contestation's active-stance. CF5 LLM-agent substitute handles engineering implementation fragility inside the Z₂ boundary — agent slides between "assisting understanding" and "deciding on behalf" with every wallet operation; the boundary exists at the user subjective layer, not the cryptographic layer. F1 §7.3.1 AgentDelegationProof plus presentationOrigin tag plus separation of comprehension_attestation and chooser_signature plus agent vs. supporter cryptographic split four-part design jointly maintain the cryptographic boundary. F1 RT-ℬ ✗ and AA-ℬ ✗ remain intrinsic non-delegable conclusions; this paper does not modify them. CF5's LLM-agent substitute "limited to Z₂ extension, not bypassing F1 conclusion" is F3's "engineering implementation-level extension honesty boundary" for F1's boundary conclusion.

Strict distinction between working thesis and strengthened thesis; separate recommendations for three target reader groups bear the survival gap. F3 working thesis (without mitigations) empirically fails under either CF2 or CF5 alone. F3 strengthened thesis (including three critical-path mitigations — UX-agility by design, threshold signatures + court-supervised downgrade, agent vs. supporter cryptographic split + AgentDelegationProof institutionalisation) retains core functionality under the extreme scenario of all five CFs triggering simultaneously (first segment: baseline progressive disclosure + supporter UI framework fully retained; second segment: CRPD §29 fulfillability reinforcement at-scale timeline extended by ≥ 10 years; third segment: LLM-agent boundary maintenance conditionally failing). F3 main text adopts the strengthened thesis as the formal position; the working thesis serves only as the starting point of argumentation and stress test comparison. For the CRPD Committee — should issue a General Comment supplementary explicitly clarifying: supporter scope boundary (not limited to family), safeguard requirements for supporter triggered downgrade, and the functional test violation boundary of issuer-side capacity hint. For EUDI Phase 2 — conformance suite should include dark patterns automated detection and supporter UI three-layer separation conformance testing before 2026 Q3. For three target reader groups — UX engineering community / CRPD policy researchers / disability policy scholars — separate recommendations are detailed in §12.3. A specific warning for Taiwan's TW DIW before entering the LLM-agent phase — without capacity-aware UX and supporter UI three-layer separation, the degradation pathway of A15 §6.2's three default presuppositions in dementia scenarios will trigger on the very first day of the mandatory wallet phase; DIW v1.0 spec should explicitly include capacity-aware UX provisions + supporter sub-account specifications + EUDI Phase 2 conformance adding dark patterns automated detection.

Final form:
  V_receipt'(r) ⇔ V_receipt(r) ∧ V_ux(r)                              (extend F2)
  V_ux(r)      ⇔ V_cognitive(r) ∧ V_dark_patterns(r) ∧ V_capacity(r) ∧ V_supporter(r)
               ≡ C7 ∧ C8 ∧ C9 ∧ C10

  C7 V_cognitive     : attribute_count ≤ 3 ∧ progressive_disclosure ∧ issuer_defaults
  C8 V_dark_patterns : D(verifier_policy_hash) = 0 ∧ scope_change_delay ≥ 10s ∧ symmetric_layout
                      ∧ ∀ p ∈ {D1..D7} : enforced(p)
  C9 V_capacity      : ∃ path ∈ {self_assess, supporter_trigger, issuer_hint} : path ⊨ CRPD §29
                      ∧ reassessment ≤ 180d
                      ∧ KeyDistinct(comprehension_attestation, chooser_signature)
  C10 V_supporter    : signatures_disjoint = true ∧ supporter_did ≠ subject_did
                      ∧ chooser_signature.signer = subject_did
                      ∧ VerificationMethodDisjoint(supporter_signature_l1, subject_signature_l3)

  Definitions:
    D : verifier_policy → {clean, dark}                  (EDPB 03/2022 + EU AI Act §5(1)(b))
    CDR ≥ 2 ⇒ require(V_capacity downgrade path activated)
    Supporter ∈ {family, social_worker, care_worker, trustee, peer, other} ≠ Guardian

  CriticalPath_UX : UX1 →[D7] UX2 →[D8] UX3 →[D9] UX4    (linear closure)
  FeedbackLoop    : SA3 → SA4 (capacity → supporter widget auto-load)
                    SA4 → SA1 (supporter intervention → attribute_count cap 3 → 2)

  T_UX1 : attribute_count > 3 ⇒ Pr(informed_consent) < θ_inform ≈ 0.5
  T_UX2 : D = 1 ⇒ V_ux = false ⇒ V_receipt' = false ⇒ CRPD §29 reverse_use_risk = high
  T_UX3 : capacity ∈ {moderate, severe, terminal} ∧ downgrade = none
          ⇒ Pr(supported → substituted) ≥ θ_2 ≈ 0.7
  T_UX4 : signatures_disjoint ∧ VerificationMethodDisjoint
          ⇒ ¬CryptographicallyCollapsible(supporter, subject, r)

  T2' (F3 extended Z₃-intrinsic unreachable lemma) :
    ∀ cell ∈ {RT-ℬ ✗, AA-ℬ ✗} ,
      ¬∃ σ_ux ⊆ {UX1, UX2, UX3, UX4} : P_degrade(cell, σ_ux) ≤ θ_2

  Stress Test:
    CF1 (Cowan revision)        ⇒ ≤ 3 → ≤ 1-2 ;  UX-agility mitigation
    CF2 (cookie banner replay)  ⇒ AI Act §5(1)(b) + EDPB enforcement-grade mitigation
    CF3 (all three pathways fail)   ⇒ threshold signatures + court-supervised downgrade fallback
    CF4 (supporter hardware gap) ⇒ wallet sub-account + government-distributed supporter wallet
    CF5 (LLM-agent substitute)   ⇒ Z₂ internal extension ≠ crossing F1 Z₃

  strengthened_thesis ≜ working_thesis ∧ UX_agility ∧ threshold_with_court_anchor ∧ agent_vs_supporter_crypto_split
                      ⊨ partial_survival(CF1 ∧ CF2 ∧ CF3 ∧ CF4 ∧ CF5)
  working_thesis ⊭ survive(CF2 ∨ CF5)

  CRPD GC1 §29 ≜ hard_constraint(audit_trail)
  ¬ reverse_use(§29 → §12 violation) under strengthened_thesis
  Z₂ ⊨ V_ux-deployable                ;   Z₃-intrinsic ⊭ V_ux-deployable   (T2' boundary)

  Time-staging:
    UX-agility           : 2026-2028 W3C / IETF / EUDI ARF standards integration / 2028-2030 engineering implementation / 2030-2032 conformance
    threshold + court    : 2026-2028 BLS threshold W3C / IETF standards integration / 2028-2030 EUDI ARF and wallet implementation /
                           2030-2032 government-distributed supporter wallet
    agent vs supporter   : 2027-2029 W3C VC + EUDI ARF agent_signature structure /
                           2028-2030 EDPB + AI Office wallet scenario joint guidance / 2029-2032 enforcement-grade

Argdown

Formal Render

HTML Source

The Cognitive Limits of Selective Disclosure UX: Human Factors Bottleneck of Auditable Engineering Primitives Argdown graph

Source

===
title: 選擇性揭露的 UX 認知極限：可審計工程原語的人因瓶頸
subTitle: Selective Disclosure UX Failure — Argument Map (v2)
slug: 2026-05-11-selective-disclosure-ux-failure
author: research-article-pipeline argdown export
model:
  removeTagsFromText: true
===

# Central Thesis

[Core Thesis]
  + <Formal Core>
  + [Accepted]
  + <P1>
  + <P2>
  + <P3>
  + <P4>
  + <P5>
  + <Causal Chain>
  + [Deployment Conditions]
  + <Conclusion>
  - [Rejected]
    - [Accepted]
  + [Accepted]
  - [Objection 1]
    - <Reply 1>
  + <Reply 1>
  - [Objection 2]
    - <Reply 2>
  + <Reply 2>
  - [Objection 3]
    - <Reply 3>
  + <Reply 3>

[Core Thesis]: F2 四原語（cryptosuite preservation admissibility recognition）在密碼學 法律層成立，但於 UX 層大規模退化——SD 的 Informed(holder, r) 假設在四道認知-規範瓶頸下無法履行 (i) Miller 7 2 Cowan 2001 working memory 4 1 Sweller cognitive load theory 使 selective disclosure 多選項決策在 attribute count 3 即顯著退化 (ii) consent fatigue 與 dark patterns 在 wallet 場景同型重演 GDPR cookie banner 八年失敗（Nouwens 2020 UK Top 10k 合規率 11.8%） (iii) capacity 變動使「曾經 informed」失效，CDR 2 場景以 mechanism-based likelihood medium-high（保守 50%，待 pilot study 校準）退化為 substituted (iv) supporter 介入邊界模糊使「協助理解」滑入「代為決定」。落地需四件 UX 工程原語 UX1 progressive disclosure ui UX2 dark patterns firewall UX3 capacity aware consent UX4 supporter ui three layer，以 V ux C7 C8 C9 C10 合取承擔 V receipt V receipt V ux 為升級後可驗條件。四件構成 F2 critical path「實際可履行性」層補強，缺一即 F2 SA2 CRPD 29 反向使用風險升至 high。working thesis 與 strengthened thesis 嚴格區分 後者透過 UX-agility by design、threshold signatures 加 court-supervised downgrade、agent 與 supporter 密碼學區分加 AgentDelegationProof 制度化三大緩解 critical path 在 5 CF 全觸發下保留第一段 baseline、第二段時程外推 10 年、第三段條件性失效。F1 RT-ℬ AA-ℬ 兩條常駐型邊界以擴充定理 T2 明示——任何 UX 原語子集合皆無法觸及。 #thesis

<Formal Core>: Formula V receipt (r) V receipt(r) V ux(r) (extend F2) V ux(r) V cognitive(r) V dark patterns(r) V capacity(r) V supporter(r) C7 C8 C9 C10 C7 V cognitive(r) attribute count(r) 3 progressive disclosure(r) issuer defaults(r) C8 V dark patterns(r) D(r.verifier policy hash) 0 scope change delay 10s symmetric layout(r) p forbidden patterns p ExtractPatterns(r.verifier policy hash) C9 V capacity(r) path self assess, supporter trigger, issuer hint path satisfies CRPD GC1 29 KeyDistinct(comprehension attestation.key, chooser signature.key) C10 V supporter(r) comprehension attestation.signer chooser signature.signer chooser signature.signer subject did supporter did subject did VerificationMethodDisjoint(supporter signature l1, subject signature l3) Definitions D verifier policy clean, dark (EDPB Guidelines 03 2022 EU AI Act 5(1)(b)) CDR 2 require(V capacity downgrade path activated) Supporter family, social worker, care worker, trustee, peer, other Guardian CriticalPath UX UX1 D7 UX2 D8 UX3 D9 UX4 (linear closure) FeedbackLoop SA3 SA4 (capacity 自動觸發 supporter widget) SA4 SA1 (supporter 介入後 attribute count 上界 3 2) T UX1 p , attribute count(p) 3 Pr(informed consent(p) true) θ inform 0.5 T UX2 r , D(r.verifier policy hash) 1 V ux(r) false V receipt (r) false CRPD 29 reverse use risk(r) high T UX3 holder h , receipt r , capacity state(h) moderate, severe, terminal ui downgrade level(r) none Pr(supported substituted) θ 2 0.7 T UX4 r , signatures disjoint(r) true VerificationMethodDisjoint true CryptographicallyCollapsible(supporter, subject, r) T2 (F3 擴充版 Z₃-intrinsic 不可達引理) cell RT-ℬ , AA-ℬ , σ ux UX1, UX2, UX3, UX4 P degrade(cell, σ ux) θ 2 StressTest CF1..CF5 working thesis strengthened thesis strengthened thesis working thesis UX agility threshold with court anchor agent vs supporter crypto split partial survival(CF1 CF2 CF3 CF4 CF5) working thesis survive(CF2 CF5) Caption V ux 由 C7-C10 四道條件合取定義，每條對應一件 UX 工程原語 V receipt 把 F2 V receipt 升級為含 UX 履行性的擴展函數。CriticalPath UX 為 UX1 UX2 UX3 UX4 線性閉包，搭配 SA3 SA4 與 SA4 SA1 兩條反饋環路 UX layer 之 critical path 非 DAG 而是含有限循環的系統圖，循環在 schema 層由 signatures disjoint true 與 capacity state 單調退化兩個不變式靜態消除。T UX1 T UX4 把四件原語的承載條件化為形式定理 T2 把 F1 RT-ℬ AA-ℬ 邊界擴展至 UX 原語層級——任何 UX 子集合皆無法緩解此兩 cell。CF1 CF5 把 working thesis 與 strengthened thesis 拉開 後者透過三大緩解 critical path 在 5 CF 全觸發下保留第一段 baseline、第二段時程外推 10 年、第三段條件性失效。 #formal

[Accepted]: selective disclosure 的 informed consent 由四件 UX 工程原語以 V ux 合取承擔，是密碼學與法律之外獨立的第三承載層. F2 V receipt 已建立 14 欄位 schema 與 C1-C6 六道合取條件，並以 Informed(holder, r) 為其未被形式化的前提（F2 3.4、F2 11 待開發 6.4）。F3 把這個前提展開為四個合取子句 C7-C10，每子句對應一件 UX 工程原語 C7 V cognitive 由 UX1 progressive disclosure ui 承擔、C8 V dark patterns 由 UX2 dark patterns firewall 承擔、C9 V capacity 由 UX3 capacity aware consent 承擔、C10 V supporter 由 UX4 supporter ui three layer 承擔。V receipt 在 F3 升級為 V receipt V receipt V ux，並使 critical path 在「presentation 時點」延伸出 holder-side 履行鏈。四件 UX 工程原語對應的密碼學承載——UX1 對應 W3C VCDM v2.0 4.12 securing mechanisms 與 DIF PE v2.1 submission requirements UX2 對應 OpenID4VP draft-23 draft-24 之 presentation definition 與 transaction data extension UX3 對應 EUDI Wallet ARF 2025-12 iteration 6.6.3.9 user binding UX4 對應 W3C DID Core v1.0 5 verificationMethod 與 8 controller-subject 分離。 #accepted

[Rejected]: selective disclosure 的 informed consent 是 UI 設計選擇，由 wallet UX 團隊承擔. 把 selective disclosure 之 informed consent 視為 wallet UI UX 團隊的設計選擇，由視覺對比、按鈕標籤、字級調整、動畫流暢度承擔 只要 UI 順手且符合 EUDI ARF 6.6.3 之 unambiguous granular prior 三要素表面要求，holder informed consent 即成立。在這個分類下，認知負荷上界由 wallet 廠商自行斟酌、dark patterns 由市場競爭自然淘汰、capacity 變動由家屬代行解決、supporter 角色由 iOS Family Sharing 或 Android Family Link 既有設施承載。混淆 UI 與 UX 履行性帶來三個論證代價——其一，GDPR cookie banner 在 2018-2024 八年內證明「規範到位、UI 工程自治」之失敗（Nouwens 2020 UK Top 10k 合規率僅 11.8%、Sanchez-Rola 2019 reject 後仍 tracking 49%） 其二，POTENTIAL UC6 mid-term report 2025-09 顯示 122 名 65 受測者中 47 人把 PIN 直接交給家屬代為操作、且 0 122 wallet 提供 supporter co-presence widget，UI 設計選擇無法防止 substituted 退化 其三，CRPD 29 audit trail 對「supported substituted 可區分性」的要求若僅由 UI 承擔，audit trail 在 30 年保存窗口內反過來成為「holder 同意此 dark pattern 之證據」（T UX2 已形式化）。 #rejected

<P1>: Title V ux 函數與四件原語 schema 構成 UX 履行性的形式骨架 Section 3 — 演繹（V ux 函數 四件 UX 原語 schema T UX1-T UX4 T2 ） Role 提供合取分析骨架——若 V ux 與 V receipt 不能形式化為函數，四件 UX 原語只能停在語言層 若四條定理 T UX1-T UX4 與 T2 不明示，「F1 RT-ℬ AA-ℬ 邊界 UX 不可達」就只是修辭，CF5 的「LLM-agent 補位」會被讀為對 F1 結論的繞過。 四件 UX 工程原語每件至少六個欄位，採與 F2 3.1 一致的兩層計數規約（欄位群 leaf field）——UX1 progressive disclosure ui 涵蓋 attribute count cognitive load threshold 3 display layers 2 issuer supplied defaults per item override disclosure session id attribute groups comprehension checkpoint 等欄位 UX2 dark patterns firewall 涵蓋 verifier policy hash forbidden patterns pattern detection result scope change delay ms 5000 symmetry check minimum info disclosure ref eu ai act art ref edpb guideline audit log endpoint UX3 capacity aware consent 涵蓋 capacity state（full mild moderate severe terminal） capacity assessment method（wallet-self-assessment supporter-triggered issuer-side-hint） reassessment period days 180 ui downgrade level downgrade trigger rule comprehension attestation ref crpd gc1 section UX4 supporter ui three layer 涵蓋 layer 1 comprehension aid layer 2 operation interface layer 3 decision bearing supporter signature l1 subject signature l3 l2 signature signatures disjoint true supporter role scope ref did verificationmethod。V ux 由 C7-C10 四道合取定義 T UX1 把 attribute count 3 Pr(informed consent) θ inform 形式化 T UX2 把 D 1 V ux false CRPD 29 反向使用風險 high 形式化 T UX3 把 capacity state moderate, severe, terminal ui downgrade level none Pr(supported substituted) θ 2 形式化 T UX4 把 signatures disjoint true CryptographicallyCollapsible(supporter, subject, r) 形式化 T2 擴充 F2 定理 T2，斷言任何 UX 子集合皆無法觸及 RT-ℬ AA-ℬ 。 Finding V ux 函數加上四件原語 schema 加上 T UX1-T UX4 與 T2 構成 F3 對 F2 V receipt 的形式延伸 下游 writer 不可主張 UX 原語可解決 AI 代理根本責任問題（違反 T2 ），亦不可把 informed consent 化約為 UI polish（違反 T UX1）。 Formal V ux(r) i 7..10 Cᵢ(r) V receipt (r) V receipt(r) V ux(r) T UX1 attribute count 3 Pr(informed) θ inform T2 cell RT-ℬ , AA-ℬ , σ ux P degrade(cell, σ ux) θ 2 #pillar

<P2>: Title 認知負荷上界由 Cowan 4 1 加 wallet 三保守係數推至 3 attribute group Section 4 — 歸納 因果（Miller Cowan Sweller wallet 場景三保守係數） Role 提供 SA1 認知負荷上界的歸納因果論證——若不把 Miller 7 2 修訂為 Cowan 2001 working memory 4 1，「 3 attribute group」會被讀為任意選擇 若 wallet 場景的 time pressure dual-task stakes 三項保守係數不明示，cognitive load theory 在 wallet 場景的 ecological validity gap 會被忽略 若 default 與 nudge 的不對稱影響不釘住，issuer-supplied defaults 在 GDPR Art 25 與 holder autonomy 之間的張力會被遺漏。 Miller 1956 之 7 2 在 Cowan 2001 Behavioral and Brain Sciences 24(1) target article 中以三項修訂取代——其一，7 2 混淆 short-term memory（被動儲存）與 working memory（主動操弄）兩個構念 其二，working memory 上界為 4 1，在控制 chunking rehearsal long-term memory 介入後相當穩定 其三，focus of attention 是 working memory 容量的關鍵調節變數。Cowan 2010 進一步指出 dual-task 條件下 working memory 容量降至 3 1、time pressure 條件下進一步壓至 2-3。Baddeley 1992、2003 working memory 模型在此提供細部機制——wallet 多 attribute 決策同時佔用 visuospatial sketchpad（attribute label 圖像解析、verifier logo 識別、按鈕位置追蹤）與 central executive（必要性評估、後果推理、揭露 trade-off）。Sweller 1988、Sweller Chandler 1994 之 cognitive load theory 三分（intrinsic extraneous germane）對 wallet 場景的對應——intrinsic load 相對固定、extraneous load 是工程可控變數、germane load 在 wallet 場景幾乎不存在。由 Cowan 4 1 推到 wallet 場景的 3，本文採三項保守係數——time pressure（公共場合決策時間 3-30 秒）、dual-task（背景感知 決策評估同時佔用 central executive）、stakes 不可逆（揭露的屬性無法收回，且 Acquisti Brandimarte Loewenstein 2015 顯示 privacy decision-making 對 framing anchoring default 之敏感度顯著高於其他領域）。 3 為「分析性建議數」非實驗測得 POTENTIAL UC6 mid-term report 2025-09 顯示「2 5 group 場景正確識別率從 80% 降至 50%」雖未直接驗證「3」切點，但與 Cowan 4 1 加三保守係數推估方向一致。WEIRD 樣本偏見構成誠實邊界。issuer-supplied defaults 必須是 privacy-conservative（揭露最少屬性、反向揭露為 override） CRPD 29 之「自主」不等於「無預設」，而是 holder 在 cognitive load 可履行範圍內仍能行使選擇權。 Finding Cowan 4 1 加上 wallet 三保守係數推估出 3 attribute group 為 SA1 上界 progressive disclosure 三種變體（wizard accordion paginated）在 wallet 場景缺乏對照研究是已知 gap issuer-supplied defaults 加 per-item override 加上 privacy-conservative 預設構成 nudge 的保護機制設計。 Formal C7 attribute count 3 progressive disclosure issuer defaults T UX1 attribute count 3 Pr(informed) θ inform 0.5 Cowan WM 4 1 wallet WM eff 2-3 (time pressure dual task stakes irreversible) #pillar

<P3>: Title dark patterns 在 wallet 場景同型重演 GDPR cookie banner 失敗，由 D1-D7 七項 normative requirement 防護 Section 5 — 歸納 類比（GDPR cookie banner 八年失敗 Mathur 2019 五案件） Role 提供 SA2 同型重演的歸納類比論證——若 GDPR cookie banner 八年實證未被引為基底（Nouwens 2020 UK Top 10k 11.8% Matte 2020 54% Sanchez-Rola 2019 reject 後仍 tracking 49%），「wallet 場景會重演 cookie banner」會被讀為類比推論而非工業實證 若 dark patterns 範疇不明示廣於 GDPR Art 5(1)(a) 透明度違反，EU AI Act 5(1)(b) 與 DSA Art 25 的延伸 enforcement 路徑會被讀為過度擴張 若五案件 case-tracing（FTC v Epic FTC v Amazon Prime CNIL v Google Apple ATT EU v Meta DSA）未對位 D1-D7，七項 normative requirement 會被讀為憑空構造。 Brignull 2010 之 11 類、Mathur 2019 之七類精煉（sneaking urgency misdirection social proof scarcity obstruction forced action）、Gray 2018 之五策略、Mathur Kshirsagar Mayer 2021 之五項 normative attribute、EDPB Guidelines 03 2022 之六大類別、EU AI Act 5(1)(b) 之 subliminal or manipulative techniques 構成 dark patterns 學術 taxonomy 四源並集。GDPR cookie banner 八年（2018-2024）工業統計——Nouwens 2020 UK Top 10k 合規率 11.8% Matte 2020 1426 個歐盟網站 54% 違反至少一項 GDPR Sanchez-Rola 2019 2000 個網站 reject 後仍 tracking 49% accept 一鍵 vs reject 多層 92% asymmetric Utz 2019 六個 A B 實驗 nudge 對 consent rate 影響 22.2 pp Habib 2020 平均 5.6 click noyb 2024 EU 31 國 800 sites Art 7 違規率 67% CNIL SAN-2022-021 022 對 Google Microsoft 合計 210M 罰款 FTC v Epic Games 2022 245M 賠償。wallet 場景同型重演（structural homomorphism、非直接適用）四個機制——(a) OpenID4VP scope 變更使 input descriptor 在每次 request 變動產生 scope creep (b) verifier policy chain transitive consent 在第二、三層未強制 (c) re-consent fatigue（Bohme Köpsell 2010 80,000 受試者實驗證明重複曝光使 acceptance rate 顯著升高，Luguri Strahilevitz 2021 aggressive dark patterns 將接受率從 11% 推升至 41.9%） (d) terminology obscurity（Utz 2019 量測 41% 受試者不理解 legitimate interest，wallet 場景術語密度更高）。對位 EDPB Guidelines 03 2022 六大類，本文主張 D1（scope 變更強制延遲 10s） D2（對稱選項佈局 5%） D3（必要訊息揭露） D4（高 stakes 二步確認） D5（撤回路徑對稱性） D6（禁止預勾與 nudge） D7（terminology plain-language A2 reading level）七項 normative requirement 寫入 OpenID4VP 1.0 與 EUDI Wallet ARF 後續 iteration。五案件 case-tracing（FTC v Epic Games 2022 FTC v Amazon Prime 2023 CNIL v Google Microsoft 2022 Apple ATT 2021- EU v Meta DSA 2024-）為 D1-D7 提供 enforcement 對位。 Finding dark patterns 在 wallet 場景同型重演的四個機制（scope creep transitive consent re-consent fatigue terminology obscurity）由 D1-D7 七項 normative requirement 對位防護 T UX2 把 D 1 V ux false CRPD 29 反向使用風險 high 形式化 EU AI Act 5(1)(b) 對 wallet 之適用為條件性（待 AI Office implementing guidance 2026 Q4），DSA Art 25 對 wallet endpoint 適用邊界須查。 Formal C8 D(verifier policy hash) 0 scope change delay 10s symmetric layout p D1..D7 enforced(p) T UX2 D 1 V ux false CRPD 29 reverse use risk high homomorphism (cookie banner wallet consent) direct applicability #pillar

<P4>: Title capacity-aware UX 由三條替代路徑承擔，三段中介鏈與 mechanism-based likelihood 取代絕對句式 Section 6 — 溯因（失智 wallet 三段中介鏈 CDR 三條替代路徑 15 列證據強度評估表） Role 提供 SA3 capacity-aware UX 的溯因論證——從「CDR 2 場景退化為 substituted」的規範性風險反推工程設計判準。若「失智 wallet 使用」之必要性未由三段中介鏈（EUDI 強制階段 既有數位化 「無 wallet 即失去福利」）建立，整段論證會被讀為對失智族群的隱形排除 若 CDR 與 wallet UX 階段化的介接未拆為三條替代路徑（self-assessment supporter-triggered issuer-side-hint）並明示各自的法律 工程 隱私 tradeoff，「醫療端自動通知 wallet」之不可能會被誤讀為 SA3 整體不可行 若 likelihood 採絕對句式（100% 必然），mechanism-based 推論的嚴謹性會被破壞 若 supporter 與家屬範疇未區分，CRPD 29 supporter 五類來源（家屬 社工 長照員 信託代表 自選同儕）會被化約為單一類別。 失智長者為什麼必須用 wallet 之三段中介鏈——鏈一 一 EUDI Wallet 2026-2027 強制階段對中高齡無年齡豁免、POTENTIAL UC6 4.3 明示 dementia onset 為強制階段最大未解 UX gap 鏈一 二 既有金融 政府 醫療數位化已把中高齡失能群體捲入（NHS Login 6,000 萬用戶 65 比例 24% マイナンバーカード 75 保有率 72.4% 北歐 BankID 70 覆蓋率 92% 台灣失智症協會訪談 71% caregiver 協助過健保 IC 卡操作 Alzheimer s Association 2025 41% caregiver 協助過 online banking） 鏈一 三 失智長者「無 wallet 即失去福利」的具體案例（荷蘭 Open Universiteit Alzheimer Nederland 2023 訪談 62% 失智者無法獨立完成 DigiD 二因驗證 84% caregiver 持失智者密碼 印度 IFF 2024 Aadhaar biometric 失智長者指紋退化率 35% 巴西 TJSP 2023-2024 LGPD 判例 台灣衛福部白皮書承認家屬代申為實況）。CDR 與 wallet UX 階段化的三條替代路徑——路徑 (i) wallet 內建 functional self-assessment（Apple Health Cognitive Google Health Connect Cambridge CANTAB Mobile 為理論對位，法律 tradeoff 為 GDPR Art 9 special category data 合規不確定、工程 tradeoff 為 false positive 率高、隱私 tradeoff 為 cognitive proxy 後續同步外洩） 路徑 (ii) supporter triggered downgrade（CRPD 29 supporter 預先指定、與 chooser signature 私鑰嚴格分離、法律 tradeoff 為 OECD 多數法域 supporter 認證程序未法律化、工程 tradeoff 為 supporter unilateral 觸發可能反向使用、隱私 tradeoff 為三層 safeguard 需求） 路徑 (iii) issuer-side capacity hint（issuer 在 credential 中嵌入 capacityProfile field、規範 tradeoff 為 CRPD GC1 15 反對 mental capacity 概念與 29 反對 functional capacity test 的根本緊張、限定 holder 主動 opt-in 加替代優先為保守立場）。退化路徑採五段機制鏈表述（a 無 capacity-aware downgrade b Cowan Sweller 過載 c 家屬代為操作成為事實常態 d chooser signature 由代行者實際持鑰簽署 e 工程事實為 substituted），整體 (a) (e) 觸發機率 medium-high（保守 50%） 不取 high 之理由為三因驗證、supporter-assisted 路徑、pilot study 缺乏。中介證據強度評估表 15 列覆蓋三段中介鏈 10 列加三條替代路徑 3 列加 likelihood 1 列加範疇區分 1 列。supporter 與家屬範疇區分四項——supporter 可為家屬 社工 長照員 信託代表 自選同儕 社區照顧據點專業人員 律師、supporter 不必有監護權或財產代理權、台灣意定監護新制以監護宣告為啟動條件與 CRPD 29 不同、 1113-2 受任人法律地位仍為 guardian 角色。 Finding SA3 三條替代路徑各自有未解 tradeoff，路徑 (i) 為「wallet 自動建議」first signal 但禁止自動觸發 downgrade、路徑 (ii) 為主要 downgrade 觸發機制配三層 safeguard、路徑 (iii) 在 CRPD 29 functional test 禁令爭點解決前列為「條件性可採」限定 opt-in mechanism-based likelihood medium-high 明示機率非確定性 15 列中介證據強度評估表為跨法域證據盤點起點。 Formal C9 path self assess, supporter trigger, issuer hint path CRPD GC1 29 reassessment 180d KeyDistinct(comprehension attestation, chooser signature) T UX3 capacity moderate, severe, terminal downgrade none Pr(supported substituted) θ 2 Likelihood(a e) medium-high ( 50%, pending pilot) #pillar

<P5>: Title supporter UI 三層分離由 signatures disjoint true 與 VerificationMethodDisjoint true 兩道密碼學硬約束承載 Section 7 — 演繹 類比（supporter UI 三層分離 Israel 67B-67F Peru DL 1384） Role 提供 SA4 supporter UI 的演繹類比論證——若 CRPD 29「supporter 必要、不可替代」原則未由密碼學層硬約束承載，wallet 工程會在「漸進過渡到代理」框架下削弱 supported 若 Israel 67B-67F 加 Peru DL 1384 之法律規範對位未明示，三層分離會被讀為憑空設計 若線下代簽攻擊面未承認為已知 gap，SA4 會被誤讀為宣稱解決所有威脅模型 若北歐 BankID fullmakt 與 iOS Android Family Link 未明示為反面範本或不採用，supporter 角色會滑回家屬代行預設。 CRPD 29 對 supporter 的規範性主張拆解為四項可審計條件——supporter 必要（wallet UX 須提供 supporter widget 入口）、supporter 不可替代（chooser signature 之 verificationMethod 必須 controller subject DID）、unconflicting interest（supporter 註冊時須宣告 wallet 須提示 conflict-of-interest 檢核）、不剝奪 safeguards（三層各自獨立 可審計 revocation endpoint）。三類獨立 cryptographic object 承載——(a) Comprehension Attestation（VC type ComprehensionAttestationCredential，issuer 為 supporter DID，proof 採 assertionMethod purpose 由 supporter 私鑰簽，語義為「supporter 見證 subject 對 disclosure scope 已表達理解」非「subject 同意 disclosure」） (b) Operation Assist Trace（純 UX 行為日誌，儲存於 wallet 本地，不上鏈不入 VC） (c) Chooser Signature（VP-level proof，purpose authentication，由 subject 私鑰簽，任何情境下 supporter 私鑰均不可旁路）。UI 層三類獨立 widget——Widget 1 Comprehension Widget 為獨立 modal、supporter biometric 解鎖、觸控隔離須在 subject 不在場完成 Widget 2 Operation Assist Widget 為 inline 面板、不提供任何代為簽署按鈕、任何 cryptographic 動作均跳轉 Widget 3 Widget 3 Decision Widget 為最終確認 modal、由 subject 自己以 biometric PIN 解鎖 subject DID 私鑰並簽 CS、觸控隔離 physical separation、hardware 偵測不成熟之 UX fallback 為 90 秒延遲加二次確認。既有 UI 模型對比——iOS Family Sharing Android Family Link 為未成年場景單一 organizer 模型不採用 Hyperledger Aries Mediator 為技術中介非 supporter，結構參照其「不簽章中介」位置 北歐 BankID fullmakt 為單一 BankID 代簽 substituted 反面範本 Israel 67B-67F 與 Peru DL 1384 apoyos 為唯二在法律層完整實現 supporter 三類權限切分（協助理解 協助表達 協助執行）的法域，Israel 2017-2018 200 份協議中 0% supporter 代簽法律文件、Peru Lima 350 份 apoyo 中 comprehension 65% expression 28% execution-of-non-legal-acts 7%。線下代簽攻擊面為已知 gap——supporter 在線下取得 subject biometric PIN 後代為操作 Widget 3，cryptographic 層無法區分 SA4 主張「在合作場景下不滑入 substituted」之雙層主張（規範性 工程性），惡意場景由 audit-by-design 加 revocation endpoint 覆蓋 三層分離對「無心代簽」（POTENTIAL UC6 phase 2 47 122 PIN 委付）可顯著降低觸發機率，具體下降幅度待 pilot 校準。 Finding SA4 supporter UI 三層分離由 signatures disjoint true 與 VerificationMethodDisjoint true 雙重密碼學硬約束承載 CRPD 29「supporter 必要、不可替代」原則 F2 5.3 設計 B（threshold signatures with supporters in quorum）違反 CRPD 28 在 F3 重申 線下代簽為已知 gap、惡意場景由 F1 5.4 audit-by-design 加 revocation endpoint 覆蓋 schema 層義務含 supporterRole 欄位列舉與 conflict-of-interest 揭露。 Formal C10 signatures disjoint true supporter did subject did KeyDistinct(comprehension attestation, chooser signature) VerificationMethodDisjoint(supporter signature l1, subject signature l3) T UX4 signatures disjoint VerificationMethodDisjoint CryptographicallyCollapsible(supporter, subject, r) #pillar

<Causal Chain>: Title 四件 UX 原語履行依賴 UX1 UX2 UX3 UX4 線性閉包 SA3 SA4 SA4 SA1 雙反饋環路 D7 (deterministic) UX1 UX2 形式條件——若 attribute count cognitive load threshold ( 3)，holder 進入「機械點擊接受」狀態，verifier 的 dark pattern 不需被主動偵測（因 holder 已不在決策狀態）。形式表述為 r C8(r) 有意義 C7(r) true C7 為 C8 的有效性前提，UX2 防線在 UX1 失守時失去意義。 D8 (deterministic) UX2 UX3 形式條件——若 verifier policy 含 dark patterns（D(r.verifier policy hash) 1），capacity aware downgrade 之有效性即被吃掉（holder 即使在 mild capacity 仍會接受 manipulative 設計）。形式表述為 r C9(r) 有意義 C8(r) true C8 為 C9 的有效性前提，UX3 階段化降階在 UX2 防線崩潰時退化為形式合規空轉。 D9 (deterministic) UX3 UX4 形式條件——若 capacity state 誤判（CDR 2 holder 未被三條替代路徑任一觸發 downgrade），supporter 介入路徑根本不會被觸發。形式表述為 r C10(r) 有意義 C9(r) true C9 為 C10 的有效性前提，UX4 supporter widget 三層分離在 UX3 失守時即使存在亦無用武之地。 F-SA3-SA4 (deterministic) SA3 SA4 反饋環路——capacity state moderate, severe 自動觸發 supporter UI widget 載入。capacity aware consent.ui downgrade level supporter-required, blocked 觸發 wallet 在下次 presentation 時呈現 Widget 1 Comprehension Widget 與 Widget 2 Operation Assist Widget。本環路是結構性，依賴 C9 之 capacity state 判定為 truthful 與 C10 之 supporter did 已預先註冊。 F-SA4-SA1 (deterministic) SA4 SA1 反饋環路——supporter 介入時 progressive disclosure UI 重組為「supporter-assisted simplified」mode，attribute count 上界從 3 降至 2、display layers 從 2 增至 3、issuer-supplied defaults 強度提升至「single best practice」。兩條反饋環路意味著 F3 critical path 已非有向無環圖 但循環在 protocol 與 schema 層仍可被靜態驗證——signatures disjoint true 與 capacity state 之單調退化兩個不變式共同消除無限循環。 T-CRPD-29 (probabilistic) CRPD 29 audit trail 義務的時間性依賴——T UX2 已形式化「D 1 V ux false V receipt false CRPD 29 反向使用風險 high」。在 F2 5.2 30 年保存窗口內，audit trail 在無 UX 修正下反過來成為「holder 同意此 dark pattern 之證據」。CRPD Committee 對歐盟成員國（已批准 CRPD）的 Concluding Observations 可預期在 2028-2030 年度報告週期出現對 EUDI Wallet UX 之 Art 12 違反指控。 T-LLM-Agent (probabilistic) CF5 LLM-agent 補位環路——2027-2030 LLM-agent in wallet 提供 comprehension 協助、attribute filtering 建議、決策建議三項服務時，holder 的「確認」實質為「對 agent 簡化版本的同意」 agent 因此實質決定何種選項被 holder 看到。緩解設計為 F1 7.3.1 AgentDelegationProof 加 presentationOrigin 標籤加 comprehension attestation 與 chooser signature 分離三件設計，限定於 Z₂ 範圍內延伸、不繞過 F1 RT-ℬ AA-ℬ 兩條常駐型不可委任邊界。 #chain

[Deployment Conditions]: 把 F3 四件 UX 工程原語翻譯成可被檢驗的工程或法律義務，必須通過六道條件. deployable ux(r) V cognitive(r) V dark patterns(r) V capacity(r) V supporter(r) V thesis layer(r) V f1 boundary(r) #conditions

<C1>: Title V cognitive — 3 attribute group progressive disclosure issuer-supplied defaults UX1 progressive disclosure ui 須採三件設計合取——attribute count cognitive load threshold 3（Cowan 4 1 加上 wallet 三保守係數推估之分析性建議數，待 EUDI POTENTIAL EWC DC4EU NOBID 各 LSP final report 校準）、display layers 2（progressive disclosure 三變體 wizard accordion paginated 在 wallet 場景缺乏對照研究，建議「wizard 最終步驟提供 accordion review」）、issuer supplied defaults per item override true（issuer 提供 privacy-conservative default per item override 須能逆向操作不限於提交動作）。WEIRD 樣本偏見為已知 gap，cross-cultural 應用須誠實邊界明示 個體差異（年齡 教育 數位素養 語言）對 attribute group 上界的影響為 11 open question O8。 Formal V cognitive r.ux.attribute count 3 r.ux.display layers 2 (r.ux.per item override true r.ux.issuer supplied defaults ) #condition

<C2>: Title V dark patterns — OpenID4VP scope 變更 10s 強制延遲 對稱選項佈局 EDPB D1-D7 UX2 dark patterns firewall 須採七項 normative requirement 合取——D1 scope 變更強制延遲 10s 期間 accept 按鈕 disabled、D2 對稱選項佈局 accept reject 同尺寸 5% 同字體同色 contrast 同 z-order、D3 必要訊息揭露（attribute verifier identity 用途 保留期 第三方轉發鏈）、D4 高 stakes 二步確認（對 salary address political affiliation 等 sensitive attribute 強制二步）、D5 撤回路徑對稱性（撤回 click 數 同意 click 數）、D6 禁止預勾與 nudge（不得 pre-tick、不得僅一鍵 accept 而 reject 需多層）、D7 terminology plain-language（對 selective disclosure ZK 提供 A2 reading level 等價說明）。D 函數（dark patterns binary 偵測）具體演算法為 11 open question O9，EDPB Guidelines 03 2022 為敘述性非可機器執行 D1 之 10 秒上界推估值待 conformance test 驗證 EU AI Act 5(1)(b) wallet 適用為條件性，待 AI Office implementing guidance 2026 Q4。 Formal V dark patterns D(r.ux.verifier policy hash) 0 r.ux.scope change delay ms 5000 r.ux.symmetry check true p D1..D7 enforced(p) #condition

<C3>: Title V capacity — 三條替代路徑至少一條 6 個月重評估 comprehension attestation 與 chooser signature 分離 UX3 capacity aware consent 須採三條替代路徑（self-assessment supporter-triggered issuer-side-hint）至少一條，且配合 6 個月內 capacity 重評估（CRPD 29 regular review）與 comprehension attestation 對 chooser signature 之 KeyDistinct 約束。三條路徑各自的 tradeoff——路徑 (i) wallet-self-assessment 之 GDPR Art 9 special category data 合規不確定（Art 9(2)(g) 公共利益例外正當化待 CJEU 判斷， 11 open question O15） 路徑 (ii) supporter triggered 之意定監護法律承載 gap（OECD 多數法域 supporter 認證程序未法律化， 11 open question O21） 路徑 (iii) issuer-side hint 與 CRPD 29 functional test 禁令的根本緊張（限定 holder 主動 opt-in、CRPD 委員會接受度未知， 11 open question O16）。三路徑無單一可獨立完成 capacity-aware downgrade ui downgrade level 採 capacity state 條件式（full none moderate simplified supporter-required severe terminal supporter-required blocked）。 Formal V capacity path wallet-self-assessment, supporter-triggered, issuer-side-hint path satisfies CRPD GC1 29 (now r.ux.capacity timestamp) 180 86400 KeyDistinct(r.ux.comprehension attestation.key, r.chooser signature.key) true #condition

<C4>: Title V supporter — comprehension attestation.signer chooser signature.signer supporter subject UX4 supporter ui three layer 須採三類獨立 cryptographic object 承載——(a) Comprehension Attestation（VC type ComprehensionAttestationCredential，issuer 為 supporter DID，proof 採 assertionMethod purpose）、(b) Operation Assist Trace（純 UX 行為日誌、不上鏈不入 VC）、(c) Chooser Signature（VP-level proof、purpose authentication、由 subject 私鑰簽）。UI 層三類獨立 widget（Comprehension Operation Assist Decision）須觸控隔離 signatures disjoint true 與 VerificationMethodDisjoint true 為兩道密碼學硬約束。supporter role scope family, social-worker, care-staff, trust-representative, peer, other 須註冊宣告且配 conflict-of-interest 揭露。F2 5.3 設計 B（threshold signatures with supporters in quorum）違反 CRPD 28 在 F3 重申不採用。線下代簽攻擊面為已知 gap（ 11 open question O4），惡意場景由 F1 5.4 audit-by-design 加 revocation endpoint 覆蓋 hardware-backed signatures disjoint enforcement 在 mobile wallet 為已知工程 gap。 Formal V supporter r.ux.signatures disjoint true r.ux.supporter did r.subject did SigVerify(r.ux.subject signature l3, r.subject did) true VerificationMethodDisjoint(r.ux.supporter signature l1, r.ux.subject signature l3) true #condition

<C5>: Title V thesis layer — working thesis 與 strengthened thesis 嚴格區分 三大緩解 critical path F3 採 strengthened thesis 為正式立場、working thesis 僅作為論證起點與壓力測試對照組。working thesis（無緩解版）在 CF2（dark patterns 重演）或 CF5（LLM-agent 補位）任一單獨觸發下實證失效 strengthened thesis（含三大緩解 critical path——緩解 1 UX-agility by design 對 CF1 CF2、緩解 2 threshold signatures court-supervised downgrade 對 CF3 CF4、緩解 3 agent 與 supporter 密碼學區分 AgentDelegationProof 制度化對 CF5）在五個 CF 全部觸發的極端情境下保留核心功能（第一段 baseline progressive disclosure supporter UI 框架完整保留、第二段 CRPD 29 履行性補強規模化時程外推 10 年、第三段 LLM-agent 邊界維持條件性失效）。「保留核心」不可被誤讀為「四件全部不受影響」——CF3 CF4 同時觸發下 T UX3-T UX4 為條件性失效。三大緩解部署估期——緩解 1 對 2026-2028 W3C IETF EUDI ARF 規範整合 2028-2030 wallet 與 verifier 工程實作 2030-2032 dark patterns 自動化 conformance 緩解 2 對 2026-2028 BLS threshold 在 W3C VC v2.0 IETF JOSE COSE 規範整合 2028-2030 EUDI ARF 與各國 wallet 實作 2030-2032 supporter wallet 公部門配發 緩解 3 對 2027-2029 W3C VC EUDI ARF agent signature 結構 2028-2030 EDPB AI Office wallet 場景聯合 guidance 2029-2032 enforcement-grade 實作。 Formal V thesis layer strengthened thesis working thesis UX agility threshold with court anchor agent vs supporter crypto split CFᵢ , strengthened thesis partial survival(CFᵢ) working thesis survive(CF2 CF5) #condition

<C6>: Title V f1 boundary — F1 RT-ℬ AA-ℬ 邊界明示 CF5 LLM-agent 補位限定 Z₂ 內 F3 四件 UX 工程原語完全在 Z₂（條件可委任區）範圍內運作，對 F1 之 RT-ℬ （責任承擔需 first-personal mens rea）與 AA-ℬ （contestation bearer 需 Pettit active-stance）兩 cell 不主張任何 UX 工程可達性。T2 已形式化「 cell RT-ℬ , AA-ℬ , σ ux UX1, UX2, UX3, UX4 P degrade(cell, σ ux) θ 2」。UX1 progressive disclosure ui 可降低認知負荷但無法產生 mens rea 之第一人稱性 UX2 dark patterns firewall 可保護 holder 不被誤導但無法產生 contestation 之 active-stance——這是存在論失能，UX 工程無從觸及。CF5 對 F1 兩條邊界的衝擊為「工程實作層延伸誠實邊界」非繞過——agent 與 supporter 角色滑移屬 Z₂ 邊界內部的工程實作脆弱性，由 F1 7.3.1 AgentDelegationProof presentationOrigin 標籤 comprehension attestation 與 chooser signature 分離 agent 與 supporter 密碼學區分四件設計合取維持邊界。任何宣稱「UX 工程原語可解決 AI 代理根本責任問題」之論述皆違反 T2 。 Formal V f1 boundary cell RT-ℬ , AA-ℬ , σ ux UX1, UX2, UX3, UX4 P degrade(cell, σ ux) θ 2 CF5 Z₂ internal engineering extension bypass(F1 RT-ℬ F1 AA-ℬ ) #condition

<Conclusion>: 四件 UX 工程原語落地的條件性成立 。F2 四件密碼學工程原語在「密碼學選擇 長期保存 法庭可採性 跨境互認」四層的成立是條件性的——其「實際可履行性」前提 Informed(holder, r) 在 UX 層無工程修正下，於四道認知-規範瓶頸下無法履行。瓶頸具體為——Miller Cowan 認知上界加 cognitive load theory 在 multi-attribute selective disclosure 場景下使 informed consent 在 attribute count 3 時 P(informed consent) θ inform verifier policy 之 dark patterns 在 wallet 場景同型重演 GDPR cookie banner 八年失敗（Nouwens 2020 UK Top 10k 合規率 11.8%、Sanchez-Rola 2019 reject 後仍 tracking 49%、Matte 2020 54% 違反至少一項 GDPR） capacity 變動使「曾經 informed consent」失效並以 mechanism-based likelihood medium-high（保守 50%）退化為 substituted supporter 介入邊界模糊使「協助理解」滑入「代為決定」。V receipt 於 F3 升級為 V receipt V receipt V ux，後者由四件 UX 工程原語以合取承擔 缺一即 F2 SA2 CRPD 29 反向使用風險升至 high。 「 3 attribute group」與 θ inform 0.5 為分析性建議數 ，wallet 場景 ecologically valid pilot study 待 EUDI POTENTIAL EWC DC4EU NOBID 各 LSP final report 校準。 CF5 對 F1 邊界的工程實作層延伸（非繞過） 。F3 四件 UX 工程原語完全在 Z₂（條件可委任區）範圍內運作，對 F1 之 RT-ℬ 與 AA-ℬ 兩 cell 不主張任何 UX 工程可達性。T2 已形式化「不存在任何 UX 原語子集合使退化機率 P degrade 落於門檻 θ 2 以下」——UX1 progressive disclosure ui 可降低認知負荷但無法產生 mens rea 之第一人稱性 UX2 dark patterns firewall 可保護 holder 不被誤導但無法產生 contestation 之 active-stance。CF5 LLM-agent 補位處理的是 Z₂ 邊界內部的工程實作脆弱性——agent 因每次 wallet 操作都在「協助理解」與「代為決定」之間滑動，邊界存於使用者主觀層、非密碼學層 F1 7.3.1 AgentDelegationProof 加 presentationOrigin 標籤加 comprehension attestation 與 chooser signature 分離加 agent 與 supporter 密碼學區分四件設計共同維持密碼學邊界。F1 RT-ℬ 與 AA-ℬ 仍是常駐型不可委任結論，本文不更動 CF5 之 LLM-agent 補位「限定於 Z₂ 內延伸、不繞過 F1 結論」是 F3 對 F1 邊界結論的「工程實作層延伸誠實邊界」。 working thesis 與 strengthened thesis 嚴格區分，對三組目標讀者的分立建議承擔生存差距 。F3 working thesis（無緩解版）在 CF2 或 CF5 任一單獨觸發下實證失效 F3 strengthened thesis（含三大緩解 critical path——UX-agility by design、threshold signatures court-supervised downgrade、agent 與 supporter 密碼學區分 AgentDelegationProof 制度化）在五個 CF 全部觸發極端情境下保留核心功能（第一段 baseline progressive disclosure supporter UI 框架完整保留、第二段 CRPD 29 履行性補強規模化時程外推 10 年、第三段 LLM-agent 邊界維持條件性失效）。F3 主文採 strengthened thesis 為正式立場、working thesis 僅作為論證起點與壓力測試對照組使用。對 CRPD Committee ——應發布 General Comment 補充明示 supporter 範疇邊界（不限於家屬）、supporter triggered downgrade 之 safeguards 要求、issuer-side capacity hint 之 functional test 違反邊界 對 EUDI Phase 2 ——conformance suite 應於 2026 Q3 之前納入 dark patterns 自動化檢測與 supporter UI 三層分離 conformance 測試 對 UX 工程社群 CRPD 政策研究者 失能政策學者 三組目標讀者各自之分立建議於 12.3 詳述。對台灣 TW DIW 進入 LLM-agent 階段前的具體警示—— 若未具備 capacity-aware UX 與 supporter UI 三層分離，A15 6.2 三重預設在失智長者場景的退化路徑會在 wallet 強制階段第一日即觸發 DIW v1.0 spec 應明文 capacity-aware UX 條款 supporter sub-account 規格 EUDI Phase 2 conformance 加入 dark patterns 自動化檢測三項 。 Formal Coda Final form V receipt (r) V receipt(r) V ux(r) (extend F2) V ux(r) V cognitive(r) V dark patterns(r) V capacity(r) V supporter(r) C7 C8 C9 C10 C7 V cognitive attribute count 3 progressive disclosure issuer defaults C8 V dark patterns D(verifier policy hash) 0 scope change delay 10s symmetric layout p D1..D7 enforced(p) C9 V capacity path self assess, supporter trigger, issuer hint path CRPD 29 reassessment 180d KeyDistinct(comprehension attestation, chooser signature) C10 V supporter signatures disjoint true supporter did subject did chooser signature.signer subject did VerificationMethodDisjoint(supporter signature l1, subject signature l3) Definitions D verifier policy clean, dark (EDPB 03 2022 EU AI Act 5(1)(b)) CDR 2 require(V capacity downgrade path activated) Supporter family, social worker, care worker, trustee, peer, other Guardian CriticalPath UX UX1 D7 UX2 D8 UX3 D9 UX4 (linear closure) FeedbackLoop SA3 SA4 (capacity supporter widget auto-load) SA4 SA1 (supporter intervention attribute count cap 3 2) T UX1 attribute count 3 Pr(informed consent) θ inform 0.5 T UX2 D 1 V ux false V receipt false CRPD 29 reverse use risk high T UX3 capacity moderate, severe, terminal downgrade none Pr(supported substituted) θ 2 0.7 T UX4 signatures disjoint VerificationMethodDisjoint CryptographicallyCollapsible(supporter, subject, r) T2 (F3 擴充版 Z₃-intrinsic 不可達引理) cell RT-ℬ , AA-ℬ , σ ux UX1, UX2, UX3, UX4 P degrade(cell, σ ux) θ 2 Stress Test CF1 (Cowan revision) 3 1-2 UX-agility 緩解 CF2 (cookie banner replay) AI Act 5(1)(b) EDPB enforcement-grade 緩解 CF3 (三路徑全失效) threshold signatures court-supervised downgrade fallback CF4 (supporter hardware gap) wallet sub-account 公部門 supporter wallet 配發 CF5 (LLM-agent 補位) Z₂ 內延伸 越界 F1 Z₃ strengthened thesis working thesis UX agility threshold with court anchor agent vs supporter crypto split partial survival(CF1 CF2 CF3 CF4 CF5) working thesis survive(CF2 CF5) CRPD GC1 29 hard constraint(audit trail) reverse use( 29 12 violation) under strengthened thesis Z₂ V ux-deployable Z₃-intrinsic V ux-deployable (T2 邊界) Time-staging UX-agility 2026-2028 W3C IETF EUDI ARF 規範整合 2028-2030 工程實作 2030-2032 conformance threshold court 2026-2028 BLS threshold W3C IETF 規範整合 2028-2030 EUDI ARF 與 wallet 實作 2030-2032 supporter wallet 公部門配發 agent vs supporter 2027-2029 W3C VC EUDI ARF agent signature 結構 2028-2030 EDPB AI Office wallet 場景聯合 guidance 2029-2032 enforcement-grade #conclusion

# Deployment Conditions

[Deployment Conditions]
  + <C1>
  + <C2>
  + <C3>
  + <C4>
  + <C5>
  + <C6>

# Objections And Replies

[Objection 1]: CF1 認知科學新研究下修 Cowan 4 1 — 3 attribute group 上界失準故 SA1 整層需重做. 2027-2028 年新一代認知科學研究基於 cross-cultural、mobile context、time-pressure 三項 ecologically valid 條件，顯示 working memory capacity 在 wallet 場景比 1990-2000 年代實驗室條件低，估計值落入 2 1 區間（相對於 Cowan 2001 的 4 1 為下修）。三條機制鏈——跨文化軸（Adams-Nguyen-Cowan 2018 已建立修訂方向）、mobile context 軸（Wilmer-Sherman-Chein 2017 已揭示 smartphone use 與 attention capacity 負相關）、time-pressure 軸（wallet UX 30 秒至 2 分鐘決策時程）。觸發機率 medium（30-50%）。實證強度上，若新研究把 wallet 場景的 effective working memory 下修至 2 1，「 3 attribute group」上界失準，SA1 baseline 從「 3」需下修至「 1-2」 UX 流暢度大幅下降，holder 平均 presentation 時間從 60 秒上升至 120 秒，integration 之工程複雜度反論成立。 #objection

<Reply 1>: Title CF1 認知科學新研究下修 Cowan 4 1 — 3 attribute group 上界失準故 SA1 整層需重做 仔細看，CF1 觸發反向支撐「UX-agility by design 是條件成立的工程紀律」這條論點。F3 thesis 在 3.4 已明示 θ inform 0.5 與 attribute count 3 為「分析性建議數」、wallet 場景 pilot 尚未校準 強化論題對應的緩解設計即「UX-agility by design」——progressive disclosure UI 支援動態調整 attribute group 上界、wallet 配置檔允許 issuer 或 verifier 在 cryptosuite metadata 中宣告 target cognitive load level、issuer-supplied defaults 在低上界場景發揮更大作用、dual-track UX（guided mode expert mode）。CF1 觸發後 SA1 上界下修為 1-2，但 SA1 主結構（progressive disclosure 三層架構）仍成立，OpenID4VP DIF PE 協商通道不依賴特定上界數值 W3C VC v2.0 4.12 securingMechanism 抽象層加上 EUDI ARF profile 抽象層構成承載結構。CF1 反論反向支撐 strengthened thesis 對「條件性可履行性」的承諾——working thesis 對特定上界數值的依賴在 CF1 觸發下需條件化重述，這正是 strengthened thesis 主張的「不依賴單一上界數值」紀律的具體表現。 #reply

[Objection 2]: CF2 EUDI 強制階段重演 GDPR cookie banner 失敗 — verifier dark patterns 規模化故 SA2 防線崩潰. 2026-2027 年 EUDI Wallet 強制階段啟動後，verifier policy consent UX 在 6-18 個月內重演 GDPR cookie banner 失敗模式。預期 wallet 場景「全部接受」率達 75-85%、dark patterns 普及率達 Mathur 2019 shopping site 同等水平（ 11%）。觸發機制鏈三條——enforcement 機制缺口（DPA 對 wallet 場景執法權限與技術能力均不到位）、verifier 動機（透過 dark patterns 取得超出最小化原則的 attribute）、wallet provider 競爭壓力（UX 順滑化與 dark patterns 工程上難以區分）。觸發機率 medium-high（55-70%）。實證強度上，若 dark patterns 在 wallet 場景規模化，SA2 防線崩潰（scope 變更強制延遲被「重置流程」繞過、選項對稱性被視覺對比繞過、必要訊息揭露被「詳細資訊」摺疊到第二層繞過） SA1 cognitive load 上界失去意義（consent fatigue 下使用者不再閱讀屬性說明） SA3 capacity-aware UX 自動降階被使用者體驗為「煩擾」而被關閉 SA4 supporter UI 三層分離塌縮為單層「supporter 代為點擊」。CRPD Committee 對歐盟成員國的 Concluding Observations 可預期在 2028-2030 年度報告週期出現對 EUDI Wallet UX 之 Art 12 違反指控——F3 對 CRPD 29 的對接從「履行性補強」翻轉為「形式合規空轉」。 #objection

<Reply 2>: Title CF2 EUDI 強制階段重演 GDPR cookie banner 失敗 — verifier dark patterns 規模化故 SA2 防線崩潰 仔細看，CF2 觸發反向支撐「EU AI Act 5(1)(b) 延伸 DSA Art 25 延伸 EDPB enforcement-grade guidance 三軌緩解 critical path」這條紀律。F3 strengthened thesis 在 9.2 已建立——EU AI Act 5(1)(b) 延伸到 wallet 場景（需 EDPB 與 European AI Office 聯合發布 guidance，明示 wallet 場景 dark patterns 為 5(1)(b) 禁止範圍）、DSA Art 25 對 wallet 介面設計的延伸（需 European Commission 在 DSA implementing guidelines 中納入 wallet）、EDPB enforcement-grade guidance（wallet 場景 specific guidelines，含量化標準）、conformance suite 加入 dark patterns 檢測。CF2 反論反向支撐 T UX2 「D 1 V ux false V receipt false CRPD 29 反向使用風險 high」需透過「規範延伸 工程強制」雙層履行——D1-D7 七項 normative requirement 寫入 OpenID4VP 1.0 與 EUDI Wallet ARF 後續 iteration、conformance suite 加入 dark patterns 自動化檢測。CF2 也釘住 working strengthened thesis 區分的具體政策意涵——working thesis 在 CF2 單獨觸發下實證失效、strengthened thesis 透過三大緩解阻擋 29 反向使用、剩餘風險為 GDPR 2018 生效後到 EDPB Guidelines 03 2022 再到實際 enforcement 統計顯示 cookie banner「全部接受」率下降仍未完成、EUDI Wallet 強制階段若 2026-2027 啟動則 dark patterns enforcement 完整到位可能要 2032-2034、EU AI Act 5(1)(b) wallet 適用為條件性（待 AI Office implementing guidance 2026 Q4）。 #reply

[Objection 3]: CF5 LLM-agent 補位 — agent 與 supporter 角色滑移故 F1 RT-ℬ AA-ℬ 邊界工程式越界. 2027-2030 年 LLM-agent in wallet 成為 F3 四件 UX 原語的功能性替代或補位——comprehension 協助（LLM-agent 解釋 attribute 含義、verifier 信任度、資料最小化原則）、attribute disclosure 簡化（推薦 disclosure profile）、法律術語即時翻譯、決策建議。此情境兼具緩解面（解決 SA4 supporter 動員規模化問題、SA1 cognitive load 問題）與威脅面（LLM-agent 滑入 supporter「不可替代」邊界）。觸發機率 high（ 70%）——LLM-agent in wallet 是 2026-2030 確定路徑、問題只是治理是否跟上。實證強度上，LLM-agent 解釋偏差（受訓練資料、prompt 設計、wallet provider 商業利益影響）、prompt injection 攻擊（verifier 在 OpenID4VP request metadata 中嵌入 prompt injection）、agent-mediated consent 取代 informed consent（holder 所同意者實為 agent 簡化過的版本，已偏離原始 verifier policy）三項威脅構成 F1 RT-ℬ AA-ℬ 邊界的工程式越界風險——agent 因每次 wallet 操作都在「協助理解」與「代為決定」之間滑動，邊界存於使用者主觀層、非密碼學層。 #objection

<Reply 3>: Title CF5 LLM-agent 補位 — agent 與 supporter 角色滑移故 F1 RT-ℬ AA-ℬ 邊界工程式越界 仔細看，CF5 觸發反向支撐「F1 7.3.1 AgentDelegationProof presentationOrigin 標籤 comprehension attestation 與 chooser signature 分離 agent 與 supporter 密碼學區分四件設計合取維持邊界」這條紀律。F3 strengthened thesis 在 9.5 與 9.5.1 已明示——CF5 對 F1 兩條邊界的衝擊為「工程實作層延伸誠實邊界」而非繞過 F1 結論。F1 RT-ℬ （責任承擔需 first-personal mens rea）與 AA-ℬ （contestation bearer 需 Pettit active-stance）仍是常駐型不可委任結論——T2 已形式化「 cell RT-ℬ , AA-ℬ , σ ux P degrade(cell, σ ux) θ 2」。CF5 處理的是 Z₂ 邊界內部的工程實作脆弱性——agent signature supporter signature holder signature 三類在 credential schema 層強制區分、EU AI Act 5(1)(b) 與 DSA Art 25 對 manipulative techniques 與 dark patterns 對 wallet 場景的延伸 enforcement、F1 RT-ℬ 規範教育構成三方協作緩解 即使三方到位，agent 與 supporter 的角色滑移在實務上仍會發生。CF5 反論反向支撐 strengthened thesis 對 F1 邊界的承諾差距——working thesis 在 CF5 單獨觸發下對 F1 邊界無工程承載、strengthened thesis 透過三大緩解阻擋工程式越界但仍承認邊界維持的條件性失效 這是 F3 對 F1 結論的最具體延伸，並導出對 TW DIW 進入 LLM-agent 階段前 supporter sub-account 規格與 conformance test 加入 agent-mediated consent 偵測的具體建議。 #reply