Either governments can develop (and pay for) THAT technology, or they can use Apple/Google ...
Government software is usually low-quality, expensive procurement crap, often riddled with security holes, and an exercise in checkbox checking. UX and user friction can't be expressed as a verifiable clause in a procurement contract, so they're ignored.
Besides, every time EU governments tried to force smartphone manufacturers to pre-install government apps, the population freaked out over (unwarranted) surveillance concerns. This isn't something you can do without pre-installing apps (you don't want these APIs opened up because then attestation loses all meaning).
Not necessarily the company that locks out entire family because one of the family member jacked off on the chat with Gemini model.
The scenario it would prevent is that a government gets a filled in form with someone requesting unemployment benefits, or reimbursement for a medical procedure on account X ... and then government finds out after payment, later, in court, that the owner of the phone never agreed to it and it needs to pay it out again (because the claim, true or not, that a scammer initiated the payment agreement in some way rather than the owner). Same for business and agreeing to a loan and ...
It is NOT to protect you, the owner of the phone, against scammers (it does not really do that at all), it is to protect companies and especially governments AGAINST the owner of the phone. It is a way to fire most EU government employees by allowing automation that currently can't work because you can't legally trust phone and internet automation to be binding in court.
Because if it is the end user, the strong version of the argument would be as follows: The end user signs a document, baked in is an attestation that Google guarantees that this device is an approved Android device with a clean boot chain and a Chrome web browser. Then the end user contests the signature in court, either because they didn't understand what they signed, or they did not sign it at all, or did it under threat. How could the attestation help here?
I do not have experience with all EU countries, of course, but more than one, and nowhere is this an issue today. Countries use a wide variety of electronic identification, from soft certificates and mobile phones to smart cards. But as far as I know, all countries accept signatures made even with normal Windows PCs. You can contest a signed document in court for a multitude of reasons, but that's not specific to electronic signatures.
So they're just going to use the Apple/Google standards and declare the job done. So it's theater from all sides. Politicians will pretend this is a good solution because they don't want to spend real money, and they really want to tempt EU kids to get loans on their smartphones because, you know, in the EU you're protected from companies exploiting you. Of course, that just means governments will have to do it instead.
I mean you could use Huawei and others, but the FUD campaigns against chinese manufacturers was pretty agressive in the EU.
So one may argue that the implementers are only taking the pragmatic approach regarding something that is out of their hands.
Also you weirdly forget all the Chinese phones. There's also some tiny European brand which will have absolutely no way to limit their users dependency on the famously hostile and unconctactable provider.
I don't know what the eIDAS 2.0 requires in term of security but it may make the choice the implementers made here unavoidable in practice, as hinted by @webhamster.
If so, it seems that a solution, if technically possible, might be to mandate that OSes provide the required security features without tie-in.
The outrage in the comments feels a bit like people yelling at clouds...
So you're claiming that Mobian doesn't exist? PureOS doesn't exist? PostmarketOS doesn't exist? Ubuntu Touch doesn't exist? SailfishOS doesn't exist?
This discussion feels unreal, really.
Now, "other" than Apple/Android is so small as to be negligible and governments also have a duty not to waste taxpayers' money, which means not spending hundreds of thousands to cater for an ultra small number of people who have an easy access to an alternative.
To have government apps work only on iOS and Android is perfectly reasonable in the current state of the world where this covers 99% of smartphones.
the fundamental flaw with that approach is that it is totally unreasonable to have government apps in anything other than open source and fully public systems. nothing else can really be trusted, and any private/closed source option should be disqualified from the get go.
the reason is simple: you can't trust private entities or opaque systems, and you can't trust government either, thus the solution has to be fully transparent or you're doing nothing.
the problem with that is that it is hard, expensive and/or inconvenient.
If it's not possible to create such a system for mobile phones because of legal issues (as you seem to acknowledge and judges have found in the past), then the focus would have to be on creating hardware devices in the EU, ideally with open source hardware and software. These can be made reasonably secure, have been used by banks for a long time, and would enhance digital sovereignty.
What I find unacceptable is the attitude "well, it will violate the law but as a matter of practicality it's the only choice we have right now so we'll just do it."
I don't disagree. I am just pointing out that this is wishful thinking right now.
As said, Europe has zero footprint in hardware or software so the choice is either not to develop any digital services or to accept that they will run of foreign hardware/software because everything is either Android or Apple and runs on hardware that is from US/Taiwan/China.
Developping honegrown alternives is pie in the sky or a 20 year project if we are optimistic (which I am not)...
Frankly, many comments, and the reactions to mine, show how out of touch and idealistic or naive the HN crowd can be.