European governments are deploying digital identity wallets for citizen services, but these systems rely on Google Play Integrity API and Apple's Managed Device Attestation for security verification. This creates an unexpected dependency on major tech platforms when accessing critical public infrastructure. The wallets are meant to verify age and authenticate users across government services, yet their security architecture ties them to proprietary ecosystems.

Google Play Integrity API functions as more than just a security tool—it enforces Google's control over the Android ecosystem by verifying devices run Google-licensed Android versions. When checking app integrity, Google uses the Play Store as the sole source of truth, requiring Google accounts and excluding alternative operating systems like e/OS and Graphene OS. This approach directly conflicts with the Digital Market Act's anti-monopoly objectives.

Switzerland has already rejected Play Integrity over data sovereignty concerns, using Android's Hardware Attestation API instead. This open alternative provides security without enforcing Google's ecosystem policies. Meanwhile, Netherlands and Italy mandate Google's solution, interpreting EU recommendations strictly and potentially excluding users of de-Googled systems from essential services.

The inconsistency reveals a governance problem: the EU's Architecture Reference Framework recommends but doesn't require these proprietary solutions, leaving member states to make conflicting choices. This threatens Europe's digital sovereignty goals while creating vendor lock-in for citizens who need access to government services. Public infrastructure requires public accountability, not private platform enforcement.