§1 Introduction

In January 2017, the Ministry of the Interior of the Republic of China initiated the new chip-based national identity card (eID) project, approved by the Executive Yuan, with a plan to complete universal replacement by 2020. A pilot was launched in Hsinchu City in August 2020; in January 2021 the Executive Yuan halted the universal rollout by administrative order; in September 2021 the Interior Committee of the Legislative Yuan resolved that a dedicated personal-data protection statute must be enacted before the programme could be restarted. Between entry, suspension, and termination of this four-year cycle, Taiwan civil society organisations (including the Citizen Congress Watch, Taiwan Association for Human Rights, Open Culture Foundation, Awakening Foundation, Taiwan Labour Front, Citizen of the Earth Taiwan, and more than a dozen other groups), the academic community (two waves of joint statements signed by information-security, constitutional, and human-rights legal scholars), the threat of Grand Justices’ constitutional interpretation, scrutiny by the Legislative Yuan’s Interior Committee, and intra-Executive Yuan inter-ministerial disputes jointly constituted a process of formation and termination of digital identity infrastructure on a democratic frontline.^[ref-1]

In August 2022, the Ministry of Digital Affairs (moda) was formally inaugurated; its TW FidO (mobile natural person certificate) entered gradual deployment; in 2024 moda launched the TW DIW (Taiwan Digital Identity Wallet, hereafter TW DIW (Taiwan Digital Identity Wallet)) pilot, which officially launched in June 2025, anchoring the trust list on the Ethereum main network and other public blockchain infrastructure.^[ref-2] In November 2025, the civilian advocacy document Yǒu Bèi Ér Lái — Towards Interoperable Yet Unlinkable Digital Identity (lit. “Having Preparation, It Comes”) was released for public consultation in the 2025-11 version, proposing a civilian backup proposal of three design principles — “antifragile, backup, trust rotation” — and as of the present moment in 2026 remains at the proposal level (PoC / advocacy stage), without having entered large-scale verification.^[ref-3] Concurrently, the moda roadmap estimates connecting TW DIW to five major government services — National Health Insurance, long-term care, pension, education, and tax filing — between 2026 and 2028. The ambiguity as to whether the connection method will be “mandatory” or “voluntary with strong service linkage” has not been resolved.

These five matters — the eID 2017–2021 suspension case, the establishment of moda in 2022, the TW DIW 2024–2025 pilot and launch, the 2025-11 civilian advocacy document, and the 2026–2028 mandatory linkage schedule — at the surface level each address specific questions: how should the identity card be designed, how should government ministries be reorganised, how should the wallet go online, how should civil society propose alternatives, how should services be integrated. At the normative level, they jointly point to a question that has not yet been frontally addressed: when a democratic-frontline nation with high digital governance capacity promotes digital identity infrastructure with a single trust root, while facing the compounded pressures of hybrid authoritarian-democratic adjacency, weak cross-border recognition, and challenges of access for marginalised populations, how are the four components of the Public Realm Floor (PRF) (a composite term proposed by the present author, synthesising Arendt’s notion of the public realm with the normative ‘floor’ metaphor from political philosophy) — plurality, validity, contestation, agonism — as established in A2 [ref-A2], concretely borne or degraded? Which theorems in the civic-proof series (T_PRF1–T_PRF5) can be directly applied to this scenario? Which require caveats?

The present article is the twenty-fourth in the civic-proof series. The preceding twenty-three articles have established, across different levels, the normative floor (A2 [ref-A2]), dual-anchor accountability (A1 [ref-A1]), wallet triple-presupposition boundary (A15), LLM-agent delegation boundary (F1), receipts evidentiary chain (F2), UX three-layer separation (F3), and other bearing structures, embedding Taiwan anchors in eleven articles respectively (A1 TW DIW on-chain, B1 g0v civic movements, C3 TW DIW 320–480 thousand substantive exclusion estimate, D2 passport root, E3 structural slippage, E4 cross-jurisdictional redress gap, E5/A15 access for marginalised populations, F1 LLM-agent stage, F3 supporter UI three-layer separation and adult guardianship bearing, A2 Chu Yun-han/Wang Hui/Confucian “remonstrance” and “honest friend” four-lineage sinicisation bearings).^{[ref-A1, ref-A2]} The task of the present article is to converge the Taiwan anchors from the preceding twenty-three articles with Taiwan as the principal axis of case analysis, drawing on the Yǒu Bèi Ér Lái civilian advocacy document as the core material for civilian backup proposals, and completing a concrete-scenario case-tracing within the PRF framework.

The scope of the task contains three boundaries. First, the present article is a case-tracing, not a universal claim; the generalisability of the four-dimensional stress-test results of a single locale to “structurally similar locales within and outside the OECD” constitutes a conditional implication, and does not adopt a deterministic register. Second, the working thesis of the present article is: “Taiwan constitutes a typical stress-test scenario of PRF under democratic-frontline conditions, not an exceptional case”; nomenclature follows the recommendation of the GPT-5.5-pro second-round audit (per civic-proof series Phase 4a naming discipline). The meaning of “typical stress-test” is: the conjunction of the four conditions of high digital governance capacity + democratic frontline + weak cross-border recognition + marginalised access is rare but not unique within the OECD; the Baltic States (Estonia / Latvia / Lithuania), South Korea, Ukraine, and Moldova face structurally similar four-fold pressures, giving the Taiwan stress-test results a working-hypothesis standing with cross-jurisdictional generalisability. Third, beyond the normative floor of the series (PRF), the present article does not bear the proposal of any new normative floor; the existing T_PRF1–T_PRF5 serve as the argumentative skeleton, with their applicable limits noted by caveat in this case.

The chapter organisation of the present article is as follows. Chapter Two provides the formal skeleton, including the domain of definition, scope clause, re-statement of the PRF conjunctive floor in the Taiwan context, applicable limits of T_PRF1–T_PRF5, analytic threshold identity of LegitimacyDegrade, and five limitations of the present article. Chapter Three provides the history of Taiwan’s digital identity institutions (natural person certificate 1998 → National Health Insurance IC card 2004 → eID 2017–2021 suspension → TW FidO 2022+ → TW DIW 2024–2026 pilot) and the corresponding bearing for PRF four components. Chapter Four addresses the three-layer bearing of A15 + F1 + F3 at the TW DIW × LLM-agent stage. Chapter Five addresses the tension between civilian backup (the Yǒu Bèi Ér Lái advocacy) and the government single system. Chapter Six addresses case-tracing of the three pressures (cross-strait + weak cross-border recognition + marginalised access). Chapter Seven addresses counter-argument stress tests. Chapters Eight through Ten provide series integration, the honesty boundary, and the conditional conclusion.

---

§2 Formal Skeleton

2.1 Domain of Definition and Scope Clause

Definition 2.1 (four-condition conjunction of the democratic-frontline stress test):

DemocraticFrontlineStressTest(s) ≜
    DigitalFrontline(s)
  ∧ MixedAuthoritarianDemocraticAdjacency(s)
  ∧ HighDisinformationPenetration(s)
  ∧ HybridPublicPrivateDIStack(s)
  ∧ StrongCivilSociety(s)

where
  DigitalFrontline                    ≜ a democratic polity with high digital governance capacity
  MixedAuthDemAdjacency               ≜ adjacent to a mixed/authoritarian polity and bearing
                                       its cyber / cognitive / infrastructure attack surface
  HighDisinformationPenetration       ≜ systemic pressure of cross-platform information erosion
  HybridPublicPrivateDIStack          ≜ government track + civilian track + trust list on-chain:
                                       a three-party co-constituted digital identity stack
  StrongCivilSociety                  ≜ mature four-layer contestation bearing across
                                       judicial / constitutional review / social movement / civic tech

The scope clause of Definition 2.1 contains three boundary conditions. First, the conjunction of four conditions is “a sufficiently rich condition for stress-testing”, not “a necessary and sufficient condition for special exceptionality”; structurally, the Baltic States, South Korea, Ukraine, and Moldova within the OECD all bear subsets of the four conditions, such that the generalisability of this case falls under “generalisable stress-test scenario” rather than “isolated case description”. Second, the four conditions are a descriptive inventory, not a normative ranking; the present article does not claim that “countries possessing these four conditions require PRF bearing more than other countries”. PRF is the normative floor of the series and applies universally across scenarios; in the present case it merely displays its bearing structure under conditions of extreme stress. Third, StrongCivilSociety is the enabling condition of the present article’s working hypothesis; if this condition does not hold, the contestation bearing structure of the present case (§2.3 T_PRF3 applicability) degrades to another country’s scenario and falls outside the scope of the present article’s bearing.

Taiwan simultaneously bears all four conditions as of May 2026 (DigitalFrontline: high digital governance capacity including TW FidO + TW DIW + trust list on-chain; MixedAuthDemAdjacency: cross-strait geopolitics and PRC attack surface; HighDisinformationPenetration: deepfake circulation before and after the 2024 elections [ref-A2 ref-3]; HybridPublicPrivateDIStack: moda government track + g0v / Bonds / Numbers Protocol / Sphereon civilian track + trust list on-chain three-party co-constituted; StrongCivilSociety: 2017–2021 eID suspension case + Grand Justices’ constitutional review mechanism + g0v / vTaiwan civic tech + judicial independence). The concurrent presence of all four conditions is detailed in Chapters Three through Seven.

2.2 Re-Statement of the PRF Conjunctive Floor in the Taiwan Context

Definition 2.2 (forward-link from A2 §3.1 [ref-A2]):

PRF ≜ ⟨plurality, validity, contestation, agonism⟩

PRF_violated(d) ⇔ ∃ i ∈ {plurality, validity, contestation, agonism}
                  : violation(d, PRF_i)

PRF is a conjunctive normative floor: if any one of the four components is violated, PRF as a whole is regarded as violated within the present framework; a trade-off reading — whereby one component can compensate for a violated component — is not adopted within the present framework (per A2 Definition 3.2 [ref-A2]). The present article does not repeat A2 §4–§7’s arguments anchoring the four components in their original texts; the following summarises the bearing positions of each component in the Taiwan context by forward-link.

The bearing structure of plurality in Taiwan contains five major carriers (an extension of the bearing structure of the 2014 Sunflower Movement in A2 §4.5 Case Study 1 [ref-A2]): streets (social movement scenes including Sunflower 318 / solidarity with Anti-ELAB / anti-nuclear / anti-ractopamine pork and others), parliament (interpellation, public hearings, and petitions for constitutional interpretation in the Legislative Yuan), online (plurality bearing across PTT / Dcard / Facebook / Threads / g0v collaborative platforms), referenda (institutional bearing across multiple referenda from 2018 to 2021), and social movements (the long-term plurality bearing network of organisations including the Referendum Advancement Coalition, Taiwan Youth Association for Democracy, Taiwan Labour Front, Environmental Alliance, Awakening Foundation, Citizen of the Earth Taiwan, Taiwan Association for Human Rights, and Open Culture Foundation).^[ref-4] The co-presence of multiple who in Taiwan’s institutional bearing structure is distributed across the five carriers; no single carrier can bear the entirety of plurality alone.

The bearing structure of validity in Taiwan contains three layers: the normative layer (Electronic Signature Act 2001/2024, Personal Data Protection Act 1995/2010/2023, TW DIW regulatory draft), the institutional layer (National Communications Commission / moda / Ministry of Justice / National Communications Commission / Personal Information Protection Commission under preparation), and the Sluice layer (informal opinion formation in civil society organisations and media, bearing the three Habermasian Geltungsansprüche).^[ref-5] The bearing positions of these three layers face dual degradation risks of informed consent and reciprocal recognition at the LLM-agent stage (per F1 [ref-F1]); the specific mechanism is addressed in §4.

The bearing structure of contestation in Taiwan contains four layers: judicial independence (the appellate structure of the Supreme Court / Supreme Administrative Court), the constitutional review mechanism (the Constitutional Court — the Grand Justices’ hearing mechanism after the 2022 statutory reform), the social movement network (the active-stance bearing of the five carriers in the preceding paragraph), and civic tech (the g0v proposal system, vTaiwan open policy collaboration, the Referendum Advancement Coalition’s petition records for constitutional interpretation, and the Open Culture Foundation).^[ref-6] The 2017–2021 eID suspension case is a successful instance of contestation in Taiwan: it was co-constituted through multi-layer bearing (civil organisations + academic joint statements + threat of Grand Justices’ constitutional interpretation + Legislative Yuan opposition + intra-ministerial dispute) and cannot be reduced to “a single organisation’s achievement” or “a policy episode”.^[ref-1] This case is elaborated in its institutional-historical bearing in §3.

The distinctive feature of the bearing structure of agonism in Taiwan lies in a structural difference between two layers of legitimate adversary structure: domestic bearing (government, civil society, and commerce as three parties) and cross-border bearing (cross-strait geopolitics + limited international space). Domestic agonism bearing is mature: the legitimate adversary status of government and opposition parties was progressively institutionalised after the first direct presidential election in 1996. Cross-border agonism bearing is weak, facing structural limitations in the sphere of international legal disputes over digital sovereignty and cross-border recognition of identity infrastructure. The present article provides an analytic treatment of this difference in §6 case-tracing; it does not make normative claims regarding cross-strait political relations.

2.3 Applicable Limits of T_PRF1–T_PRF5 in the Present Case

A2 §3.4 [ref-A2] gives four formal theorems T_PRF1 (necessity of plurality), T_PRF2 (necessity of validity), T_PRF3 (necessity of contestation), T_PRF4 (necessity of agonism), and T_PRF5 (the lemma on the unreachability of the PRF floor by existing engineering design). The applicable limits of the present article in the Taiwan case are given separately below.

T_PRF1 (necessity of plurality) may be applied directly in the Taiwan case without caveat. The institutional bearing of Taiwan’s five carriers (streets, parliament, online, referenda, social movements) in the plurality dimension is mature; in the present case, plurality violation occurs through the enrollment condition (under the TW DIW mandatory linkage schedule, those without a wallet are excluded from public realm services) rather than through the absence of the five carriers. The specific form of the violation mechanism is addressed in §4.

T_PRF2 (necessity of validity) may be applied directly in the Taiwan case, with caveat required at the LLM-agent stage. The normative-layer bearing of Taiwan’s Electronic Signature Act 2001/2024 for validity is mature; however, in scenarios where LLM-agent intervenes in wallet operations, the bearer position of Habermas’s Wahrhaftigkeit claim fails (per F1 [ref-F1]); validity’s institutional bearing must be co-borne with F1’s RT-ℬ ✗ boundary. The specific form of the caveat is addressed in §4.

T_PRF3 (necessity of contestation) requires caveat in the Taiwan case. Domestic contestation bearing is mature (the 2017–2021 eID suspension case is direct verification), but cross-border contestation bearing is nearly entirely absent (per A14 / E4 cross-jurisdictional redress gap).^[ref-E4] In cross-border scenarios, T_PRF3’s bearing degrades to “the paradigm scenario of a complete cross-jurisdictional redress vacuum” (per GPT-5.5-pro second-round audit D-3 correspondence). The contestation bearing structure of the present case must be treated separately at the domestic and cross-border layers; applying the conclusions of one layer to the other constitutes an argumentative error.

T_PRF4 (necessity of agonism) requires caveat in the Taiwan case. Domestic agonism bearing is mature (the legitimate adversary structure of government and opposition parties); the agonism bearing of the government/civil society/commerce three-party co-constitution in the TW DIW scenario is addressed in §5. Cross-border agonism bearing is weak; the legitimate adversary structure in the sphere of international legal disputes over digital sovereignty and the cross-border recognition layer of identity infrastructure is incomplete; APEC CBPR is the main fallback. The specific form of the caveat is addressed in §6.

T_PRF5 (the lemma on the unreachability of the PRF floor by existing engineering design) may be applied directly in the Taiwan case without caveat. No engineering design (including the TW DIW schema, trust list on-chain, or the civilian backup architecture proposal in the Yǒu Bèi Ér Lái advocacy document) can circumvent the PRF floor. F1’s RT-ℬ ✗ and AA-ℬ ✗ boundaries apply in the TW DIW × LLM-agent stage; F3’s UX-layer unreachable boundary for supporter UI three-layer separation applies in the TW DIW supporter scenario. The specific mechanism is addressed in §4.

2.4 Analytic Threshold Identity of LegitimacyDegrade(d) ≥ θ_dem in the Taiwan Case

A2 §3.2 [ref-A2] gives the definition of the LegitimacyDegrade function:

LegitimacyDegrade(d) ≜ σ( β₁·violation_intensity(d, plurality)
                        + β₂·violation_intensity(d, validity)
                        + β₃·violation_intensity(d, contestation)
                        + β₄·violation_intensity(d, agonism) )

Theorem T_PRF0: PRF_violated(d) ⇒ LegitimacyDegrade(d) ≥ θ_dem ≈ 0.5.

The present article adopts a strictly analytic threshold-identity stance in its use of the LegitimacyDegrade function in the Taiwan scenario, following the B2 Phase 0d Revision Note discipline (per [ref-B2] Revision Note 2026-05-16). This implies four specific consequences.

The first implication: θ_dem is an analytic suggestion, and has not been empirically calibrated. The present article does not provide specific decimal probabilities (such as “LegitimacyDegrade(d) = 0.75 in the TW DIW mandatory linkage scenario”), nor specific correlation coefficients (such as “r = 0.6 correlation between mandatory linkage and PRF violation”). Any quantified claim in the present case takes the form of “directional + magnitude language”, not “precise decimal”.

The second implication: the bearing of LegitimacyDegrade is limited to “conditional implication” rather than “empirical description”. The present article adopts the conditional form “if any component of PRF is violated, then LegitimacyDegrade(d) ≥ θ_dem”, not the completed-fact prediction “TW DIW has already caused democratic legitimacy degradation”. PRF violation in the Taiwan scenario is a working hypothesis of “a degradation path that may occur under the 2026–2028 mandatory linkage schedule” requiring subsequent empirical calibration.

The third implication: the equal weighting β₁ = β₂ = β₃ = β₄ ≈ 1.0 for the four components is an a priori setting. The present article does not claim any β shift in the Taiwan scenario; it does not claim ad hoc adjustments such as “under democratic-frontline stress test conditions, the weight of plurality should be elevated” or “under weak cross-border recognition scenarios, the weight of agonism should be elevated”. Maintaining the equal-weight stance is the analytic discipline of the present case.

The fourth implication: the LegitimacyDegrade assessment of the present case is a “threshold-identity examination” rather than a “precise value prediction”. The present article describes PRF violation signals in §4 through §7 using the language of “observable violation signals” (e.g., “the plurality exit of those without a wallet under TW DIW mandatory linkage is an observable signal”), not precise descriptions such as “violation intensity = 0.6”. The meaning of threshold identity is: crossing θ_dem is the trigger point for a degradation warning; the bearing of the present article is limited to the examination of trigger points, without claiming specific magnitude of degradation.

2.5 Limitations of the Present Article

The bearing limitations of the present article contain five items. First, the present article is an illustrative anchor, not a universal generalisation. The four-dimensional stress-test results of the Taiwan case constitute a conditional implication with respect to structurally similar locales within and outside the OECD (Baltic States, South Korea, Ukraine, Moldova), requiring subsequent case-tracing verification. The working hypothesis of the extrapolation is “structurally similar locales bear a similar distribution of PRF violation risks”; verification requires multi-case process tracing and QCA (Qualitative Comparative Analysis) cross-case research.

Second, the present article does not replace the PRF normative argument of A2 [ref-A2]. The original-text readings of the four PRF component anchors, the distinction between conjunction and synthesis methodology, and the proof sketches of the four formal theorems are all completed in A2; the present article cites them by forward-link without repeating the arguments. The new bearing added by the present article is limited to the case-tracing of the Taiwan scenario and the caveats on the applicable limits of T_PRF1–T_PRF5.

Third, the citation of the Yǒu Bèi Ér Lái civilian advocacy document in the present article is at the level of civilian backup proposal material, not a “verified” civilian backup scheme. The litepaper was published in 2025-11 and as of May 2026 remains at the PoC / advocacy stage; the present article treats it with academic distance in §5, explicitly marking the distinction between the author’s position (civilian backup advocacy) and the present article’s PRF framework (normative floor of the series); the litepaper is not used as a source for theorem-level arguments. The litepaper is cited under the designation “civilian advocacy document”, not in academic citation format.^[ref-3]

Fourth, the treatment of cross-strait geopolitics in the present article is limited to two layers: “factual-level description” and “technical-legal level issues”. The PRC attack surface (DDoS / submarine cable cutting / cognitive warfare / disinformation dissemination) is factual-level description, not using the language of political propaganda; the bearing of agonism in cross-strait relations is limited to two technical-legal level issues — “international legal disputes over digital sovereignty” and “cross-border recognition of identity infrastructure” — without making normative claims regarding cross-strait political relations. This limitation is the bearing discipline of the present article.

Fifth, the treatment of marginalised access issues in the present article (30,000 persons with dementia / approximately 5,000 ARC migrant workers / persons with disabilities / elderly residents in remote areas) adopts the A15 three-layer guarantee structure (procedural / substantive / institutional) as an analytic typological treatment;^[ref-A15] neither an attributive register of “the government has not acted in good faith” nor an optimistic presupposition of “the service will necessarily be inclusive” is adopted. The bearing of the present case is limited to the description of the distribution structure and the examination of engineering bearings; specific policy recommendations are addressed in §8 series integration.

---

§References (SA0)

• [ref-1] Executive Yuan, Republic of China (2021). Administrative documents on “Chip-based Identification Documents (New eID)” (decision to suspend universal rollout, January 2021); Interior Committee, Legislative Yuan (September 2021), resolution. Joint statements of civil society organisations including the Citizen Congress Watch, Taiwan Association for Human Rights, and Open Culture Foundation, 2020–2021 (including two waves of academic joint statements). Source level A/B.
• [ref-2] Ministry of Digital Affairs, moda (from inauguration August 2022 to May 2026 public information): TW FidO mobile natural person certificate; TW DIW pilot announcement (2024); TW DIW launch announcement (June 2025); trust list on-chain explanation. Source level A.
• [ref-3] Yǒu Bèi Ér Lái litepaper (civilian advocacy document, public consultation version 2025-11-13), https://blog.bonds.tw/litepaper/, accessed 2026-05-16. Cited in the present article as “civilian advocacy document”, not in academic citation format. [NOTE: integration step will strip author list from any inline ref usage]
• [ref-4] Chu Yun-han (2012). High Thinking Amid the Clouds; Lin Tsung-hung (2020). Island Dust; Fan Yun (2024), twenty-year observations on the women’s movement and Taiwan civil society (reused from A2 ref-29, ref-30, ref-31).
• [ref-5] Electronic Signature Act, Republic of China (legislation November 2001 / implementation April 2002 / amendment 2024); Personal Data Protection Act (1995 → 2010 → 2023); TW DIW regulatory draft (moda public data). Source level A.
• [ref-6] Grand Justices’ Interpretation mechanism of the Judicial Yuan (including Interpretations Nos. 384 / 396 / 418 / 436 / 709 / 762 / 805 and others); Constitutional Court (hearing mechanism after the 2022 statutory reform); g0v (2012–) + vTaiwan open policy platform. Source level A/B.

---

The present chapter addresses the “governmental / legal / organisational” layer of the history of Taiwan’s digital identity institutions. Corresponding to the four PRF (civic proof) components advanced in §1 — plurality, validity, contestation, agonism — the chapter focuses on the extent to which these four components were “prepared” in institutional history and the traces of pressure upon them. The chapter strictly distinguishes between L1 description (institutional facts that have occurred) and L2 interpretation (why this evolution occurred). L2 material is presented separately at the end of each section in a dedicated “institutional history interpretation” paragraph, to avoid conflation with L1.

§3.1 Democratic Transition Period (1991–1996): The Institutional Foundation of Plurality

L1 description. Following the Wild Lily student movement of March 1990, the Council of Grand Justices of the Judicial Yuan issued Interpretation No. 261 on 21 June 1990, requiring that the senior members of the first-term central representative bodies who had not been subject to periodic re-election terminate the exercise of their powers by 31 December 1991, and that the central government hold timely national elections for the next term of central representative bodies [ref-1]. On 21 December 1991 elections were held for the Second National Assembly; on 31 December 1991 senior first-term representatives, legislators, and control yuan members retired in full; on 19 December 1992 elections were held for the Second Legislative Yuan; on 1 February 1993 the Second Legislative Yuan and the Second Control Yuan were constituted [ref-1][ref-2]. On 23 March 1996 the first direct election of the President and Vice President was held, with a voter turnout of 76.04%; Lee Teng-hui and Lien Chan of the Kuomintang were elected [ref-3].

L2 institutional history interpretation. The two key events of 1991–1996 (the end of the “Ten-Thousand-Year Congress” and the direct presidential election) laid the political foundation for the subsequent political space in which “digital identity systems are subject to public contestation”. Among the four PRF components, plurality (multiple holders simultaneously able to advance valid identity claims) requires not a technical precondition but a political one: the political community must have consensus that “dissenters are also legitimate members”. This consensus did not exist under the pre-1991 Republic of China system (the perpetual Congress + martial law + ban on political parties) and stabilised at the institutional level only after 1996. All subsequent digital identity disputes in Taiwan (including the eID suspension case in §3.3) were able to operate within the circuit of “government promotes → civil society contests → government retreats” on the premise that 1991–1996 had already legitimised the circuit itself.

§3.2 First Party Rotation of 2000: Procedural Stabilisation of Validity

L1 description. In the presidential election of 18 March 2000, Democratic Progressive Party candidates Chen Shui-bian and Annette Lu won with 39.30% of the vote, defeating James Soong (36.84%) and Lien Chan (23.10%), constituting the first party rotation in the constitutional history of the Republic of China, ending 55 consecutive years of Kuomintang governance on Taiwan [ref-4]. Military leadership publicly issued a statement of loyalty to the constitution and political neutrality after the electoral result became clear, and neither military nor administrative resistance occurred [ref-4]. The second party rotation in 2008 (Ma Ying-jeou elected), the third in 2016 (Tsai Ing-wen elected), and the fourth presidential election in 2024 (continuing DPP governance but with a legislative minority) completed multiple peaceful transfers of power across thirty years.

L2 institutional history interpretation. Validity (membership credentials can be independently verified without being manipulated by a single sovereign) in the pre-electronic era already required three layers of procedural trust: “electoral rolls”, “identity documents”, and “voting procedures”. The key element of 2000 was not the party change itself, but the fact that “the administrative continuity of household registration and identity infrastructure was not politicised during the government handover”. All subsequent digital identity policies were able to be executed across party lines (the chip-based national identity card, from its 2005 conceptualisation to the 2018 New eID procurement, spanning three presidencies) because this layer of procedural continuity was in place. However, the bearer of this validity is the administrative body of the “Department of Household Registration / Ministry of the Interior”, not an independent supervisory body; this structure becomes a pressure point from §3.3 onwards.

§3.3 eID Suspension Case (2018–2021): A Successful Instance of Contestation

L1 description. On 27 December 2018 the 3,632nd Executive Yuan cabinet meeting approved the National Development Council’s “Smart Government Development Blueprint”, listing “connection of digital identity with government services” as one of two infrastructure priorities, with a plan to universally replace the digital identity card (New eID) by 2020 [ref-5][ref-6]. On 15 June 2020 Chunghwa Telecom won the bid for the “New Generation National Identity Card Replacement System Construction and Maintenance Project”, contracting the digital identity management system, the household registration system, the natural person certificate system functional expansion, and integration with the Central Printing Factory card centre system [ref-7]. In the same period in 2020, Teco Electric won the tender for the digital identity card PC chip card and printing equipment, triggering controversy over issues including the qualifications of subsidiary companies and partner companies Idemia (Czech factory) and Entrust Datacard (US/UK factory) [ref-7].

From February 2020 onwards, academic information security experts publicly questioned the programme. Lin Tsung-nan (National Taiwan University, Department of Electrical Engineering) and Li Chung-hsien (National Cheng Kung University, Department of Electrical Engineering) co-authored an opinion piece published in Liberty Times Net, pointing out single-point-of-failure information security risks in the centralised design, and that proceeding without “information security clearance investigation” and under a clear institution was an irresponsible policy measure [ref-8]. Li Chung-hsien further questioned the Ministry of the Interior’s claim that “the private key will absolutely not be leaked”, using technical arguments such as “eID is the infrastructure of digital dictatorship” and “if the public key can be exported then so can the private key” [ref-9]. Civil organisations including the Taiwan Association for Human Rights and the Judicial Reform Foundation called for dedicated legislation and requested Control Yuan investigation [ref-10].

On 21 January 2021, Premier Su Tseng-chang agreed to the Ministry of the Interior’s proposal to “suspend the digital identity card issuance programme”, with Vice Premier Shen Jong-chin tasked to convene relevant ministries, gather opinions, and promote the programme only after the legal framework was completed (through enactment of dedicated digital identity legislation) [ref-11][ref-12]. The Taiwan Association for Human Rights separately pursued administrative litigation in 2021, seeking confirmation that the original policy was unlawful and maintaining that it had a cause of action [ref-13]. As of May 2026, the New eID replacement programme has not been restarted, and the relevant dedicated legislation has not been passed.

L2 institutional history interpretation. Among the four PRF components, the 2018–2021 eID suspension case most directly cultivated contestation (membership credentials can be contested, suspended, and renegotiated). Three structural characteristics deserve marking: (i) the source of contestation was the conjunction of academia + civil society + the Control Yuan system, not an appeal by a single elite; (ii) the normative bases of contestation were “single-point-of-failure of the centralised design” and “absence of dedicated legislative authority” — the technical and legal bases of these two arguments are separate but complementary; (iii) the administrative retreat was a self-directed policy decision, not a judicially compelled one, which means the retreat itself could be reversed by a subsequent administration. The third point is the latent pressure that the §3.4 DIW pivot must address: the victory of the suspension case is a “procedural victory”, not a “normative lock-in”. Taiwan’s contestation mechanism thus functioned but is fragile, requiring continuous civil society presence.

§3.4 DIW Pivot (2019–2024): Organisational Restructuring of Agonism

L1 description. On 28 December 2021 the Legislative Yuan passed three readings of the Organic Act of the Ministry of Digital Affairs and related organic law bills [ref-14]. On 19 January 2022 the President promulgated the Act. On 5 August 2022 Premier Su Tseng-chang approved the appointment, with political minister Audrey Tang designated as the inaugural minister. On 27 August 2022 the Ministry of Digital Affairs (moda) was formally inaugurated as the highest authority in charge of digital affairs, consolidated from business units previously dispersed across various Executive Yuan ministries and commissions; its mission encompasses assisting the public sector in digital transformation, promoting digital industries, and advancing national information infrastructure and information security [ref-15][ref-16].

After the eID suspension case, TW FidO (mobile natural person certificate) was developed under the leadership of the Ministry of the Interior, adopting FIDO standards and the natural person certificate mechanism to provide biometric-bound identity verification (PKI pathway) [ref-17]. From 2024, the Ministry of Digital Affairs planned and launched the Taiwan Digital Identity Wallet (TW DIW (Taiwan Digital Identity Wallet)) project, adopting international standards including W3C Verifiable Credentials, OpenID4VCI, and SD-JWT; it entered sandbox testing in March 2025, closed testing in April 2025, and trial operation from December 2025 [ref-18][ref-19][ref-20]. The architecture adopts a “distributed” design with no single central database storing user data [ref-17][ref-19].

On the parallel personal-data governance front: pursuant to Constitutional Court Judgment 111 No. 13, the state was required to establish an independent personal data protection supervisory mechanism by August 2025. On 5 December 2023 the preparatory office of the Personal Information Protection Commission (PIPC (Personal Information Protection Commission)) was inaugurated as a central third-tier agency [ref-21]. In 2025 the Legislative Yuan passed the third reading of amendments to certain provisions of the Personal Data Protection Act, conferring enforcement powers on PIPC (personal data incident notification, security maintenance regulations) [ref-21].

L2 institutional history interpretation. From a PRF perspective, the establishment of moda and the inauguration of PIPC’s preparatory office together constitute an attempt at organisational restructuring of the agonism component: separating “policy promotion of digital infrastructure” from the Department of Household Registration / Ministry of the Interior (a business unit), and elevating “independent supervision of personal data compliance” from attachment to the competent industry authority to the level of an independent agency explicitly required by the Constitutional Court. However, two structural deficiencies must be explicitly noted: (i) TW FidO and TW DIW are operated in parallel by different ministries (Ministry of the Interior and Ministry of Digital Affairs), and the legal basis for division of jurisdiction still relies on inter-ministerial agreements rather than dedicated legislation; (ii) during the transitional period between PIPC’s preparatory phase and formal establishment, the enforcement leverage of agonism remains weak, presenting structurally similar risks to the third condition (“remediation failure”) in the three-premise retroduction structure of “commercial monopoly + no remediation procedure → infrastructural tyranny” shown in the Nordic BankID series articles [ref-22].

The political node between moda’s establishment and TW DIW’s deployment at which Minister Tang Audrey was not retained in the new cabinet also requires marking: following the 2024 presidential election cabinet reshuffle, moda underwent a transition in personnel, and the DIW sandbox progress was maintained through the transition. This reflects both the administrative continuity mentioned in §3.2 and the fact that the policy legitimacy of DIW still partially depends on accumulated personal prestige (personalistic legitimacy) rather than complete legal authority.

§3.5 Trust List on Public Blockchain, 2024–2026: Technical Selection and Governance Structure

L1 description. The core design of TW DIW is divided into four layers: (i) the wallet application (mobile device side); (ii) the verifiable credentials issuance on the issuer side; (iii) selective disclosure verification on the verifier side; and (iv) the trust list — the publicly verifiable record of “the roster of trusted credential issuers and wallet providers”. Layer (iv) is the focus of interest in the present series: moda’s public materials and technical statements indicate that the TW DIW trust list is “placed on a public blockchain” for the purpose of ensuring that “no one can alter it and anyone can access the data through different blockchain service providers” [ref-19][ref-23].

As to the technical details of the specific chain, contract address, DID method, and issuer roster governance procedures, as of May 2026 they have not been fully disclosed to the public at the wallet.gov.tw developer page or at the level of official Executive Yuan gazettes; information from within the field and media reports (Blocktrend, iThome) point to an Ethereum-family public chain, but no official document directly recording the chain ID and contract address has been obtained (primary source pending) [ref-23][ref-17].

Alignment and divergence from EUDI ARF (European Digital Identity Architecture and Reference Framework): the EU ARF defines “Trusted Lists” as “a repository providing information on the current and historical status of authoritative entities in a specific legal or contractual context”, and ARF explicitly states that “there may be multiple trust lists”, listing at least nine types as examples [ref-24]. The EU adopts a LoTL (List of Trusted Lists) architecture: trust roots are issued by member state supervisory bodies and aggregated by the EU-level LoTL; the technical carrier is primarily XML / XAdES, and public blockchain anchoring is not mandated. TW DIW’s choice to anchor the trust list to a public chain constitutes a contrast of “normative isomorphism, different technical selection” with the EU pathway: both take “publicly verifiable trusted roster” as core, but the EU ensures tamper-evidence through the hierarchical signature chain of the supervisory body, while TW DIW adds a public chain as a jointly auditable layer above this [ref-19][ref-23][ref-24].

Key “hybrid architecture” facts: TW DIW’s statutory authority (who can issue, who is trusted) is still borne by moda and the Ministry of the Interior’s Government Certification Authority (GCA / MOICA (Ministry of the Interior Certificate Authority)); the public chain bears only the limited role of “trust list anchoring” [ref-17]. This means that the political sovereignty of the trust root remains with the state; the public chain is a visibility mechanism, not a source of authority. This differs in degree of deployment from Bhutan NDI (which anchors credentials and DID resolution entirely to the Ethereum main network) [ref-25].

L2 institutional history interpretation. The technical selection of anchoring the trust list to a public chain is itself a governance choice. Placing the trusted issuer roster on an immutable public ledger is tantamount to declaring that “the government cannot secretly change the trust root and must publicly disclose the history of changes to the entire network”. This produces a bidirectional reinforcement of both validity and contestation among the four PRF components: verification of validity can be independently completed by any third party (without trusting moda’s API), and the evidentiary basis of contestation is made public (civil society can audit “when the government added or removed a particular issuer”). However, plurality (coexistence of multiple trust roots) has not thereby been cultivated: the trust list remains a single roster decided by a single state agency, in structural tension with the plurality pressure of “simultaneous claims by multiple trust sources” in LLM-agent scenarios, to be addressed in §4 (SA2).

§3.6 Systematic Cultivation of and Pressure on PRF Four Components Throughout Institutional History

Synthesising the preceding five sections, the differential degree of cultivation of the four PRF components in Taiwan’s institutional history can be structured as the following table (ratings are the present article’s integrated relative-strength presentation, not a citation of any existing official classification):

Component	Degree of cultivation	Source of pressure	Corresponding section
Plurality	Medium	Trust root still decided by a single state agency; multiple issuers not yet independently constituted at the institutional level	§3.5
Validity	Medium–strong	Anchoring of trust list to public chain strengthens tamper-evidence; dedicated legislation still absent	§3.2, §3.5
Contestation	Medium–strong	eID suspension case demonstrated the contestation circuit is operable; victory was procedural rather than normative lock-in	§3.3
Agonism	Medium–weak	PIPC has a transitional period between preparatory phase and full enforcement leverage; inter-ministerial division of jurisdiction still relies on agreements	§3.4

The cultivation of the four components is not balanced. Validity and contestation are relatively strengthened by two positive historical events — the 1990s democratic transition and the 2018–2021 eID suspension case; plurality has not been structurally addressed because the trust root remains concentrated in state agencies; agonism is most fragile because of the “incomplete organisational restructuring” during the PIPC preparatory period + the inter-ministerial division of jurisdiction. This uneven distribution is the key question to be examined in §6 (SA4): when the LLM-agent scenario arrives and all four PRF components are required to be simultaneously in place, how do the “strengths” and “weaknesses” of Taiwan’s institutional history determine the capacity to bear pressure.

Three argumentative limitations must be honestly noted. First, the technical details of the TW DIW trust list on-chain (chain ID, contract address, DID method) have not been fully disclosed at the primary government document level; the interpretive strength of this chapter regarding that technical selection is limited to “medium-strong”, and subsequent updates require tracking of the wallet.gov.tw developer page and the Executive Yuan Gazette. Second, the causal chain between “institutional history cultivation” and “component strength” is a historical path-dependence inference and cannot be confirmed by controlled experiment; the present chapter adopts the path dependency and critical juncture framework [ref-22], and the argumentative strength ceiling is medium-strong. Third, the enforcement strength of PIPC from its December 2023 preparatory phase to formal operation in 2025 is still evolving; the present chapter’s rating of agonism as “medium–weak” is a snapshot as of May 2026 and may be revised in light of personal data law enforcement cases in 2025–2026.

---

§References (SA1)

[ref-1] J.Y. Interpretation No. 261 of the Judicial Yuan (21 June 1990). Constitutional Court website; Plain Law “Farewell to the Perpetual Congress!” https://cons.judicial.gov.tw/docdata.aspx?fid=100&id=310442; https://plainlaw.me/2016/09/08/jy_interpretation_no_261/

[ref-2] Wikipedia, “National Elections and Recalls of the Republic of China Congress in Taiwan.” Second National Assembly elections, 21 December 1991; Second Legislative Yuan elections, 19 December 1992; Second Legislative Yuan and Control Yuan constituted, 1 February 1993.

[ref-3] 1996 Republic of China presidential election. Wikipedia. Voter turnout 76.04%.

[ref-4] 2000 Republic of China presidential election. Wikipedia. Chen Shui-bian 39.30%, James Soong 36.84%, Lien Chan 23.10%.

[ref-5] Executive Yuan, 3,632nd cabinet meeting (27 December 2018), agenda item “Digital Identity Card — The Key to Smart Government.” https://www.ey.gov.tw/Page/448DE008087A1971/12ffc708-1b40-450a-b50a-0114b479e079

[ref-6] National Development Council, “Smart Government Planning Report” (27 December 2018).

[ref-7] Chunghwa Telecom, “Award Announcement for New Generation National Identity Card Replacement System Construction and Maintenance Project” (23 June 2020); “eID Tender Controversy — Teco Clarifies Again,” China Times 8 September 2020.

[ref-8] Lin Tsung-nan and Li Chung-hsien, “Liberty Forum / Information Security Risks of the Digital Identity Card,” Liberty Times Net. https://talk.ltn.com.tw/article/paper/1318140

[ref-9] Li Chung-hsien, “eID Is the Infrastructure of Digital Dictatorship,” Epoch Times; “Analysing the Digital Identity Card Information Security Controversy,” iThome.

[ref-10] “Human Rights Organisations Fear Digital Identity Card Will Become Tool of Government Control Over People, Call for Control Yuan Investigation,” China Times 10 September 2019; “From the Forced Halt of the Digital Identity Card Policy,” The Reporter. https://www.twreporter.org/a/e-id-in-taiwan-2021-failed

[ref-11] Executive Yuan, “Digital Identity Card Issuance Programme Suspended — Premier Su: Promote After Perfecting Legal Framework” (21 January 2021). https://www.ey.gov.tw/Page/9277F759E41CCD91/e80e55a2-0102-4031-b6d3-a7c40f4cac6a

[ref-12] Executive Yuan, “Review and Assessment of the Digital Identity Card (New eID) Replacement Programme,” cabinet meeting agenda.

[ref-13] “Executive Yuan Suspends Digital Identity Card — Taiwan Association for Human Rights Files Suit Claiming Cause of Action Remains,” United Daily News.

[ref-14] Organic Act of the Ministry of Digital Affairs, Republic of China (third reading passed by the Legislative Yuan, 28 December 2021; promulgated by the President, 19 January 2022).

[ref-15] INSIDE, “Ministry of Digital Affairs to Be Formally Inaugurated on the 27th of This Month! Executive Yuan: First Minister Will Be Audrey Tang.”

[ref-16] Ministry of Digital Affairs official website, “Ministers Since Inauguration | About moda.” https://moda.gov.tw/aboutus/ministers-since-2022/1527

[ref-17] iThome, “Digital Certificate Wallet Builds the Foundation of Trust for the Digital Environment.” https://www.ithome.com.tw/news/173833

[ref-18] CIO Taiwan, “Digital Certificate Wallet Enters Sandbox Testing at End of March, Open Source and Distributed Architecture.” https://www.cio.com.tw/86785/

[ref-19] CIO Taiwan, “Digital Certificate Wallet Launched — Establishing Taiwan’s Digital Foundation.” https://www.cio.com.tw/93520/

[ref-20] Civic Tech Taiwan, “What Is the Taiwan Digital Identity Wallet?”

[ref-21] Personal Information Protection Commission preparatory office official website; “Inauguration of PIPC Preparatory Office,” Executive Yuan press release (5 December 2023); Constitutional Court Judgment 111 No. 13. https://www.pdpc.gov.tw/

[ref-22] Prior articles in the present series: 2026-05-07 “The Cost of Nordic Commercial Identity Infrastructure” (D1); 2026-05-06 “DNS vs Identity Trust Roots” (D3); 2026-05-09 “Cross-Jurisdictional” (A14).

[ref-23] Blocktrend (Hsu Ming-en), “Why Can’t the Digital Certificate Wallet Just Use Apple Wallet? ft. moda Think Tank Denken.” https://www.blocktrend.today/p/ep312

[ref-24] EUDI Architecture and Reference Framework, Trusted Lists chapter. https://eudi.dev/2.4.0/architecture-and-reference-framework-main/

[ref-25] Memory entry in /Users/mashbean/Documents/AI-Agent/.claude: did-vc-public-chain-deployments.md. Comparison noting Bhutan NDI migration to Ethereum main network on 13 October 2025; TW DIW adopts “trust list anchoring” hybrid architecture.

---

§4 TW DIW × LLM-agent Interface: The Deployment Gap of the Civic-Action Receipt Schema in the Taiwan Context

Scope declaration: This section is the SA2 chapter of the twenty-fourth article of the civic-proof series, building on the frameworks of F1 (article 16), F2 (article 17), F3 (article 18), and B2 (article 14), and addressing the engineering-normative interface of “hypothetically connecting an LLM-agent to the Taiwan Digital Identity Wallet (TW DIW)”. This section constitutes method illustration, not an empirical claim — following the B2 Revision Note discipline ([ref-1]), likelihood adopts the four-level directional language of low / medium / medium-high / high, without specific decimal values.

---

§4.1 TW DIW Current Issuer Scope and Data Model — Mapped to EUDI ARF 2025-12 and W3C VCDM v2.0

§4.1.1 L1 Description: Publicly Available Elements

Based on publicly available information from the Ministry of Digital Affairs, the Ministry of the Interior’s Government Certification Authority, and the wallet.gov.tw developer page ([ref-2], [ref-3], [ref-4]), Taiwan’s current identity infrastructure operates in two parallel layers:

• TW FidO (mobile natural person certificate) — the Ministry of the Interior’s Government Certification Authority (MOICA) bears the trust root; the technology is PKI (FIDO2 / WebAuthn + X.509). This is an off-chain root certification.
• TW DIW — led by the Ministry of Digital Affairs, progressively released from 2024. The primary specifications are OpenID4VCI and SD-JWT VC ([ref-2]). The trust list is anchored to a public blockchain; information from within the field points to an Ethereum-family chain, but the specific chain ID, contract address, and DID method have not been fully disclosed to the public at the wallet.gov.tw developer page or primary government document level ([ref-5]). The statutory authority of the trust root is still borne by moda and the Ministry of the Interior; the public chain bears only the limited role of “trust list anchoring” — a hybrid architecture.

The scope of issuers expected to enter the trust list includes: Ministry of the Interior (household registration certificates, seals), Central Election Commission (voter qualification, recall petition), Ministry of Finance (income and tax certificates), Ministry of Health and Welfare (National Health Insurance, long-term care, disability certificates), Ministry of Labour (labour insurance, occupational safety training), Ministry of Education (academic credentials, teacher qualifications), Judicial Yuan / Ministry of Justice (electronic civil litigation documents), and Financial Supervisory Commission (through authorised financial institutions as attribute providers).

§4.1.2 L1 Description: Mapped to EUDI ARF 2025-12 Iteration

F1 §5.4 and §7.3.1 already mapped ARF §6.6.3 delegated key custody and Annex 2 representation as comparison axes for the engineering reality of wallets ([ref-7]). Principal alignments and divergences between TW DIW and ARF 2025-12 (L1 description layer):

Element	EUDI ARF 2025-12	TW DIW (as available May 2026)	Gap type
Wallet Instance attestation	PID + Wallet Instance Attestation	Pending disclosure by wallet.gov.tw	Disclosure gap
Primary credential format	SD-JWT VC + ISO/IEC 18013-5 mdoc dual track	SD-JWT VC primary track; mdoc track not specified	Specification branch
Holder binding	§6.6.3 device-bound + cloud-bound	TW FidO + mobile device two-factor	Disclosure gap
Trust framework	EU Trusted List Browser	Trust list on public chain + moda bearing	Structural branch (hybrid)
Representation	§6.6.3.9 user binding + Annex 2 single-shot	No representation specification disclosed externally	Normative gap
Selective disclosure	SD-JWT-VC primary, BBS+ CRD conditionally advanced	SD-JWT-VC; BBS+ not specified	Specification branch
Cross-border	eIDAS 2.0 Art 12 treaty-level mutual recognition	Bilateral MoU as primary mechanism	Structural gap

W3C VCDM v2.0 (2025-05-15 Rec) §4.12 leaves an abstract cryptosuite layer for wallets among four securing mechanism pathways ([ref-8]); TW DIW’s adoption of the SD-JWT VC primary track already falls within a legitimate subset.

§4.1.3 L2 Interpretation: Four Disclosure Gaps

• G1 — The wallet instance attestation specification is not publicly available; it is not possible to determine whether the wallet side can provide cryptographic distinction of agent_did ≠ subject_did during receipt generation (corresponding to the bearing conditions of the agent_delegation_proof and agent_delegation_capability_hash two fields in F2 §3.1 schema) ([ref-9]);
• G2 — The representation / mandate specification is not specified; there is no direct bearing for the three engineering corrections of F1 §5.4 (particularly multi-tenant delegated key custody) ([ref-7]);
• G3 — The trust list is on-chain but the chain ID is not disclosed, leaving the pathway “cross-border verifier resolves TW issuer recognition status via on-chain data” at the engineering-unverified stage (affecting the F2 §3.4 C5 recognition clause);
• G4 — TW DIW and TW FidO trust roots each have separate statutory authorisations; publicly available information is insufficient to determine the key attribution of holder binding and chooser_signature, corresponding to the four enum choices for holder_binding_method in F2 schema (sd-jwt-kbjwt / bbs-2023-proof / mdoc-deviceauth / jose-cose).

The four disclosure gaps constitute one factual basis for the likelihood assessment in §4.5.

§4.2 Hypothetically Connecting an LLM-agent — Challenges of F1 §5.4 delegation_chain + presentation_origin in the Taiwan Context

§4.2.1 Scope Delineation

F1 §2.4 has already specified that AI agent ≠ automated decision-making ([ref-7]). Discussion in this section is limited to the scenario of “the holder issuing operational instructions to the wallet via an LLM-agent, with the agent producing or presenting a VC presentation on the holder’s behalf”; it does not cover (a) the government side actively using LLM for automated adjudication (falling under GDPR Art 22 / EU AI Act Annex III); (b) verifier-side LLM adjudication; or (c) issuer-side LLM attribute confirmation. The focus is on the specific form in TW DIW of F1 Q10a “the cryptographic accountability gap in authority transfer”.

§4.2.2 L1 Description: Deployment Point of delegation_chain in TW DIW

F1 §7.3.1 has already established the two-piece set of AgentDelegationProof2026 (agent-side attestation) + AgentDelegationCapability (holder-personally-signed envelope) ([ref-7]). Specific deployment points in TW DIW:

• Envelope L1: The holder personally signs AgentDelegationCapability VC with TW FidO (natural person certificate signing key), explicitly stating the scope of authorisation — corresponding to the four dimensions of minimal delegation in F1 §5.4 (task, time, frequency, consent) ([ref-7]);
• Envelope L2: The agent, upon presentation, adds AgentDelegationProof2026 to proof.type; the verifier must simultaneously verify the agent attestation and the holder delegation capability;
• presentation_origin: The verifier_did and timestamp_presented in F2 §3.1 schema fix the origin at the time of presentation, bearing the audit anchor ([ref-9]).

§4.2.3 L2 Interpretation: Three Implementation Challenges

Challenge one — the double-layer binding gap between TW FidO key and wallet-side key. TW FidO uses PKI, with the natural person certificate root certificate borne by the Ministry of the Interior; the TW DIW wallet-side device binding uses the KB-JWT of SD-JWT VC. When an LLM-agent intervenes, the holder’s personally signed AgentDelegationCapability must be completed at the “natural person certificate key” layer (which has legal bearing), but the subsequent KB-JWT of the agent’s presentation originates from the wallet-side device key (which does not have equivalent legal bearing). The absence of an explicit engineering bridge between the two key layers is the specific form in TW DIW on the F1 Q10a pathway of the G2 disclosure gap.

Challenge two — the bearer problem of agent_did in Taiwan’s trust list. If the agent belongs to a foreign model provider (OpenAI, Anthropic, Google DeepMind), there is no trust anchor for verifiers in the Taiwan field. This triggers type (iii) — cross-jurisdictional diffusion type — of the three types of accountability vacuum in F1 §6.1 ([ref-7]): agent / model providers are mostly foreign, and when Taiwan verifiers refuse to accept there is also no foreign party to sue.

Challenge three — bearing of presentation_origin in Traditional Chinese UX. The verifier presents “requested attributes, consequences of refusal, duration” in three sections in Traditional Chinese. The attribute_count ≤ 3 upper bound of F3 UX1 ([ref-10]) is somewhat tight given the information density and legal precision requirements of Traditional Chinese. When an agent intervenes and compresses the verifier policy to a single “please click to agree”, the holder loses the condition of being informed on the original policy text. Extended to §4.4.

§4.2.4 L3 Normative: Mapping to PRF Axes

Article 19 (A2) has already defined PRF ≜ ⟨plurality, validity, contestation, agonism⟩ as the normative floor of the series ([ref-11]). Challenge one touches validity (the two-layer key bridge absent makes the validity of chooser_signature in cross-layer evaluation exhibit undefined behaviour); challenge two touches contestation (foreign agent provider lacks trust anchor); challenge three touches the disclosure condition of plurality (linguistic friction of Traditional Chinese UX weakens the channel for voice).

§4.3 Minimum Viable Implementation of the Civic-Action Receipt Schema in the Taiwan Context

§4.3.1 L1 Description: Issuer Correspondence for F2 Schema’s 14 Field-Groups

Based on F2 §3.1 ([ref-9]), mapping the bearing issuers for the 14 field-groups to existing Taiwan ministries:

Field-group	Bearing issuer	Degree of new construction
receipt_id / decision_id / timestamps	Wallet + verifier both sides	No new construction needed
subject_did	TW FidO natural person certificate key → DID mapping	New construction needed (mapping spec)
supporter_did	Adult guardian registered under Civil Code §1113-2 to §1113-10 ([ref-12])	Partial new construction (legal ready, engineering not ready)
agent_did	Foreign model provider or domestic agent provider (pending G_state^A certification)	Full new construction
verifier_did	Various ministries (issuer DID in trust list corresponds)	New construction needed (explicit dual use of issuer→verifier identity)
options/option hash	Wallet + verifier (DIF PE v2.1)	No new construction needed
comprehension_attestation_hash	Health and Welfare dementia medical side + long-term care centres + social workers	Partial new construction
chooser_signature	TW FidO key signing (Electronic Signature Act §4) ([ref-13])	No new construction needed
holder_binding_method	Wallet-side SD-JWT KB-JWT as default	No new construction needed
cryptosuite_id	wallet.gov.tw announcement	New construction needed (announcement)
agent_delegation_proof / capability_hash	TW FidO personally signed + agent provider attestation	Full new construction
preservation_layer / endpoint / retention_floor / timestamp_token	National Archives Administration + qualified preservation service dual track (Archives Act §13, §22 + Electronic Signature Act §10)	Partial new construction
content_hash / qualified_person_attestation	Wallet + lawyer / accountant / notary attestation	Partial new construction
jurisdictional_profile	Default tw-esign-art4-10 (already provided in F2 enum)	No new construction needed
recognition_chain / cross_border_envelope	Ministry of Foreign Affairs + moda + bilateral MoUs of various ministries	Full new construction
revocation_window / endpoint	wallet.gov.tw + issuer (OpenID4VCI Status List)	No new construction needed (must be explicit)
audit_release_policy	Personal Data Protection Act §5, §19 ([ref-14]) + PDPC (established 2025) ([ref-15])	No new construction needed (implementation rules needed)

§4.3.2 L2 Interpretation: Unclosed Segments of the Critical Path

Extracting from the above table the three “full new construction” groups — agent_did trust anchor, agent_delegation_proof / capability_hash, recognition_chain / cross_border_envelope — these constitute the unclosed segments of the critical path in the TW DIW × LLM-agent scenario. Even if all four of §4.1’s disclosure gaps G1–G4 were eliminated, the three groups would still require three-layer collaboration to complete: G_industry^A (W3C / DIF / IETF) + G_state^A (Ministry of Digital Affairs + Legislative Yuan) + G_recognition^A (Ministry of Foreign Affairs + bilateral MoUs + treaty-level mutual recognition).

The “partial new construction” groups (supporter_did, comprehension_attestation_hash, preservation_layer, content_hash / qualified_person_attestation) have normative frameworks but lack engineering carriers. The new adult guardianship system ([ref-12]) has already provided legal bearing for supporter_did; however, Huang Shih-chun’s (2020) interpretation of “self-determined substituted” under Civil Code §1113-2 to §1113-10 is a position of a single scholar ([ref-16]), and three connection gaps — activation conditions, role nature, and scope of subjects — make the legal bearing of supporter in the Taiwan field incomplete (consistent with the sixth honesty boundary of F3 §11.1) ([ref-10]).

§4.3.3 L3 Normative: Mapping to PRF

• The unclosed segments of the three full-new-construction field-groups correspond to contestation (absence of trust anchor for agent_did → holder lacks cryptographic accountability bearer for contestation after substituted degradation);
• The legal bearing gap of partial-new-construction supporter_did corresponds to plurality (adult guardianship engineering has not kept pace → supporter intervention is pushed back to family proxy signing);
• The TW FidO key bearing of no-new-construction-needed chooser_signature corresponds to validity (Electronic Signature Act §4 already confers legal effect).

§4.4 Localisation Challenges of Selective Disclosure UX in Traditional Chinese + Consumer Protection Law Environment — F3 §10 Integration

§4.4.1 L1 Description: Consumer Protection Act §11-1 and Personal Data Protection Act §5, §19

Article 11-1 of the Consumer Protection Act provides that business operators must allow consumers a reasonable review period before executing standard-form contracts ([ref-17]). Although “verifier policy disclosure” in the wallet scenario is not legally equivalent to a standard-form contract, the structure of “prior information disclosure” + “pressing agree is deemed acceptance” is structurally homomorphic to the information asymmetry that Consumer Protection Act §11-1 aims to regulate (structural homomorphism, not direct application).

Personal Data Protection Act Article 5 regulates “not exceeding the necessary scope of a specified purpose” (the legal basis for minimal disclosure); Article 19 regulates the statutory requirements for non-governmental organisations to collect PII ([ref-14]). PDPC, established in 2025, is the competent authority ([ref-15]).

§4.4.2 L2 Interpretation: Three Localisation Challenges

Challenge A — the tension between Traditional Chinese semantic density and the attribute_count ≤ 3 upper bound. F3 UX1’s attribute_count ≤ 3 lower-bound anchor is grounded in Cowan (2001) 4±1 chunks, which itself derives from WEIRD samples ([ref-10]). Traditional Chinese often requires combinations of “adjective + noun + conditional clause” to convey precise legal meaning (such as “within 90 days from the date of application” or “except in emergency situations”), and the character count for the same attribute group in Traditional Chinese may be 1.3–1.6 times higher than in English. When a verifier, in order to stay within the ≤ 3 upper bound, simplifies the description, it may sacrifice legal precision — creating tension with the reasonable review requirement of Consumer Protection Act §11-1. Likelihood-by-mechanism: medium.

Challenge B — the structural homomorphic conflict between one-click “consent” and Consumer Protection Act §11-1. F3 SA2’s dark patterns firewall D function ([ref-10]) requires an enforcement authority. However, Taiwan’s wallet scenario currently lacks dedicated guidelines corresponding to EDPB Guidelines 03/2022 ([ref-10]); among the Fair Trade Commission, PDPC, and the Consumer Protection Commission, no single agency has been designated as the enforcement authority for wallet UX dark patterns. When an LLM-agent compresses the verifier policy to “please click agree”, whether the holder remains in a state of informed consent has no clear enforcement counterpart under current Taiwan law. Likelihood-by-mechanism: medium-high.

Challenge C — the tension between individual choice and Chinese family culture (aligned with F3 O23) ([ref-10]). The CRPD §29 requirement that supporters be necessary and irreplaceable ([ref-10]) is often absorbed in Chinese family culture by “family member proxy action”. When the wallet displays the supporter_did field, if the UI does not explicitly state that “the supporter is not a family member but a registered adult guardian or social worker”, the Traditional Chinese interface in its default context will be understood as referring to “family”. This, layered with the partial-new-construction status of the supporter_did field (§4.3.1), will degrade F3 UX4’s supporter_ui_three_layer three-layer separation ([ref-10]) in the Taiwan field to a single-layer “family proxy clicking” interface. Likelihood-by-mechanism: high.

§4.4.3 L3 Normative: Mapping to V_ux Clauses

Challenge A degrades C7 (cognitive load bound); Challenge B degrades C8 (dark patterns firewall); Challenge C degrades C10 (supporter role separation). The simultaneous degradation of all three means that V_ux as a whole fails to hold, and by inference from F3 §3.4 T_UX2, V_receipt’(r) = false ([ref-10]).

§4.5 Directional + Magnitude Estimate of LegitimacyDegrade in the TW DIW × LLM-agent Scenario

§4.5.1 Assessment Method

Following the B2 Revision Note discipline ([ref-1]) — no specific decimal values, adopting the four-level likelihood-by-mechanism language. The formal definition of LegitimacyDegrade is inherited from F1 §3.2 P_degrade ([ref-7]), but this section provides only directional + magnitude mechanism-based assessment, without extrapolating to specific probabilities for individual credentials, individual cases, or individual annual periods.

§4.5.2 Directional Assessment of Five Mechanisms

Mechanism	Content (mechanism-based)	PRF axis	Likelihood	Corresponding clause
M1 Disclosure gap	When any of §4.1.3 G1–G4 is unresolved, verifier–holder information asymmetry is amplified	validity + contestation	medium	C1 + C2 + C5
M2 agent_did lacks trust anchor	F1 Q10a contestation vacuum in the TW field	contestation	medium-high	C2 + C5
M3 supporter_did degrades to family proxy	§4.4.3 Challenge C × §4.3.1 partial-new-construction status	plurality	high	C10
M4 Traditional Chinese UX tension	§4.4.2 Challenge A, attribute_count ≤ 3 upper bound is tight in Traditional Chinese	plurality + validity	medium	C7
M5 Dark patterns enforcement vacuum	§4.4.2 Challenge B, no single competent authority	validity	medium-high	C8

Directional conclusion: M3 is the primary driving mechanism (high level); M2 + M5 are secondary driving mechanisms (medium-high level). When three mechanisms are triggered simultaneously, the degradation of V_receipt’ (= V_receipt ∧ V_ux) at the system level falls within the medium-high magnitude range. This section does not provide specific decimal values, nor probabilities for individual credentials or annual periods.

§4.5.3 Forward Link to §6 (SA4 Three Pressures)

M1–M5 will be further tested in SA4 (§6) with three pressures: (α) cross-strait legal framework asymmetry (bearing gap in cross_border_envelope for mainland-Taiwan couples, Taiwanese businesspeople in mainland China); (β) coordination gap between moda and PDPC as dual competent authorities; (γ) void in G_state^A certification procedures for foreign model providers. The three-pressure × five-mechanism cross-tabulation matrix is developed in SA4.

§4.6 Quantitative Method Caveat — B2 Discipline Declaration for This Section as Method Illustration

Following the B2 Revision Note (2026-05-16) ([ref-1]):

Discipline one — scope restriction: this §4 constitutes method illustration; the bearing scope is four layers — “directional expectation + design identification + mechanism existence + comparison group” — and does not bear “primary causal conclusions”.

Discipline two — withdrawal of specific decimals from main text: §4.5 does not provide specific probability values; likelihood adopts the four-level language. The specific values of F1 §3.2 P_degrade’s α / β / θ parameters in the TW DIW scenario await empirical calibration; this section provides only a formal skeleton, not an immediately calculable tool.

Discipline three — prohibited registers: the three registers of “will”, “necessarily”, and “empirical studies show” as absolute sentence forms are prohibited; the three conditional sentence forms of “based on currently available information”, “according to mechanism-based assessment”, and “likelihood-by-mechanism: medium-high” are adopted. All likelihood assessments are explicitly mechanism-based inferences, not pilot-study-calibrated results.

Strong-form position of this section: “There is reason to believe that LegitimacyDegrade in the TW DIW × LLM-agent scenario, with five mechanisms simultaneously triggered, falls within the medium-high magnitude range; but specific probability values require support from three empirical tasks: disclosure by the wallet.gov.tw developer page + localised pilot study + cross-jurisdictional case-tracing.”

---

§SA2 Integration Note

Integration with §5 (SA3 = Civilian Backup Stack): The G1–G4 disclosure gaps of this §4 and the three “full new construction” field-groups in §4.3.1 (agent_did trust anchor, agent_delegation_proof / capability_hash, recognition_chain / cross_border_envelope) constitute the unclosed segments of the “government DIW stack”. SA3 should develop the bearing scope of the civilian backup stack (including the OpenWallet Foundation Taiwan node, Numbers Protocol image provenance, FAB DAO on-chain voting experiments ([ref-18]), and community NGO supporter deployment) in filling the “partial new construction” and “full new construction” fields. In particular, the partial-new-construction status of supporter_did — SA3 should assess the bearing depth and engineering obstacles of three alternative pathways: “civilian adult guardianship advisory services”, “social worker wallets”, and “peer supporter networks”.

Integration with §6 (SA4 = Receipt Schema Resilience Under Three Pressures): §4.5.3 has already foreshadowed that SA4 will stress-test M1–M5 with three pressures (α / β / γ). SA4 should provide a resilience matrix for the ten conjunctive sub-clauses of F2 schema C1–C6 + F3 V_ux C7–C10 ([ref-9], [ref-10]) under three pressures, and in the critical-path feedback loop (SA4 → SA1) explicitly note the cryptosuite subset limitation of the Traditional Chinese environment — specifically, whether BBS+ over BLS12-381 when jurisdictional_profile = tw-esign-art4-10 falls within the approved algorithm scope of Electronic Signature Act §4 remains an open question.

SA2 Honesty Boundary: (1) The chain ID, contract address, DID method, and wallet instance attestation specifications have not been fully disclosed to the public by the wallet.gov.tw developer page and primary government documents; (2) Huang Shih-chun’s (2020) interpretation of “self-determined substituted” for adult guardianship is a position of a single scholar; (3) the likelihood assessment for the five mechanisms in §4.5.2 is mechanism-based inference, not pilot-study calibration. These three limitations are consistent with the series honesty boundary discipline and must be registered as series-level open questions in Chapter 11.

---

§References (SA2 Scope)

[ref-1] mashbean. “ID-Authority Index: Cross-National Regression and Case Evidence for the Weaponisation of Association Freedom by Identity Systems.” Civic Proof Series, article 14 (B2), 2026-05-08. §Revision Note (2026-05-16). Series internal cross-reference. Source level B.

[ref-2] Ministry of Digital Affairs. Official TW DIW website. https://wallet.gov.tw/ (accessed 2026-05-16). OpenID4VCI / SD-JWT VC specifications per public disclosure; specific implementation details pending. Source level A (disclosed portions) / unavailable (undisclosed portions).

[ref-3] Ministry of the Interior, Government Certification Authority. TW FidO mobile natural person certificate specification page. https://moica.nat.gov.tw/ (accessed 2026-05-16). PKI / FIDO2 dual pathway. Source level A.

[ref-4] Ministry of Digital Affairs. moda official website + policy explanation pages. https://moda.gov.tw/ (accessed 2026-05-16). Source level A.

[ref-5] mashbean. “Has the Public Chain Been Displaced by Identity Infrastructure? A De-chaining Pathway for SSI.” Civic Proof Series, article 01, 2026-05-02. Determination of facts regarding trust list on public chain, Ethereum family, and chain ID not fully disclosed externally. Source level B (series internal).

[ref-6] EUDI Architecture Reference Framework, 2025-12 iteration. European Commission, DG CNECT. https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework (accessed 2026-05-16). §6.6.3, §6.6.3.9, Annex 2. Source level A.

[ref-7] mashbean. “The Structural Limits of AI Agent Delegation in Civic Action.” Civic Proof Series, article 16 (F1), 2026-05-10. §2.4, §3.2, §3.3, §5.4, §6.1, §6.2, §7.3.1. Series internal cross-reference. Source level B.

[ref-8] W3C Verifiable Credentials Data Model v2.0 Recommendation. W3C, 2025-05-15. §4.12 securing mechanisms. https://www.w3.org/TR/vc-data-model-2.0/ Source level A.

[ref-9] mashbean. “Civic-Action Receipt Schema and Four Primitives: F2 Engineering Deployment.” Civic Proof Series, article 17 (F2), 2026-05-11. §3.1 schema, §3.2 matrix correspondence, §3.4 V_receipt C1–C6, §5.3, §6.1, §7.1. Series internal cross-reference. Source level B.

[ref-10] mashbean. “Selective Disclosure UX Failure: Four UX Engineering Primitives and V_ux.” Civic Proof Series, article 18 (F3), 2026-05-11. §3.1 schema, §3.2 V_ux C7–C10, §3.4 T_UX1–T_UX4, §10, §11.1, O11/O15/O19/O23. Series internal cross-reference. Source level B.

[ref-11] mashbean. “PRF: Plurality, Validity, Contestation, Agonism.” Civic Proof Series, article 19 (A2), 2026-05-12. §3.3 32-cell bearing matrix. Series internal cross-reference. Source level B.

[ref-12] Civil Code of the Republic of China, Articles 1113-2 to 1113-10 (adult guardianship new system, added 2019). Ministry of Justice Full-text Laws and Regulations Database https://law.moj.gov.tw/ (accessed 2026-05-16). Source level A.

[ref-13] Electronic Signature Act of the Republic of China, Articles 4 and 10. Administered by the Ministry of Economic Affairs. https://law.moj.gov.tw/ (accessed 2026-05-16). §4 governs the written-document effect of electronic records; §10 governs the equivalence of electronic signatures with written signatures and seals. Source level A.

[ref-14] Personal Data Protection Act of the Republic of China, Articles 5 and 19. https://law.moj.gov.tw/ (accessed 2026-05-16). §5: good faith + necessary scope of specified purpose; §19: statutory requirements for non-governmental organisations to collect PII. Source level A.

[ref-15] Personal Information Protection Commission (PDPC). Established 2025. https://www.pdpc.gov.tw/ (under construction, accessed 2026-05-16). Source level A.

[ref-16] Huang Shih-chun. “The Right of Self-Determination and Its Limits Under the Adult Guardianship System.” Taiwan Law Review, 2020. Interpretation of “self-determined substituted” under Civil Code §1113-2 to §1113-10. Source level B (single scholar’s position, requiring expanded examination by the adult guardianship academic community).

[ref-17] Consumer Protection Act of the Republic of China, Article 11-1 (principle of reasonable review period). Administered by the Consumer Protection Commission. https://law.moj.gov.tw/ (accessed 2026-05-16). Source level A.

[ref-18] FAB DAO. https://fab.community/ (accessed 2026-05-16). On-chain voting experiments, NFT fundraising. Source level B.

---

§5. SA3: Government Single-Stack Structural Vulnerability and Civilian Backup Design Intuitions

§5.1 Structural Vulnerability of the Government Single Stack

Taiwan’s current civic-proof governance path (TW DIW, TW FidO, MyData—three components) has its core issuer trust root singularly locked to the Ministry of Digital Affairs and its subordinate “trust list service.” This architecture has already established, in D3, the P1”–P4” failure conditions of “identity inherently involves sovereignty”—the identity domain cannot replicate the four prerequisites of DNS governance history: P1 (Postel-jar community culture), P2’ (US strategic hands-off), P3’ (technology-neutrality discourse), P4’ (IANA-equivalent transition mechanism).[^D3s3] The same article’s §5 FTLA four-layer governance framework (G_industry / G_state / G_recognition / G_oversight) makes explicit: when the G_state layer’s issuer trust singularly occupies the anchor position for trust roots in subdomain replication, both G_industry and G_recognition layers lose independent contestation slots, and the governance structure degrades from a conjunction to a G_state-dominated multi-layer structure.[^D3s5]

The structural vulnerability of this single stack poses the following bearing-point problems for PRF’s four components.

For the plurality component: A2 §4.1 has made explicit that Arendt’s plurality is ontological-level “co-presence of multiple who,” with three-level existence conditions comprising natality, mortality, and uniqueness.[^A2s41] When the issuer trust root is singularly locked to G_state, who without wallet enrollment conditions (e.g. refugees, exiles, and stateless persons without national ID cards, or political minorities who refuse to enter the single stack) are pre-emptively excluded at the enrollment-condition layer of the public realm—the enrollment boundary of plurality is drawn by state monopoly. A15 §6.2’s degradation pathway of the “wallet triple default” (personally owned, personally identified, personal private key simultaneously obtaining) is here reinforced by the single-issuer structure into a single degradation trajectory.[^A15s62]

For the validity component: A2 §5.1’s Habermasian Sluice model requires an operable communication channel between the informal opinion-formation layer and the formal decision-making layer.[^A2s51] When G_state simultaneously bears both issuer and final verification authority, the bearer position of the Wahrhaftigkeit claim (the certificate holder sincerely expresses their intention) and the bearer position of the Richtigkeit claim (the normative legitimacy of membership claims) are merged into one at the institutional layer; the distinction between the Sluice’s two layers (informal opinion formation—formal decision-making) degrades to a one-way channel. F2 V_receipt’s “multi-party audit trail” bearer also fails (there is no second trust root for independent auditing).[^F2s6]

For the contestation component: E1 §2.3 has already tested the four conditions of essential facility doctrine (control of essential facility, competitors cannot reasonably duplicate, facility has been denied, provision is feasible) separately for each of the wallet’s four layers; among them, the issuer trust layer is listed as the strongest satisfier of all four conditions.[^E1s23] This positive finding implies: when issuer trust is uniquely locked to the Ministry of Digital Affairs, and citizens wish to exercise Pettit’s active-stance contestation (A2 §6.1’s three-layer first-personal requirement[^A2s61]), there is no second trust root serving as a “challengeable fallback bearer”—the institutional conditions of contestation (four editorial democracy conditions) degrade to a one-way channel of “filing complaints with the sole issuer.” E1 §5.1–5.2’s wallet portability spec of four portability items and four prohibitions serves here as the precondition for civilian backup—without portability, there is no material basis for contestation.[^E1s51]

For the agonism component: A2 §7’s (Mouffe’s agonism) three legitimate adversary conditions—mutual recognition, shared rules, adversarial frame—presuppose at least two legitimate adversary positions. When issuer trust is locked to a G_state single stack, the institutional slot for agonistic pluralism at the issuer level is a null set; citizens’ relationship vis-à-vis the issuer degrades from “dispute between legitimate adversaries” to an “application–rejection” administrative dyad, already outside the scope of agonism’s applicability. Mouffe 2000 Ch. 4 makes explicit that one of the two degradation directions when agonism fails is “post-political consensual”—adversarial positions are absorbed into consensus, and contestation degrades into ritual.[^Mouffe2000Ch4]

Forward-link: The above four-component bearing-point problems are not individually borne by D3, E1, or A15 alone; the contribution of §5.1 of this article is to horizontally integrate the existing boundaries of the three articles into the composite claim of “simultaneous PRF four-component vulnerability of the government single stack.” This composite claim is the precondition for §6’s (SA4) analysis of civilian backup bearing capacity under triple pressure.

§5.2 Possible Forms of Civilian Backup: Summary of Design Intuitions from the “Bèibèi Érlái” Litepaper

The “Bèibèi Érlái” litepaper (a civilian advocacy document, public consultation version of 2025-11; https://blog.bonds.tw/litepaper/, accessed 2026-05-16) self-positions as “a civilian proposal for digital identity backup in the Taiwan context.” The following summary describes design intuitions proposed by that advocacy document and does not convert them into normative claims; the normative language of that document (e.g. “should,” “must,” “legitimacy”) is cited only as a description object and is not adopted as a bearing of this article.

§5.2.1 Design Intuition of “Interoperable Yet Unlinkable”

The subtitle of that advocacy document is “The Road to an Interoperable Yet Unlinkable Digital Identity,” and its §2.2 argues that an identity system should simultaneously satisfy three conditions: interoperable (using open standards such as DID/VC and OpenID for Verifiable Credentials to define formats and interfaces); unlinkable (even if the same open protocols support cross-scenario interoperability, nobody should be allowed to string together a user’s footprints across different scenarios); and no phone home (the default protocol does not autonomously transmit data between scenarios or initiate callouts).[^litepaper22] The document argues these three conditions constitute the “bottom line” of its technical design.

The document further cites in §4.3.2 the W3C BBS+ cryptosuite specification as a technical reference for “unlinkable selective disclosure”; §6.1.6 maps these three conditions to the trade-offs of three technical approaches: SD-JWT (provides selective disclosure but not ZK proofs), BBS+ (mainstream for unlinkable selective disclosure), and AnonCreds (native support for predicate proofs).[^litepaper43] E2’s “no phone home engineering economics” has conducted an independent engineering economics analysis of the No Phone Home principle proposed in that document¹; this is not repeated here.

§5.2.2 Antifragile (Fǎn Cuìruò) Variant of Civic-Proof

That advocacy document invokes “anti-fragile strategy” twice in §1.2 and §6.1, breaking its core into three dimensions: robustness (infrastructure resisting shocks), backup (the whole can continue to operate even when some nodes are damaged), and minimal disclosure (minimising unnecessary collection of personal information).[^litepaper12]

The document does not directly cite Taleb’s 2012 Antifragile’s original definition. Taleb’s original book defines antifragile as the system property of “not only not breaking under shocks, but being strengthened by them,” forming a three-tier progression with robustness (not breaking under shocks) and resilience (recovering after shocks).[^Taleb2012] The advocacy document’s usage reduces antifragile to the three-component combination of “robustness + backup + minimal disclosure,” diverging from Taleb’s original meaning—Taleb’s antifragile presupposes “positive convexity from disorder,” while the document’s three-component combination only bears the “not degrading from shocks” of robustness and resilience. This article marks this divergence in §5.5 as “design intuition terminology borrowing” rather than “bearing of normative claims.”

§5.2.3 Multi-Issuer Parallel Model of Trust Rotation

That advocacy document argues in §1.2 that “backup mechanism is precisely ‘rotatable trust lists and the trust architecture behind them’,”[^litepaper12] and in §5.2 proposes a concrete “trust list commitment on-chain” design: “normally, the trust list specifies who or which institution may issue which type of credential, and the conditions and procedures for revocation; in emergencies, governance nodes can publish a new list commitment value on-chain, declaring that mirror issuers take over, and verifiers need only accept the new commitment to continue verification under offline conditions.”[^litepaper52]

Three structural elements of this design intuition: first, the trust list is a “meta-issuer structure” (not a single issuer but a manifest of “which issuers may issue which types of credentials”); second, commitment on-chain records version changes to the manifest on a public blockchain, making the rotation of the manifest itself externally auditable; third, the mirror issuer takeover design allows “issuance authority for the same type of credential” to hot-switch online when an issuer fails, with credentials held by holders regaining verification capability under the new trust list.

Comparable existing cases: the GPG/PGP web of trust proposed in the 1990s (“no central CA; mutual endorsement between holders”) undertook early experiments in trust diversification, but lacked the scalability to bear civic-identity scale[^Zimmermann1995]; Let’s Encrypt from 2016 onwards provided parallel supplementation to commercial CAs, expanding Web PKI’s CA trust roots from a small commercial monopoly to a “commercial + public-interest + government” three-type parallel, providing empirical evidence that issuer diversification is achievable.[^Aas2019] The “Bèibèi Érlái” litepaper’s trust rotation design is conceptually closer to the Let’s Encrypt model (parallel supplementation + standardised revocation lists) than to GPG’s peer-to-peer structure.

§5.2.4 Preparedness — Offline and Cross-Network-Segment Fallback

That advocacy document argues in multiple locations (§1.2, §2.2, §3.2) that “even completely offline, a citizen’s phone should be able to complete P2P identity verification,”[^litepaper22] and in §5.2.7 proposes specific offline verification technical channels: “the verifier and credential holder will exchange data in an offline scenario (e.g. via Wi-Fi Aware, Bluetooth, or NFC); the verifier needs only the latest trust list commitment and revocation list commitment to perform a consistency check on the received VP.”[^litepaper527]

The document’s “cross-network-segment fallback” intuition further distinguishes three levels of trust domains: local, cross-domain, and diaspora,[^litepaper61] corresponding respectively to three types of degraded scenarios in a Taiwan Strait context—local-level regional network-segment rupture due to physical facility damage; cross-domain-level cross-border verification rupture due to inter-state mutual recognition failure; and diaspora-level online embassy bearing when subjects are forced into displacement. The document argues that “even if physical infrastructure is damaged or subjects are forced into displacement, legal and technical continuity can be maintained.”[^litepaper527]

§5.3 Correspondence of Design Intuitions to PRF Four-Component Bearing

The following correspondences are this article’s independent arguments and do not adopt the normative language of the advocacy document itself. Each correspondence explicitly states three items: the mechanism of correspondence, bearing intensity (primary / secondary / indirect support), and boundary conditions of bearing.

Design Intuition	Plurality	Validity	Contestation	Agonism
§5.2.1 Interoperable yet unlinkable	Indirect	Secondary	Secondary	Indirect
§5.2.2 Antifragile three-component	Indirect	Indirect	Indirect	Secondary
§5.2.3 Trust rotation multi-issuer parallel	Indirect	Secondary	Primary	Primary
§5.2.4 Preparedness offline/cross-segment fallback	Primary	Indirect	Secondary	Secondary

Primary bearing for agonism: §5.2.3’s trust rotation multi-issuer parallel model directly bears Mouffe’s agonism’s three legitimate adversary conditions—multiple issuers in parallel is the institutional satisfaction of “at least two legitimate adversary positions”; on-chain versioning of the trust list is the specific mechanism of “shared rules”; mirror issuer takeover is the institutional slot of the “adversarial frame.” The mechanism of this correspondence is “issuer-level diversification expands agonism’s institutional slot from the null set to a non-null set.” Boundary condition for primary bearing intensity: multi-issuer design only obtains when the issuers have substantial separability (not nominal separation under the same governance structure); if multiple issuers are substantially sub-units of G_state in governance, the agonism slot is substantively still null.

Primary bearing for contestation: §5.2.3’s trust rotation directly bears Pettit’s contestation’s “Eyeball Test equal-access impact”—when the issuer is not unique, citizens wishing to challenge an issuer’s revocation decision can seek re-issuance from the mirror issuer, and contestation’s active-stance obtains a material basis. The mechanism of this correspondence is “issuer diversification changes contestation’s fallback bearer from zero to non-zero.” Boundary condition for primary bearing intensity: active-stance must still be borne first-personally by humans (F1 §4.3[^F1s43]); multi-issuer only bears contestation’s material basis and does not substitute the bearer position itself.

Primary bearing for plurality: §5.2.4’s preparedness offline/cross-network-segment fallback directly bears the enrollment boundary expansion of Arendt’s plurality’s “co-presence of multiple who”—when a wallet can still verify in a no-network, no-centralised-database context, the public-realm entry conditions for who without enrollment conditions (e.g. those without national ID cards) expand from G_state’s enrollment rules to P2P community endorsement. The mechanism of this correspondence is “offline verifiability expands plurality’s enrollment boundary from ‘those with wallets’ to ‘those with community endorsement.’” Boundary condition for primary bearing intensity: P2P endorsement itself requires an offline-verifiable version of the trust list; if the publishing authority of the trust list is singular, plurality’s expansion is still subject to that authority’s enrollment rules.

Secondary bearing for validity: §5.2.1’s interoperable yet unlinkable and §5.2.3’s trust rotation together bear Habermas’s validity’s Wahrhaftigkeit and Richtigkeit claims—selective disclosure bears Wahrhaftigkeit (the certificate holder discloses only the minimum set they sincerely wish to express); multi-issuer bears Richtigkeit (membership claims can be examined through multiple institutional channels). Bearing intensity is secondary rather than primary because validity’s Wahrheit claim (truth/falsity claims about the external world, i.e. the authenticity of credential content) still depends on the upstream source of truth (e.g. government data sources from MyData); the multi-issuer design here does not bear the diversification of the source of truth.

§5.4 Internal Contradiction: Does Simultaneously Bearing Plurality + Agonism Violate A2 §3.2’s Irreducibility?

A2 §3.2’s PRF conjunctive floor definition makes explicit: “any violation of one of the four components is treated as a violation of PRF as a whole within this framework; within this article’s PRF conjunction setting, the trade-off reading of compensating a violated component with a reinforced other component is not adopted.”[^A2s32] The same article’s §3.4 theorems T_PRF1–T_PRF4 further formalise “individually necessary, difficult to be fully substituted by other components” as four independent necessity theorems.

§5.3’s correspondence mapping simultaneously lists trust rotation design as a primary contribution to both contestation and agonism, and preparedness design as primary for plurality, assigning primary contributions for both plurality and agonism to the same design cluster (civilian backup as a whole). The contradiction that surfaces here: when civilian backup simultaneously bears plurality and agonism (or contestation and agonism) with a single design cluster, does it reduce A2 §3.2’s conjunctive floor at the implementation level?

Precision of the contradiction: A2 §3.2’s irreducibility clause applies to the components themselves (plurality cannot be substituted by validity/contestation/agonism), not to the bearers (the same design can simultaneously bear two components). This distinction corresponds to A2 §3.3’s 32-cell matrix, which already recognises “a single article bearing multiple components”—F1 as the bearer of all four components is already recognised in the matrix[^A2s33] and does not violate irreducibility.

But the contradiction is not fully resolved. In A2 §3.3’s matrix, F1 is the bearer of all four components at the core level because F1’s normative claims (AI agent delegation boundaries) span the conceptual foundations of all four political philosophers; while §5.3’s mapping simultaneously listing trust rotation as primary for both contestation and agonism is because the single mechanism of multi-issuer (issuer diversification) simultaneously expands two institutional slots. The former is “normative claims spanning multiple components”; the latter is “a single mechanism bearing multiple components”—the latter’s risk of contradiction is higher, because if that mechanism fails (e.g. multi-issuer issuers are substantially all sub-units of G_state in governance), both components’ bearings simultaneously collapse.

Honest treatment: this article does not claim this contradiction has been resolved. Three items of handling are as follows.

First, the bearing intensity markings (primary/secondary/indirect) in §5.3’s correspondence already partially absorb this contradiction—when a single mechanism simultaneously bears two components, at least one of the components’ bearing intensity should be downgraded to secondary; this article does not make this downgrade in §5.3 because, under the substantive separability condition of issuer diversification, the expansion of the contestation and agonism slots belongs to different mechanism layers (contestation is the material basis of fallback bearers; agonism is the institutional slot of legitimate adversaries). But if that boundary condition fails, the primary/secondary designation needs revisiting.

Second, A2 §3.2’s theorems T_PRF3 and T_PRF4’s proof sketches make explicit that contestation and agonism, when each lacks the other, degrade in different directions—contestation’s absence degrades to “consensus without challenge channels”; agonism’s absence degrades to “antagonism” or “post-political consensual.”[^A2s34] Multi-issuer’s bearing of both components does not synchronise in degradation—if the issuers are substantively one entity in governance, contestation degrades before agonism (fallback bearer failure is triggered before the collapse of the legitimate adversary slot). The two components’ bearings remain separable in degradation dynamics, partially mitigating but not resolving the contradiction.

Third, §5.3’s correspondence mapping is only a preliminary mapping at the design intuition level and does not claim to be the final bearing at the normative level. Final normative-level bearing allocation requires case-by-case examination in §6’s (SA4) triple pressure stress tests; if in a certain pressure scenario civilian backup’s multi-issuer design fails on substantive issuer separability, the dual assignment of contestation primary and agonism primary in that scenario must be reallocated (one of them downgraded to secondary or failed).

§5.5 Separation of Design Intuition vs. Normative Claims

The four design intuitions proposed by the “Bèibèi Érlái” litepaper (§§5.2.1–5.2.4) are design intuitions from a civilian advocacy document and cannot be directly transported as PRF normative claims. This article strictly observes this separation for three reasons.

Reason one: Separation of textual nature. That advocacy document self-positions as a “public consultation version” (initial version 2025-11-13), soliciting various opinions; its nature is that of a speculative civilian implementation document, not peer-reviewed literature, not the specification of a standardisation body, not an institutional policy document. Multiple locations in the document (§2.2, §5.1, §6.1 etc.) use normative language (“should,” “must,” “legitimacy”), but this language represents the normative advocacy of that advocacy document’s authors, not the normative bearing of the democratic legitimacy floor PRF. This article uniformly marks its citations of that document as “design intuitions proposed by that advocacy document” and “that document argues,” avoiding transporting normative language.

Reason two: Separation of terminology divergence. §5.2.2 has already made explicit that the document’s use of Taleb’s antifragile terminology diverges from Taleb’s original meaning (reduced to the three-component combination of robustness + backup + minimal disclosure, not bearing positive convexity from disorder). The document’s antifragile is “terminology borrowing,” not bearing of Taleb’s antifragile concept. Directly transporting the document’s antifragile as a PRF normative claim would simultaneously carry both terminology divergence and normative expansion risks.

Reason three: Normative mapping requires independent argument. §5.3’s correspondence mapping is already this article’s independent argument—the mechanism, bearing intensity, and boundary conditions of the mapping do not adopt the advocacy document’s own language but use the four anchor authors’ original works of A2 §§3–7 (Arendt §§1+24+44, Habermas TKH §III.3, Pettit 2012 Chs. 5–6, Mouffe 2000 Ch. 4) as normative anchors for the mapping. In other words, this article’s PRF normative mapping does not depend on the advocacy document’s normative language; that document is cited only as design material, and the normative-level bearing is independently completed by the A2 framework.

Operational consequences of the separation: this article will not display inference patterns of “the litepaper claims X, therefore under PRF normative Y”; the inference pattern appearing in this article is “design intuition X proposed by the litepaper is independently mapped by this article to the Z mechanism of the Y component under PRF normative.” The two ends of the latter pattern (design intuition X and normative mapping Y) belong to different argument layers.

---

§References (SA3)

• “Bèibèi Érlái” litepaper: Civilian advocacy document, public consultation version 2025-11. https://blog.bonds.tw/litepaper/, accessed 2026-05-16
• Taleb, Nassim Nicholas (2012). Antifragile: Things That Gain from Disorder. Random House.
• Zimmermann, Philip R. (1995). The Official PGP User’s Guide. MIT Press.
• Aas, J., et al. (2019). “Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web.” Proceedings of ACM CCS 2019.
• Mouffe, Chantal (2000). The Democratic Paradox. Verso.
• Arendt, Hannah (1958). The Human Condition. University of Chicago Press.
• Habermas, Jürgen (1981). Theorie des kommunikativen Handelns. Suhrkamp.
• Pettit, Philip (2012). On the People’s Terms. Cambridge University Press.
• Mueller, Milton L. (2002). Ruling the Root. MIT Press.

---

Scope and nature declaration for this section: this section is “likelihood-by-mechanism” analysis; it does not provide specific probability decimals and makes no completed-tense predictions. It uses a four-level likelihood idiom (low / medium / medium-high / high) to describe the relative magnitude of “failure load on PRF component bearing under specific pressure mechanisms.” All assessments use “publicly available data as of May 2026” as the reference point. Citation of the “Bèibèi Érlái” litepaper is confined to describing the engineering preparedness of the civilian advocacy document for backup stacks, without invoking its normative claims.

§6. SA4: Triple Pressure Analysis — Cognitive Warfare, Subsea Cable Disruption, and Gray-Zone Invasion

§6.1 Plasticity of Issuer Trust Under Cognitive Warfare Penetration (α)

The impact surface of cognitive warfare pressure (α) on Taiwan’s PRF stack is not at the cryptographic layer of credentials but at “issuer credibility as the public-reason foundation of validity.” When issuers (e.g. the Ministry of the Interior, the Ministry of Health and Welfare, civil affairs offices) are framed in citizens’ cognition as “parts of a political machine,” the “low-threshold public trust in issuer procedures” required by the validity component is hollowed out at the cultural level, even if the credentials themselves are not forged.

Mechanism α₁ — Issue pre-anchoring. Doublethink Lab’s Annual China Index since 2022 has continuously shown that Taiwan’s density of foreign-influence operations in the “media” (information environment) dimension consistently ranks in the upper range of sampled countries; IORG and Taiwan FactCheck Center documented in the 2024 election cycle that “high-speed synthetic content combined with LLM generation” events increased significantly compared to the 2020 election cycle.[^ref1][^ref2] At the PRF structural level, these operations do not directly attack individual credentials, but pre-anchor “government-issued digital credentials” as political symbols (e.g. binding “TW DIW” with a governing party’s narrative) before wallet adoption, so the “component foundation” of issuer trust already bears contamination before use.

Mechanism α₂ — LLM-generated content dilutes public reason. V-Dem’s 2025 annual report’s Digital Society Survey sub-index has already separated misinfo by foreign actors and online media polarization as independent axes; Freedom House’s Freedom on the Net 2024 assessment of Taiwan lists LLM automated narrative production as an emerging concern rather than a stable threat.[^ref3][^ref4] At this point, the “public-reason foundation” required by validity encounters structural dilution: when any dispute in a credential-use scenario can be turned within 24 hours by LLM operations into hedging noise of “both sides have talking points,” PRF’s contestation component is submerged rather than suppressed at the information level—dissenters are not silenced but drowned in synthetic responses.

Integration with A14 / A15: A15 §5.2’s procedural guarantee requirement of “alternative pathways not being discriminatorily treated” is reversed under α pressure and operationalised as “paper pathways labelled by cognitive warfare as ‘political statements of distrust in digital governance,’” politicising the neutral nature of alternative pathways. A14 §3.2’s gap (b) (issuer revocation errors have no single data protection authority to complain to) is exacerbated under α scenarios—even if there is a legally-grounded remedial pathway, an affected citizen’s complaint loses its intelligibility in synthetic noise, and jurisdictional redress fails its precondition of “being heard.”

Likelihood-by-mechanism (α corresponding to PRF four components)

Component	Likelihood	Mechanism rationale
validity	medium-high	Issuer credibility is pre-symbolised politically before use; public-reason foundation is hollowed out at the cultural level
plurality	medium	Cognitive warfare suppresses alternative narratives but does not delete engineering backup; plurality’s engineering layer is partially preserved
contestation	medium-high	Dissenters are drowned in synthetic noise; contestation’s precondition of “being heard” fails
agonism	medium	Long-term bearing of agonism depends on civil society resilience; short-term penetration of cognitive warfare does not necessarily dismantle structural dissent capacity

§6.2 Availability of Offline Fallback Under Subsea Cable Disruption (β)

β pressure’s concrete historical anchor is the Matsu Islands subsea cable disruption of February 2023—Chunghwa Telecom announced that the two Matsu subsea cables were successively disrupted on 2023-02-02 and 2023-02-08, with local internet recovery to backup microwave link level taking approximately 35 days.[^ref5] Post-incident reviews published by the National Communications Commission (NCC) and Chunghwa Telecom in the second half of 2023 show that Matsu’s backup path capacity was far below normal subsea cable capacity, and OTT video, mobile payment, and wallet-type services experienced significant degradation during the incident.

Mechanism β₁ — Subsea cable structural vulnerability. Taiwan’s external internet connections are highly dependent on multiple international subsea cables including APCN-2, SJC, SJC2, FASTER, TSE-1, TPE, EAC-C2C, ASE, and APG; the redundancy of the main island’s ring fibre and offshore island connections is far below the subsea cable segment.[^ref6] The additional backup for Taiwan–Penghu connections added at the beginning of 2026 (including the first phase of TASA National Space Organization’s independently developed LEO programme and Chunghwa Telecom’s cooperation agreements with multiple LEO providers) is still in deployment; its carrying capacity ratio to normal subsea cables remains at the medium magnitude level. Policy negotiations for Starlink’s entry into Taiwan as of publicly available data in May 2026 are still stuck on the “local equity ratio” issue and have not entered large-scale commercial operation.

Mechanism β₂ — Graceful degradation of wallet offline mode. The offline presentation mode provided by EUDI Wallet ARF v1.5 and the ISO/IEC 18013-5 mDL standard can, in theory, complete a subset of the three-party cryptographic verification of verifier–wallet–issuer in a no-network context (attribute presentation + selective disclosure under constraints). However, “revocation status check” in offline mode depends on pre-cached status lists; when the pre-cached status list has expired or the issuer’s status list has not been updated to the wallet, the wallet side falls into a degraded mode of “verifying with old status”—at this point PRF’s validity component is “downgraded” rather than “failed” at the engineering layer, but the nature of the downgraded validity differs from the original design.

Mechanism β₃ — Plurality of dissent channels. When the main subsea cable is disrupted, the “cross-border platforms + encrypted communications” required by dissenters depend on LEO satellite backup, mesh networks (e.g. community deployment of Bridgefy/Briar/Meshtastic-type applications), and earlier backup tiers such as shortwave radio. The “Bèibèi Érlái” litepaper has, at the civilian advocacy document level, already made concrete plans for the engineering preparedness of the three-tier mesh + LEO + paper backup, but this is voluntary civilian initiative and cannot be conflated with the structural backup obligations of the government single stack.

Integration with E3’s structural slippage prevention: E3 §5.5’s MVSR combination (sunset + scope-bound + split-key + opt-out) exhibits a non-obvious property under β pressure—scope-bound infrastructure’s “audience binding” limits the possible space for verifier collusion to reassemble attributes under subsea cable disruption (because cross-border verifiers cannot connect to query); but the same audience binding also blocks “temporarily authorising cross-border verifiers” as graceful fallback. In other words, scope-bound is bidirectionally neutral for β pressure: it protects validity while limiting plurality.

Likelihood-by-mechanism (β corresponding to PRF four components)

Component	Likelihood	Mechanism rationale
validity	medium	Offline mode can preserve a subset of cryptographic verification, but revocation status freshness bears downgrade risk
plurality	medium-high	Engineering availability of backup stacks at the time of main channel disruption directly determines plurality load; LEO + mesh backup at the May 2026 magnitude level is still at medium carrying capacity
contestation	medium-high	Dissent channels rely on cross-border backup under cable disruption; political selection of backup (e.g. LEO provider choice) inversely affects contestation neutrality
agonism	medium	Sensitivity of agonism structure’s long-term survival to a single disruption event is lower than for contestation’s immediate dimension

§6.3 Institutional Revocation Latency Under Gray-Zone Invasion (γ)

γ pressure covers the gray zone of “below-threshold conflict”—the Ministry of National Defence’s 2025 National Defence Report, the Institute for National Defence and Security Research (INDSR)‘s gray-zone series research, and CNAS’s Taiwan gray zone reports collectively describe scenarios including: compression of the median line, coast guard vessels’ civil enforcement, “accidental” cable cutting, cyber intrusion into critical infrastructure, and synthetic media surges during election cycles.[^ref7][^ref8][^ref9] The impact surface on the PRF stack is not “issuers completely suspended” but “issuers / verifiers / revocation mechanisms bearing partial delays and unpredictable localised failures.”

Mechanism γ₁ — Revocation list push delay. When the issuer’s (government ministry’s) network egress experiences sustained degradation due to DDoS / route hijacking / physical subsea cable interference, the propagation delay of revocation lists (status lists) from issuer publication to wallet/verifier end may extend from the normal minute-scale to hours or even days. Within the PRF framework, this directly affects contestation’s “survival of the remedy mechanism”—if a revoked credential is still being used as valid at the verifier end, even if the affected citizen’s revocation request is accepted by the issuer, their remedy bears significant lag in its actual effective timing.

Mechanism γ₂ — Semi-failure state between issuer / verifier. The core characteristic of gray zones is not “all-or-nothing” but “sustained partial degradation.” Some business systems may still be able to verify online; some retreat to offline pre-cached mode; the same wallet may receive inconsistent verification results at different verifiers. At this point PRF’s agonism component bears structural challenges—the “sustained dissent structure” required by agonism demands that remedy channels remain enterable in “semi-failure state”; but existing administrative remedy procedures (e.g. the procedural timelines of the Administrative Appeal Act) are not designed for the gray state of “issuer partially reachable + partially unreachable.”

Mechanism γ₃ — Political oscillation of the trust list. Taiwan’s digital identity wallet trust list is partially on-chain on a public blockchain (Ethereum)—this is a known fact (see the did-vc-public-chain-deployments memory entry). The advantage of public blockchain bearing is that “even if the issuer end is crippled, the historical state of the trust list can be verified by any third party”; but when political pressure created by grey-zone invasion leads the government to consider emergency modification of the trust list (e.g. revoking a certain foreign verifier), the changes on the public chain are also recorded by any observer, and the political oscillation of the trust list leaves permanent marks in the chain-of-custody—for PRF’s contestation component this is bidirectional: history can be audited, but “why the trust list was changed at a certain point in time” is a political reason not on-chain and can still be questioned.

Integration with A14 jurisdictional redress: A14 §3.2 (issuer revocation errors have no single data protection authority to complain to) and §3.3 (vendor failure remedy pathway) compound in γ scenarios: when a wallet vendor’s servers are located within Taiwan, and revocation errors occur, cross-border affected citizens (e.g. migrant workers, cross-border business persons) encounter a double bottleneck under quasi-wartime conditions: “lead supervisory authority mechanism completely inapplicable + local DPA attention diverted to cybersecurity incidents.” A14 §6’s “normative deferral” capacity for bearing γ pressure depends on whether the deferral jurisdictions (e.g. the EU, Japan, ASEAN member states) can still execute their bilateral consent conditions vis-à-vis Taiwan under quasi-wartime conditions—this belongs to the political feasibility layer, not the normative logic layer.

Likelihood-by-mechanism (γ corresponding to PRF four components)

Component	Likelihood	Mechanism rationale
validity	medium	The cryptographic layer generally still operates under γ pressure; validity’s degradation is mainly at the revocation status timing dimension
plurality	medium	Engineering backup overlaps with β, plus γ additionally bears “political oscillation casting doubt on backup neutrality”
contestation	high	Survival of remedy mechanisms under γ is the most vulnerable dimension—revocation latency + administrative procedures not designed for gray-zone state, double blow to contestation
agonism	medium-high	”Semi-failure state” structurally elevates the difficulty of entering procedures for sustained dissent structure

§6.4 Triple Pressure Compound (α + β + γ Simultaneously)

The α + β + γ simultaneous scenario is not purely hypothetical—both INDSR’s gray-zone research and CNAS’s Taiwan contingency planning already treat the compound scenario of “information warfare + physical infrastructure disruption + quasi-wartime” as a reasonable analytical anchor.[^ref8][^ref9] Under the compound scenario, PRF’s four components simultaneously bear multi-directional pressure, and the bearing differences between the civilian backup stack (SA3 scope) and the government single stack (SA1/SA2 scope) are most pronounced at this point.

Non-linear amplification of compound mechanisms: the effects of triple pressure are not simply additive. When α’s cognitive warfare has already pre-anchored issuer credibility as political symbols, β’s subsea cable disruption is rapidly absorbed by cognitive warfare into a “government failure” narrative (rather than a neutral physical event); γ’s revocation latency cannot be effectively identified by citizens in α’s noise environment as “administrative delay” vs. “selective administrative treatment.” Under the compound scenario, the contestation component simultaneously encounters three conditions: “can it be heard” (α) + “survival of remedy channels” (β) + “acceptable remedy timing” (γ).

Comparative bearing capacity of the civilian backup stack (inline caveat per §7.4 anti-overclaim: the following comparison is confined to the design intuition comparison scope already stated in §5.5 and does not claim normative scheme superiority; the civilian advocacy document is only a source of design intuitions, and any citation that reads it as a policy recommendation or normative claim is hereby pre-emptively withdrawn by this article). The “Bèibèi Érlái” litepaper’s multi-level backup (including mesh networks, LEO relay, paper fallback, cross-border trust anchors) described at the civilian advocacy document level has, under compound pressure, bearing properties that differ from the government single stack—the civilian stack’s design-intuition-level advantage lies in “not depending on a single trust root + not bearing a concentrated point for politicisation pressure”; the disadvantage lies in “scale carrying capacity far below the government stack.” Within the PRF framework, the specific value of the civilian backup stack’s design coverage of the plurality and contestation components is: when the government stack is partially invalidated due to politicisation or physical disruption, the civilian stack can bear “minimum viable civic proof” (corresponding to A15 §5.3’s substantive guarantee three-axis concurrent), but does not bear the public-reason foundation of validity (this still belongs to the scope of state obligations).

The following limitation must be explicitly stated: the civilian backup stack’s likelihood assessment is a mechanism-based assessment “under the assumption of already deployed and with a certain usage base”; if the civilian stack is still in the advocacy document phase without actual deployment, its bearing capacity under compound pressure must not be overestimated. As of May 2026, Taiwan’s civilian wallet/DID ecosystem’s actual deployment is still in the small-scale pilot phase; the capacity to carry users in the millions-scale has not yet been empirically demonstrated.

Comparison of SA1/SA2 government single stack: under compound pressure, the government single stack primarily bears the risks of “single point of failure risk” and “first-mover disadvantage of political anchoring.” SA1/SA2’s (corresponding to the government governance structure discussed in earlier chapters) core advantages remain: “normatively clear jurisdictional remedy channels” and “scale carrying capacity already in place”; disadvantages: under α pressure cannot quickly de-politicise; under β pressure backup is not under direct government governance control; under γ pressure administrative procedures are not designed for gray-zone states.

§6.5 Mechanism-Based Likelihood Assessment Table (Analytical, Not Empirical Predictions)

Table header nature declaration: this table is a mechanism-based likelihood assessment, not statistical prediction; it does not correspond to actual probability decimals; the four-level idiom (low / medium / medium-high / high) represents relative magnitude. Each cell’s one-sentence mechanism rationale is a compressed expression of the mechanism analysis in §§6.1–6.4. Per §7.3 anti-overclaim: this four-level idiom is a relative ranking idiom for design intuitions and does not claim to correspond to any probability distribution; any citation that reads the four levels as probability intervals is hereby pre-emptively withdrawn by this article.

	validity	plurality	contestation	agonism
α Cognitive warfare	medium-high — issuer credibility pre-symbolised politically; public-reason foundation hollowed at cultural level	medium — engineering backup undamaged but narrative space compressed	medium-high — dissenters drowned in synthetic noise rather than silenced	medium — long-term bearing depends on civil society resilience; short-term penetration does not necessarily dismantle
β Subsea cable disruption	medium — offline mode preserves verification subset, but revocation freshness downgrade risk	medium-high — engineering availability of backup stack directly determines plurality load	medium-high — dissent channels rely on cross-border backup; political selection of backup inversely affects neutrality	medium — sensitivity of long-term structure to single disruption event is low
γ Gray-zone invasion	medium — cryptographic layer still operates; degradation mainly at revocation timing dimension	medium — engineering backup overlaps with β; additional political oscillation concerns	high — revocation latency + administrative procedures not designed for gray-zone state; double blow	medium-high — “semi-failure state” structurally elevates procedure-entry difficulty

Unit reading notes:

1. Distribution along the same row (same pressure vs. four components) shows “the primary damage surface of that pressure”: α primarily strikes validity and contestation; β primarily strikes plurality and contestation; γ primarily strikes contestation and agonism. The shared primary victim component across all three pressures is contestation.
2. Distribution along the same column (same component vs. three pressures) shows “the primary vulnerability of that component”: contestation bears medium-high or above likelihood under all three types of pressure, and is the structurally most vulnerable item among PRF’s four components.
3. Validity’s likelihood under γ is medium rather than high—this is deliberate convergence: the cryptographic layer generally still operates under quasi-wartime; validity’s primary damage is at α’s public-reason foundation dimension, not γ’s cryptographic dimension.
4. Agonism’s overall likelihood is lower than contestation’s—this reflects agonism’s long-term structural nature: even significant single pressure events have limited short-term penetration of “long-term survival of the sustained dissent structure.”

Reading method under compound scenarios: when α + β + γ occur simultaneously, the likelihoods of individual cells are not summed; instead they are read as “contestation’s entire column simultaneously bears three medium-high or above pressures, with the bearing bottleneck concentrated in this component.” Under compound pressure, the civilian backup stack’s primary value lies in the distributed bearing of the plurality and contestation columns.

---

§References (SA4)

• [ref-1] Doublethink Lab, China Index 2024 — Taiwan Country Report, 2024
• [ref-2] Taiwan FactCheck Center & IORG, 2024 election cycle LLM synthetic content monitoring annual report, 2024–2025
• [ref-3] V-Dem Institute, Democracy Report 2025 + Digital Society Survey 2024–2025 data
• [ref-4] Freedom House, Freedom on the Net 2024 — Taiwan
• [ref-5] Chunghwa Telecom / NCC announcements, Matsu subsea cable disruption incident (first disruption 2023-02-02, second disruption 2023-02-08, approximately 35 days to recover to backup level)
• [ref-6] TeleGeography Submarine Cable Map 2024–2025; NCC international subsea cable data
• [ref-7] Ministry of National Defence, Republic of China. 2025 National Defence Report
• [ref-8] Institute for National Defence and Security Research (INDSR), gray-zone series research (2023–2025)
• [ref-9] Center for a New American Security (CNAS), Taiwan Gray Zone and Taiwan Contingency Planning series reports (2023–2025)
• [ref-A14] Cross-Jurisdictional Redress Gap (series A14)
• [ref-A15] Civic-Proof Inclusion Rights (series A15)
• [ref-E3] Structural Slippage Prevention (series E3)
• [ref-10] “Bèibèi Érlái” litepaper (civilian advocacy document, public consultation version 2025-11; this article cites only at the engineering backup preparedness level, without invoking its normative claims)

---

§7. Counter-Argument Stress Tests

This section presents six independent counter-arguments against §§1–6. The design principle of each counter-argument is: (a) not a strawman—if accepted, the counter-argument would dismantle some specific bearing of §§1–6; (b) self-attack strength must exceed 80%—i.e. under the counter-arguer’s home-field conditions, this article’s working thesis must retreat to a “conditional typical case” position rather than remaining as-is. The purpose of this section is not to refute the counter-arguments but to formalise the retreats they require and to mark which retreats this article actually accepts, which it rejects, and which it suspends.²³

§7.1 Counter-Argument A: “Taiwan Is a Sui Generis Exception, Not a Typical Stress-Test Case”

Counter-argument statement: §§1–3 of this article argue that Taiwan is “a stress-test case for PRF on the democratic frontline” (working thesis). However, if the definition of stress-test requires “representativeness in conditional distribution,” then Taiwan simultaneously combines four conditions—(i) strong civil society (g0v / civic technology community / association density); (ii) high-frequency elections on a four-year cycle; (iii) physical infrastructure scenarios of earthquakes and subsea cable disruptions; (iv) cross-strait military pressure and grey-zone cognitive warfare—and countries with this combination are extremely rare. Estonia lacks (iii)(iv); Ukraine lacks the same quality of (i); Israel and South Korea each lack one of (i) or (iii). Conclusion: Taiwan is a sui generis concurrent combination; as a PRF stress-test case, its conclusions have no extrapolation force to any other single democracy.

Self-attack strength assessment: if this counter-argument holds, nearly all universalising inferences of this article’s §6 fail; the article’s working thesis retreats from “conditional typical” to illustrative anchor (exemplary anchor rather than typical); A2 §11 has already stated “conditional threshold identity” as one item, consistent with this. Attack surface covers §1 (positioning), §2 (specification of PRF four components in the Taiwan scenario), §6 (universalising inferences), approaching 100%.

This article’s response direction:

1. Accept “sui generis concurrent combination” as a true description;
2. But stress-test’s logical function does not require sample representativeness; it requires existential pressure—if in a democracy with four concurrent conditions, PRF’s four components can simultaneously be violated, simultaneously be restored, and simultaneously be empirically tracked, then the existential proposition “PRF under democratic frontline conditions can be engineering-tracked” holds;
3. Therefore, this article’s working thesis is revised to the dual formulation of “conditional typical + existential pressure”: Taiwan is not a statistically typical case, but its concurrent combination provides an existence proof of PRF near the boundary of the most stringent conditions.
4. Retreat: the strength of this article’s §6’s “universalising inferences” is downgraded to “hypotheses extrapolable on weaker conditional subsets,” leaving space for cross-case comparison chapters (dissertation pathway) to fill in.

§7.2 Counter-Argument B: “PRF Components in the Taiwan Case Violate Irreducibility”

Counter-argument statement: one of A2 §3.2’s core bearings is: PRF’s four components (plurality / validity / contestation / agonism) are “individually necessary within the conjunctive floor framework” and “difficult to be fully substituted by other components.”⁴ But the civilian backups of Taiwan described in §§4–5 of this article—including g0v’s fact-checking network, civic technology community’s electoral collaboration, civilian information corridors during earthquake/cable disruption scenarios—simultaneously bear plurality (multiple actors entering the field) and agonism (adversarial dissent made public) with the same set of civilian mechanisms. If the same mechanism can simultaneously bear two components, then the distinguishability of these two components in the Taiwan scenario fails, and PRF’s “individually necessary” bearing becomes “pairwise coupled” within this case. This is an internal threat to A2 §3.2 rather than an external counter-argument: it does not deny PRF but denies that PRF maintains a four-component structure in the Taiwan scenario.

Self-attack strength assessment: attack surface covers §4 (PRF component specification) + §5 (PRF mapping of civilian/government mixed stack), approximately 70–80%. If the counter-argument holds, A2 §3.3’s 32-cell bearing matrix must add “component coupling degree markings” in the Taiwan case column, and A2’s T_PRF1 “conjunctive floor formal theorem” degrades to a weaker version for the Taiwan scenario.

This article’s response direction:

1. Distinguish mechanism bearing from normative components: the same mechanism bearing multiple components does not equal two components being normatively reduced to one. Habermas’s Geltungsansprüche and Mouffe’s agonism have already co-existed at the same institutional locus multiple times in the original texts (Fraser’s counterpublics are a case in point).⁵
2. Acknowledge weakening of distinguishability: §5 of this article makes explicit: in the Taiwan scenario, “plurality’s agonistic bearing” and “agonism’s pluralistic bearing” require pairwise disambiguation in analysis rather than presupposing mutual independence.
3. Retreat: A2 §3.2’s strong form of “individually necessary” is rewritten for the Taiwan case as “each component maintains a distinguishable normative identity within the conjunctive floor, but mechanism bearing may be coupled.” This retreat is written back into §8.1’s revision direction for A2.

§7.3 Counter-Argument C: “LegitimacyDegrade ≥ θ_dem Threshold in SA2 §4.5 Still Smuggles Empirical Claims”

Counter-argument statement: A2 has already added inline caveats throughout to LegitimacyDegrade(d) ≥ θ_dem ≈ 0.5: “analytical recommendation, not calibrated, requires regression calibration across ≥ 5 cases.”⁶ This article’s SA2 §4.5 adopts “four-level likelihood-by-mechanism” phrasing to avoid smuggling empirical threshold claims. But: the scoring among the four levels still depends on “the probability distribution of some mechanism violating some component,” and that probability distribution in the Taiwan scenario has no empirical basis at present (B2 has been restricted by two rounds of GPT-5.5-pro audit to a method pilot, withdrawing all specific decimals).⁷ Conclusion: four-level language merely lowers the empirical claim from scale to ordinal, but does not eliminate empirical dependency. SA2 §4.5 still smuggles an empirical assumption of “mechanism-conditional probability ordering.” This is an extended interrogation of B2’s Phase 0d Revision Note: B2 withdrew the decimals, but the Taiwan case still uses ordinal levels—the legitimacy of ordinal levels also requires empirical grounding.

Self-attack strength assessment: attack surface covers SA2 §4.5 (threshold handling) + §5 (risk distribution description), approximately 85%. This is the counter-argument with the highest attack strength on “methodological honesty boundaries” among all six.

This article’s response direction:

1. Acknowledge that ordinal levels are a weak form of empirical dependency: if the four levels (low/medium/medium-high/high) are understood as probability interval mappings, they require empirical anchors; if understood as ranking language for design intuitions, they do not require empirical anchors, but this must be made explicit to readers.
2. Adopt design intuition interpretation: this article’s §6.5’s four levels only indicate relative ranking of design risks, and do not claim to correspond to any probability distribution. Any citation that reads the four levels as probability intervals is hereby pre-emptively withdrawn by this article.
3. Retreat: §6.5 adds a warning (already written into the revised version of §5): “This article’s four-level language is a design-intuition ranking idiom and does not claim to correspond to any probability distribution. When mapped to the form LegitimacyDegrade ≥ θ_dem, it serves only as a qualitative anchor for conditional statements.” This retreat is written back into §8.1’s revision direction for A2 and B2.

§7.4 Counter-Argument D: “Civilian Advocacy Document Citation Level Has Been Smuggled Upward”

Counter-argument statement: §5.5 of this article explicitly states the “design intuition vs. normative claims separation principle”—the cited civilian advocacy document is only a source of design intuitions, not a basis for normative claims. But: in §6.4’s “comparative bearing capacity of civilian backup vs. government supply in PRF,” if one accepts the relative judgment that “civilian backup has higher bearing capacity” for plurality and agonism, that judgment’s basis actually rests on the design intuitions of the civilian advocacy document—in other words, §6.4, while making normative comparisons, implicitly carries the scheme superiority of the civilian advocacy document. This is precisely the “using advocacy documents as evidence” class of error in Phase 2 Overclaim Log.⁸ Internal review: §6.4 should strengthen the restriction on the bearing capacity comparison, otherwise the “design intuition / normative claims” separation principle fails at §6.4.

Self-attack strength assessment: attack surface concentrated in §6.4, approximately 80%. Indirect impact on other chapters.

This article’s response direction:

1. Accept the accusation of §6.4 phrasing being too strong: the original §6.4 expression “civilian backup’s bearing capacity is higher” is rewritten as “within the design intuition comparison scope already stated in §5.5, civilian backup’s design coverage of plurality and agonism is more comprehensive; this article does not claim this difference equals normative scheme superiority.”
2. Reinforce the boundary language of the separation principle: the entire §6.4 section adds an inline caveat: “The civilian advocacy document is only a source of design intuitions; any citation that reads it as a policy recommendation or normative claim is hereby pre-emptively withdrawn by this article.”
3. Retreat: §6.4’s conclusion no longer supports universalising inferences of “scheme superiority.” This retreat is written back into §8.1’s revision direction for E1 (wallet essential facility), because E1’s description of “civilian alternative supply” originates from the same risk location.

§7.5 Counter-Argument E: “Rhetorical Risk of Taiwan Romantic Exceptionalism”

Counter-argument statement: international media in the 2014–2024 period has combined g0v, Audrey Tang, Taiwan’s civic technology community, open government practices—plus the resilience narrative of civilian advocacy documents—into Taiwan romantic exceptionalism narrative: describing Taiwan as “the global model of democratic digital governance.” Although §§1–6 of this article do not directly use this rhetoric, its structure (“stress-test case” + “civilian backup PRF mapping” + “international reference”) can be easily reassembled by readers into romantic exceptionalism. Core of the counter-argument: if this article does not explicitly reject this, it will be cited externally as academic endorsement of romantic exceptionalism—this is the risk of narrative hijacking.

Self-attack strength assessment: attack surface is at the narrative layer rather than the propositional layer, covering the full-text reading effect, approximately 80%. The strength of the propositional layer is unaffected by this counter-argument, but academic and policy-circle citation practices may deviate from this article’s position.

This article’s response direction (anti-mythologization clause):

Explicit clause (this article’s anti-mythologization clause): This article does not claim that Taiwan is the global model of democratic digital governance; does not claim that g0v, the civic technology community, and civilian backup mechanisms can independently provide complete bearing of PRF’s four components; does not claim that Taiwan’s experience can be directly extrapolated to any other single democracy. This article hereby pre-emptively withdraws its endorsement of any external citation that reads this article as a “Taiwan is a model student” narrative. Any citation that reads this article’s working thesis as such a narrative is treated by this article as a misreading.

This clause stands as an independent paragraph before the §References at the end of the article, to prevent readers who skim from missing it.

§7.6 Counter-Argument F: “The Unsettled Constitutional Status of the Republic of China / Taiwan and Its Impact on PRF’s Scope of Application”

Counter-argument statement: PRF’s jurisdictional scope presupposes a clearly definable democratic constitutional community (demos). But the constitutional status of the Republic of China / Taiwan has been long unsettled at the layers of cross-border trust and international recognition: (i) most countries do not recognise Taiwan as a sovereign state; (ii) Taiwan’s ISO 3166 TW code is chronically subject to naming disputes; (iii) Taiwan’s cross-border DID/VC trust list and identity circulation within the EUDI system lack direct treaty-law foundations; (iv) in PRF cross-case comparisons, the premise of “the boundary of demos” is endogenously unstable in the Taiwan scenario. Conclusion: in the definitional segment of PRF normative floor’s scope of application, the Taiwan case first encounters the pre-emptive question of “whether the scope of application itself can be formalised”—this is more fundamental than the bearing problems internal to the four components.

Self-attack strength assessment: attack surface is at the precondition layer—if the counter-argument holds, this article’s §§1–6’s PRF mapping encounters a formal definition gap in jurisdictional scope before entering analysis. Coverage approximately 90%, and this is the only counter-argument involving formal definition.

This article’s response direction:

1. Acknowledge the formal instability of jurisdictional scope in the Taiwan case: this article does not claim this problem is resolved.
2. Adopt a functional demos operational definition: within the scope of PRF analysis, demos is defined as “the set of citizens and long-term residents who actually participate in Taiwan’s elections, taxation, health insurance, and civil associations,” bypassing the issue of sovereign recognition. The cost of this operational definition: (i) PRF bearing for cross-border issues (mainland spouses, Taiwanese businesspersons, Southeast Asian spouses, overseas citizens) requires independent argument; (ii) cannot directly connect to A14’s (cross-jurisdictional redress) intra-EU arguments.⁹
3. Retreat: this article’s working thesis’s jurisdictional scope is rewritten as “functional demos of the democratic frontline,” and §8.2 revision direction (i) explicitly states that “the universal-conditional distinction in PRF normative floor” must include an independent argument for the formal definition of demos. This is a cross-paper claim reinforcement for A2 §11’s honesty boundary.

---

§8. Revision Directions for Existing Series Conclusions

This section writes the retreats from §7’s six counter-arguments back into the series’ existing bearings, marking which article / which claim / revision to what. Each revision is 1–2 sentences for the series capstone (Article 25) to handle uniformly.¹⁰

§8.1 Revision Directions for the Series’ Nine Primary Bearings

• A1 (Accountability does not presuppose real-name identification): the dual-core bearing of plurality and agonism in the original bearing needs, in the Taiwan scenario, a new annotation of “mechanism bearing may be coupled but normative identities remain distinguishable” (responding to §7.2). Revision: A1 §4.1 Arendt implicit-use paragraph adds a footnote pointing to this article’s §7.2.
• A2 (PRF normative floor, Article 19): (a) §3.2’s strong form of “individually necessary” is rewritten for democratic frontline cases as “normative identities remain distinguishable; mechanism bearing may be coupled” (responding to §7.2); (b) §11 honesty boundary adds one item: “formal definition of jurisdictional scope requires independent argument” (responding to §7.6); (c) §3.3’s 32-cell matrix column adds “component coupling degree marking” as future work (responding to §7.2).
• A14 (Cross-jurisdictional redress, E4): the original bearing’s split conclusion of “partially resolved within the EU” + “still a major gap outside the EU”¹¹ takes the functional demos operational definition as premise in the Taiwan scenario (responding to §7.6). Revision: A14 §11 adds a footnote pointing to this article’s §7.6, making explicit that “cross-strait issues in Taiwan are not directly amenable to borrowing intra-EU arguments.”
• A15 (Inclusion rights, E5): the original Level 1–3 rights language three-layer split¹² still applies in the Taiwan scenario, but Level 2 institutional obligations’ specific implementation pathways under “ROC constitutional status unsettled” require independent argument (responding to §7.6). Revision: A15 Revision Note adds a footnote pointing to this article’s §7.6.
• F1 (Agent delegation, operational spine): F1’s four-component full core bearing¹³ in the Taiwan scenario’s mapping needs, in conjunction with §7.2’s “mechanism bearing may be coupled,” pairwise disambiguation of the bearing structure. Revision: F1 §6 adds a footnote pointing to this article’s §7.2.
• F2 (Civic-action-receipt): F2’s 23-leaf schema’s specific instantiation in the Taiwan civilian/government mixed-stack scenario needs a new jurisdictional scope field group (responding to §7.6). Revision: F2 §3.1 schema’s future work entries add one item.
• F3 (Selective disclosure UX): F3’s cognitive load argument in Taiwan’s multilingual scenario (Mandarin, Taiwanese, Hakka, indigenous languages, new resident languages) needs to connect inclusion design with A15’s Level 2 institutional obligations (responding to §7.6). Revision: F3 §10 forward-link paragraph adds a footnote.
• E1 (Wallet as essential facility): the normative comparison strength of “civilian alternative supply” in the original bearing of “anti-monopoly application + multi-pronged alternative supply” is downgraded (responding to §7.4). Revision: E1 §5’s multi-pronged alternative supply paragraph adds inline caveat: “relative bearing capacity comparison is confined to design intuition scope.”
• E3 (Structural slippage prevention): MVSR three-layer + sunset/scope-bound/split-key prevention mechanisms need, in the Taiwan scenario, an added item for “slippage prevention for grey-zone cognitive warfare” (responding to §7.1’s condition iv). Revision: E3 §6 adds one future work item.

§8.2 Revisions Condensed into Three Universalising Claims

• (i) Universal-conditional distinction for PRF normative floor: the original A2 PRF normative floor is a single universal statement plus a democratic-regime assumption. This article’s revision: PRF’s universal part is the necessity of the four-component structure; the conditional part is mechanism bearing / component coupling degree / formal definition of jurisdictional scope—the latter changes with the case. Capstone and dissertation pathways must separate these two parts at the PRF main-text level (corresponding to §§7.1, 7.2, 7.6).
• (ii) PRF mapping of civilian + government mixed stacks requires independent argument (civilian advocacy documents cannot be directly transposed): §6.4 of this article has already confined “civilian backup’s higher bearing capacity” to the design intuition comparison scope. The series capstone must elevate this separation principle into cross-case argument discipline: any bearing capacity comparison in mixed-stack PRF mapping must be formally separated from civilian advocacy documents’ design intuitions and must mark its revision location in §8.1’s corresponding articles (corresponding to §§7.4, 7.5).
• (iii) Civic-proof on the democratic frontline requires one order higher resilience than in general democracies: the original series presupposed “democratic regime” as a homogeneous premise. This article’s revision: under democratic frontline conditions—i.e. simultaneously combining strong civil society + high-frequency elections + physical infrastructure scenarios + cross-border adversarial pressure—the resilience requirements for civic-proof are one order higher than in general democracies; the engineering operational requirements of F1/F2/F3 must make conditional refinements for this difference (corresponding to §7.1).

---

§9. Conclusions

This article’s working thesis is revised under the pressure tests of six counter-arguments into the following form:

Taiwan is not a statistically typical case for PRF, but a conditional typical + existential pressure case for PRF under democratic frontline conditions. Under the concurrent risks of strong civil society bias and sui generis concurrent combination, Taiwan provides an existence proof that PRF’s four components can simultaneously be violated, simultaneously be engineering-tracked, and simultaneously be borne by a civilian/government mixed stack; but the universalising inference strength of its PRF mapping is downgraded to “hypotheses extrapolable on weaker conditional subsets.” This article’s anti-mythologization clause (§7.5) explicitly refuses external citation use that reads this article as Taiwan romantic exceptionalism, and retains future work for independent argument on the formal definition gap in jurisdictional scope (§7.6).

This revised form of the working thesis maintains structural consistency with A2’s “T0 revision—structural rewrite + strength calibration + scope downgrade + philosophical contestation upgrade” four changes¹⁴: this article’s retreats are not withdrawal from PRF’s main argument, but a rewrite of an originally implicitly globally-extrapolating thesis as the three-part formulation of “conditional typical + existential pressure + democratic frontline resilience requirements one order higher.”

Three future works:

1. Dissertation case chapter: this article is the precursor to the Taiwan chapter in the dissertation pathway; that chapter needs, building on this article, to supplement: (a) §7.2’s mechanism-bearing-coupling-tolerant 32-cell matrix reinforcement; (b) §7.6’s independent argument for the formal definition of jurisdictional scope; (c) §8.2(ii)‘s independent argument discipline for mixed-stack PRF mapping.
2. Cross-case comparison (Taiwan vs. Estonia vs. Bhutan): §7.1 of this article has already marked the conditional distribution differences among the three cases. A cross-case comparison chapter must construct a minimal conditional variable set so that differences among the three cases in PRF mapping can be attributed to the presence or absence of specific conditions, rather than attributed to the black box of “cultural uniqueness.”
3. Independent argument for civilian backup’s PRF mapping: §6.4 and §8.1’s revision direction for E1 both point to the same future work: the normative comparison strength of civilian backup bearing PRF’s plurality/agonism must be independently argued formally separated from civilian advocacy documents’ design intuitions—this requires a separate paper, which can be undertaken after the series capstone (Article 25).

Forward-link to series capstone (Article 25): this article’s §8.2’s three universalising claim revisions provide the Taiwan case’s bearing input for the capstone’s main structure; the capstone must integrate this article’s anti-mythologization clause, §7.6’s jurisdictional scope formal definition gap, and §8.1’s nine primary bearings’ revision directions into the complete revised bearing matrix of the series’ 23+1 articles, and make the final allocation between the dissertation pathway and the open questions agenda.

---

§References (SA5)

---

---

§10. Revision Note (2026-05-16)

This article is the 24th article of the civic-proof series (Phase 4a Taiwan deep-dive) and bears the following five disciplinary obligations:

1. Handling discipline for “Bèibèi Érlái” litepaper: that document is a speculative civilian implementation document; this article’s citations uniformly refer to it as “‘Bèibèi Érlái’ litepaper (civilian advocacy document, public consultation version 2025-11)”; URL https://blog.bonds.tw/litepaper/, accessed 2026-05-16. This article does not adopt academic citation format; does not transport that document’s normative language as PRF normative claims; that document’s content is summarised in §5 as design intuitions (shèjì zhíguān), and its PRF mapping is this article’s independent argument, not dependent on that document’s own normative language.

2. Extension of B2 Phase 0d Revision Note discipline: this article’s §6.5’s four-level likelihood-by-mechanism assessment table is a relative ranking idiom for design intuitions and does not claim to correspond to any probability distribution. Any citation that reads the four levels as probability intervals is hereby pre-emptively withdrawn by this article (per §7.3 Counter-Argument C’s retreat).

3. Anti-mythologization clause (per §7.5 Counter-Argument E’s retreat): this article does not claim that Taiwan is the global model of democratic digital governance; does not claim that g0v, the civic technology community, and civilian backup mechanisms can independently provide complete bearing of PRF’s four components; does not claim that Taiwan’s experience can be directly extrapolated to any other single democracy. Any citation that reads this article as a “Taiwan is a model student” narrative is treated by this article as a misreading of the working thesis.

4. Three-part bearing of the working thesis: “conditional typical + existential pressure + democratic frontline resilience requirements one order higher” (per §9 conclusions). Taiwan is not a statistically typical case for PRF; its sui generis concurrent combination provides an existence proof of PRF near the boundary of the most stringent conditions; universalising inference strength is downgraded to “hypotheses extrapolable on weaker conditional subsets.”

5. Functional demos operational definition for jurisdictional scope (per §7.6 Counter-Argument F’s retreat): this article adopts the functional demos operational definition of “the set of citizens and long-term residents who actually participate in Taiwan’s elections, taxation, health insurance, and civil associations,” bypassing the issue of sovereign recognition; cross-border issues (mainland spouses, Taiwanese businesspersons, Southeast Asian spouses, overseas citizens) are left for independent argument.

This article’s §8.1’s specific revision directions for nine series articles (A1/A2/A14/A15/F1/F2/F3/E1/E3) will be uniformly handled in the series capstone (Article 25). This article is the precursor to the Taiwan case chapter in the dissertation pathway; subsequent cross-case comparisons (Taiwan vs. Estonia vs. Bhutan) and independent argument for civilian backup’s PRF mapping are listed as future work.

---

§References (Consolidated)

This article’s reference numbers are independently compiled per chapter; consolidated references for important external sources are as follows:

Taiwan Institutional History and DIW Policy (§3)

• Judicial Yuan Interpretation No. 261 (1990-06-21): https://cons.judicial.gov.tw/docdata.aspx?fid=100&id=310442
• Executive Yuan 3632nd Cabinet Meeting Agenda Item “Digital Identity Card” (2018-12-27): https://www.ey.gov.tw/Page/448DE008087A1971/12ffc708-1b40-450a-b50a-0114b479e079
• Executive Yuan “Suspension of Digital Identity Card Issuance Plan” (2021-01-21): https://www.ey.gov.tw/Page/9277F759E41CCD91/e80e55a2-0102-4031-b6d3-a7c40f4cac6a
• Lin Tsung-nan, Li Chung-hsien, “Information Security Risks of Digital ID Cards,” Newtalk: https://talk.ltn.com.tw/article/paper/1318140
• The Reporter, “From the Cancelled Digital ID Card Policy”: https://www.twreporter.org/a/e-id-in-taiwan-2021-failed
• Ministry of Digital Affairs official website, “Ministers Since 2022”: https://moda.gov.tw/aboutus/ministers-since-2022/1527
• iThome, “Digital Identity Wallet as Cornerstone of Digital Trust Environment”: https://www.ithome.com.tw/news/173833
• CIO Taiwan, “Digital Identity Wallet Launches”: https://www.cio.com.tw/93520/
• Blocktrend, “Why Can’t the Digital Identity Wallet Just Use Apple Wallet?”: https://www.blocktrend.today/p/ep312
• Personal Information Protection Commission preparatory office: https://www.pdpc.gov.tw/

Specifications and Normative Documents (§4)

• EUDI Architecture and Reference Framework 2025-12 iteration: https://eudi.dev/
• W3C Verifiable Credentials Data Model v2.0 (2025-05-15 W3C Recommendation)
• BBS Cryptosuite v1.0 → 2026-04-07 CRD (Candidate Recommendation Draft)
• ISO/IEC 18013-5 mDL standard
• Regulation (EU) 2024/1183 (eIDAS 2.0)

External Sources for Triple Pressure (§6)

• Doublethink Lab, China Index Annual Report (2022–2025)
• IORG (Taiwan Information Environment Research Center) + Taiwan FactCheck Center annual monitoring reports
• V-Dem Institute, Democracy Report 2025
• Freedom House, Freedom on the Net 2024 — Taiwan
• Chunghwa Telecom / NCC announcements: Matsu subsea cable disruption incident (2023-02-02 / 2023-02-08, approximately 35 days to recovery)
• TeleGeography Submarine Cable Map (2024–2025)
• Ministry of National Defence, Republic of China, 2025 National Defence Report
• Institute for National Defence and Security Research (INDSR) gray-zone series research
• CNAS Taiwan Gray Zone + Taiwan Contingency Planning series

Civilian Advocacy Document (§5)

• “Bèibèi Érlái” litepaper (civilian advocacy document, public consultation version 2025-11): https://blog.bonds.tw/litepaper/, accessed 2026-05-16

Series Internal Forward-Links

• A1 (2026-05-02): accountability-without-identification
• A2 (2026-05-12): public-realm-political-philosophy (PRF normative main text, source of this article’s bearing)
• A14 / E4 (2026-05-09): cross-jurisdictional-redress-gap
• A15 / E5 (2026-05-10): civic-proof-inclusion-rights
• B2 (2026-05-08): digital-identity-civic-action-quant
• E1 (2026-05-08): wallet-as-essential-facility
• E2 (2026-05-09): no-phone-home-engineering-economics
• E3 (2026-05-09): structural-slippage-prevention
• F1 (2026-05-10): civic-ai-agent-delegation-limits
• F2 (2026-05-11): civic-receipts-provenance
• F3 (2026-05-11): selective-disclosure-ux-failure

Classic Sources

• Arendt, H. (1958). The Human Condition. University of Chicago Press.
• Habermas, J. (1981). Theorie des kommunikativen Handelns. Suhrkamp.
• Pettit, P. (2012). On the People’s Terms. Cambridge University Press.
• Mouffe, C. (2000). The Democratic Paradox. Verso.
• Taleb, N. N. (2012). Antifragile: Things That Gain from Disorder. Random House.
• Mueller, M. L. (2002). Ruling the Root. MIT Press.
• Aas, J. et al. (2019). “Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web.” Proc. ACM CCS 2019.

Footnotes

1. Civic-proof series E2, 2026-05-09, no-phone-home-engineering-economics ↩

2. This article’s counter-argument design principles follow A2 §9 “counter-argument stress tests—weakened but not overturned” method ↩

3. This article’s counter-argument strength assessments adopt the four-change framework of audit-output.md §H.5 ↩

4. A2 §3.2 PRF conjunctive floor formal theorems T_PRF1–T_PRF4 ↩

5. A2 §5.3 Fraser’s counterpublics as correction to Habermas ↩

6. audit-output.md §I.4 Patch Pack B.3 ↩

7. audit-output.md §I.4 Patch Pack D ↩

8. overclaim-batch-5.md ↩

9. D-3 audit observation ↩

10. §8 revision directions respond to audit-output.md §I.7 Phase 2 Capstone Overview data requirements ↩

11. A14 (E4) cross-jurisdictional redress’s split-conclusion bearing ↩

12. A15 Revision Note Level 1–3 three-tier split ↩

13. A2 §3.3 32-cell bearing matrix ↩

14. audit-output.md §H.5 T0 revision’s four-change framework ↩