True, but that's already a much less clean separation between the credential issuer's and my domain on many dimensions other than security.
As an example, this was the security model for mobile contactless payments for the longest time, and arguably as a result these never really took off until Google came up with a software-only alternative for Android. The potential for rent seeking of the hardware vendor is often too great, and even absent that, it requires close cooperation of too many distinct entities (hardware vendor, OS developer, bank, maybe a payment scheme etc).
(Apple had no issues, because their ecosystem is already a fully walled garden, and they can usually get away with charging access fees even for non-security-relevant hardware interfaces.)
With a contactless smartcard, I might have to carry one more plastic card than strictly necessary, but the technology for that is pretty mature (wallets), and I can migrate to a new phone without any hassle or use my credential on somebody else's device in a pinch.
Some of the current EU ID cards are actually smartcards, so in terms of privacy guarantees and separation of concerns, we are moving backwards. I am also more comfortable with a low-tech solution that is not linked to my personal devices. Something like a FIDO passkey would be ideal as those are also able to verify the identity of the other side, but are relatively low-tech and won't serve to track me.
ICAO biometric travel documents, the underlying standard which almost all EU ID cards implement these days, aren't suitable for remote identity verification though, as they don't have any way of verifying whether the legitimate holder or a thief/fraudster is using them.
Selfie or video face verification is susceptible to deepfakes, and remote fingerprint reads would also require trusted reader hardware.
Some countries have domestic schemes implemented on the same cards (e.g. Germany), but these are not interoperable across the EU, and many countries just don't have any non-ICAO scheme on their cards to begin with, and are instead implementing eIDAS (the current EU digital signature scheme) using some alternate scheme.
As an example, this was the security model for mobile contactless payments for the longest time, and arguably as a result these never really took off until Google came up with a software-only alternative for Android. The potential for rent seeking of the hardware vendor is often too great, and even absent that, it requires close cooperation of too many distinct entities (hardware vendor, OS developer, bank, maybe a payment scheme etc).
(Apple had no issues, because their ecosystem is already a fully walled garden, and they can usually get away with charging access fees even for non-security-relevant hardware interfaces.)
With a contactless smartcard, I might have to carry one more plastic card than strictly necessary, but the technology for that is pretty mature (wallets), and I can migrate to a new phone without any hassle or use my credential on somebody else's device in a pinch.