EU can build token-generation hardware and that's the solution to the perceived problem. Such approaches have been used by banks for decades. It's not a "20 years project" to issue similar hardware to what my German bank issued 10+ years ago. I've explicitly stated in my post that the EU should not build a software solution for smartphones with US operating systems since this approach violates the GDPR and other laws because of a fundamental incompatibility of EU law with the US CLOUD Act that has been recognized by judges already. The proposed solution you seem to favor is illegal.

If I'm right, you're the person ignoring reality and basing their judgment on wishful thinking, not me. I understand why you want to have a smartphone solution ("practicality") but AFAIK that's currently not a viable approach. I might be wrong about the legal situation but that's what I've claimed. Just repeating your talking point is not a reasonable reply to these legal concerns. In addition to this, there are also serious national security concerns, of course.