“What is being built right now, across the EU, the UK, the United States, and their allies, is a comprehensive architecture of identification, communication surveillance, financial monitoring, and content control. Each piece connects to the others.”
Something is happening across the Western world that doesn’t have a single headline, a single law, or a single villain. It’s a creep. Quiet, incremental, always justified by the most sympathetic rationale available: protect the children, stop the terrorists, fight misinformation, prevent financial crime. By the time any single measure becomes visible enough to generate public outrage, ten others have already passed into law. I must humbly admit: even though I have been monitoring this space for years, and have been aware of the UN’s Agenda 2030 and its sub-goals, I did not envision the implementation phase to accelerate and be so present and real already in 2026. I thought we had a few more years for that.
But reality is slapping us all in the face these days, it’s the nature of this disillusionment phase we’re all living through. And it’s how digital control works: a slow accumulation of permissions that governments grant themselves while the public is distracted.
2026: The Year The Internet Closed In On Us
The open internet, the one that allowed anonymous speech, private communication, and pseudonymous identity, is being systematically dismantled. In its place, a new architecture is emerging: one where every user is identified, every transaction is logged, every communication is scannable, and every platform is legally responsible for what its users say.
The European Union has led the charge. The Digital Services Act requires large platforms to proactively police content, implement algorithmic transparency measures, and take down material flagged by government-approved “trusted flaggers,” entities designated by member states with the power to escalate content removal requests. The practical result is a privatised censorship infrastructure, where liability pressure does the work that state censorship would have been challenged in court.
Then there is Chat Control, perhaps the most ambitious surveillance proposal in EU history. Under the guise of combating child sexual abuse material, the European Commission proposed legislation that would require messaging platforms to scan all private communications, including end-to-end encrypted messages, for flagged content. The proposal has faced fierce resistance from cryptographers, privacy advocates, and some EU member states, but it has not been abandoned. It keeps returning in revised form because the goal has not changed. Breaking encryption, under any rationale, gives governments access to private communication at scale.
The EU’s approach to age verification follows the same pattern. Under the Digital Services Act and related frameworks, platforms must verify the ages of users accessing “harmful” content. The mechanism for doing this, in practice, requires users to submit government-issued identification or biometric data to third-party verification services. Age verification systems are honeypots for identity data, and the regulatory pressure to implement them is accelerating.
The UK & Australia’s Versions of Controlled Internet
Britain’s Online Safety Act, passed in 2023, imposed sweeping obligations on platforms to remove “legal but harmful” content, with the definition of harmful left deliberately broad and subject to future expansion. Ofcom, the regulator, was empowered to demand that platforms implement “accredited technology” to scan for illegal content, including within private messages. Like Chat Control in the EU, this creates backdoor pressure to break or circumvent encryption.
The Online Safety Act’s scope creates strong incentives for platforms to geoblock or limit functionality for users who appear to be circumventing content restrictions, putting effective pressure on VPN use without a formal ban.
Australia moved first on social media age restrictions, with its Online Safety Act empowering the eSafety Commissioner to issue removal notices for a wide range of content. The under-16 social media ban it introduced is now being cited as a model by other governments. As I discussed on Spectator TV Australia, when that ban started locking adult political writers out of platforms, it wasn’t a bug. It was a preview.
Identity Is the Infrastructure of Control
The EU’s digital identity framework, eIDAS 2.0, mandates that member states make available a European Digital Identity Wallet to every citizen who wants one. The wallet holds verified identity credentials, educational qualifications, medical records, payment information, and travel documents, all in a single state-issued digital container. EU countries are required to offer EUDI Wallets to their citizens by end of 2026, with businesses required to accept them by 2027. The Commission frames this as convenience. What it actually creates is a single point of identity that governments, employers, and service providers can require before granting access to services.
“The Commission frames this as convenience. What it actually creates is a single point of identity that governments, employers, and service providers can require before granting access to services.”
Ireland was selected as one of the earliest implementers, launching a pilot for its Government Digital Wallet in April 2026: a state-run app to store your ID, birth certificate, driving licence, and more. The government’s pitch sounds reassuring: “You are in control of your data.” “Nothing is tracked or recorded.” They said the same things about every surveillance system before it became mandatory. Ireland is legally required under EU regulation to have the wallet operational for public services by end of 2026, extended to private services by end of 2027. “Voluntary” has an expiration date. They wrote it into law.
Ireland’s Communications Minister has already proposed requiring the wallet for social media access, meaning Irish people would need a state-issued digital ID just to log into Facebook, Instagram, or X (and any other big tech media platform). The Irish Council for Civil Liberties put it plainly: this would mean users can no longer browse the internet with any degree of anonymity. Every page visit, every platform login will be traceable back to a specific government ID.
CBDC Is The Weapon of Control
The Digital Euro sits alongside this architecture. The ECB’s rollout target is 2026-2027, the same window as the wallet rollout. While the retail digital euro gets most of the public attention, the ECB is simultaneously running two wholesale infrastructure projects that have received almost no coverage: Project Pontes, which establishes an interface between central bank money and tokenised digital assets, and Project Appia, which is designing the broader ecosystem and governance framework around those tokenised assets.
We’re essentially seeing a state-controlled digital ID wallet, plus a state-controlled digital currency with programmable rails, arriving together. I think people fail to understand that once their identity and their money live in the same government infrastructure, every transaction can be permissioned, tracked, and cut off. As I recently wrote, analysing Deutsche Bundesbank President Joachim Nagel’s pitch for the Digital Euro: central bankers are rebranding control as “critical payment infrastructure,” framing geopolitical tensions and declining cash use as the drivers for why we must embrace it.
“Digital ID is the authentication layer while CBDC is the currency that runs on top of it. Stop Digital ID and you prevent CBDC from being built at any scale that matters.” — Joshua Stylman
None of this should be a surprise. Back in December 2025, I laid out the three CBDC trends I expected to define 2026: accelerating rollout, the merging of digital currency with digital identity, and the Digital Euro setting the global template. Every one of them is now playing out, faster than even I expected.
Your Face Is Now Your Passport
Airports are becoming the clearest working model of what global biometric infrastructure looks like once it’s actually built. The EU’s Entry/Exit System went fully operational across all 29 Schengen countries on April 10, 2026, replacing passport stamps with fingerprints and facial scans for every non-EU traveller, data stored for three years and used to automatically track how many of your permitted days you have left. Refuse to hand over your biometrics, and you are refused entry, full stop. But this is not an EU-only project: it mirrors the US Biometric Exit program, the UK’s Electronic Travel Authorisation, and a broader international push, coordinated through the International Civil Aviation Organization’s biometric passport standard, to make facial recognition the default credential for crossing any border, anywhere. What’s being sold as convenience, and what is supposed to speed up the line for people already enrolled (in reality it’s often causing huge delays across major airports), is quietly becoming the connective tissue of a single, interoperable global identity layer: enroll once, and your face becomes legible to every airport, every immigration system, and potentially every database it is ever linked to afterward.
New Crypto Regulation Enabling Surveillance
The EU’s MiCA (Markets in Crypto Assets) regulation, brought crypto assets under a comprehensive regulatory framework. Among its provisions are strict licensing requirements for crypto service providers, mandatory KYC for all transactions above certain thresholds, and, through DAC8, the automatic reporting of crypto asset holdings to tax authorities across member states. DAC8 requires crypto exchanges and wallet providers to collect and report detailed user information, including name, address, tax identification number, and the value of assets held and transacted, automatically shared between EU tax authorities.
That aggregation of financial data has not gone unchallenged. Bull Bitcoin, one of the world’s oldest Bitcoin-only exchange, has filed a legal challenge before France’s Conseil d’État, the country’s supreme administrative court, seeking to annul the decree implementing DAC8 domestically. CEO Francis Pouliot argues the directive creates a centralised honeypot of sensitive financial data, and the case arrives against a documented and worsening physical threat: French authorities have recorded 77 verified cases of kidnapping, extortion, or attempted extortion linked to crypto holders since the start of 2026 alone, already surpassing all of 2025, with France now accounting for an estimated 70% of such “wrench attacks” worldwide. “DAC8 has transformed the concept of Know Your Customer into Kill Your Customer,” Pouliot said. The case is being financed independently, and a favourable ruling could set a precedent for challenges across the EU.
The Travel Rule, now extended to crypto assets under MiCA, requires that the identity of both sender and receiver be attached to every transaction above a threshold. The pseudonymity that made Bitcoin usable as a parallel financial system is being regulated away. Banned would generate resistance. Made compliant means traceable, which means controllable.
KYC requirements have expanded in parallel across traditional finance. Under the EU’s Anti-Money Laundering Directives, banks must collect and verify detailed beneficial ownership information, monitor transaction patterns, and report suspicious activity to financial intelligence units. The threshold for what constitutes suspicious activity has been consistently lowered. Paying rent in cash, moving money between family members, operating a business with international clients: all of these can now trigger reporting obligations.
Your Car Is Watching You Too
The surveillance layer is not confined to phones, wallets, and bank accounts. It now extends to the vehicle in your driveway. A field known in the intelligence industry as CARINT, car intelligence, has emerged around the fact that modern cars are rolling computers, dependent on constant cellular and internet connectivity to function. Israeli firms are reported to be leading this space: one company has developed an “offensive” capability that can remotely tap into a car’s hands-free microphone and dashboard cameras, while others sell tools that track a vehicle’s location and movements in real time by exploiting its built-in SIM card, and even fingerprint individual vehicles using the unique identifier broadcast by their tire-pressure sensors. In the United States, agencies including the FBI and NSA request vehicle data from manufacturers much as they request data from phone and email providers, and firms like Palantir fuse license plate and registry data with other intelligence sources. The more digital a car becomes, the more it becomes another node in the same surveillance architecture as your phone, your wallet, and your identity.
The surveillance creep has now reached the dashboard by design, not just by hacking. As of July 7, 2026, every new passenger car and van registered in the EU must include an infrared, driver-facing camera as part of the bloc’s Advanced Driver Distraction Warning system, monitoring eye movement, blinking, and gaze direction whenever the vehicle exceeds 20 km/h. The European Commission frames it purely as a road-safety measure, and the system is described as closed-loop, with facial data processed on-device rather than transmitted. But researchers note that claim has no independent audit, and the same auto industry has a well-documented history of sharing or selling driver data to third parties. A camera trained on your face, built into your car by law, joins the SIM card, the tire sensor, and the microphone as one more sensor feeding a system you never consented to and cannot opt out of.
The Other Side: Freedom Tech Is Fighting Back
None of this is going unanswered. As covered by Susie Violet Ward on Forbes, a growing freedom tech movement is building the tools that let people communicate, transact, and organise even when governments, platforms, or banks try to cut them off. Activists in countries where governments impose internet and electricity blackouts turn to Bluetooth mesh-networking apps like Bitchat, which let nearby phones relay messages without internet or mobile service at all. On the financial side, developers are building bitcoin-based privacy tools like Cashu or Fedi for private digital money, and peer-to-peer donation protocols like Agora, which Venezuelan opposition leader Leopoldo López built after watching his own country weaponise the banking system against dissidents, calling it “unstoppable funding.”
This resistance extends to the phones too. Hakeem Anwar, a software engineer and founder of Above Phone, argues that Big Tech phones are not just data-collection devices but control points, since Google and Apple hold the signing keys to every app on their stores and can remove any application without your consent. His answer is phones powered by GrapheneOS and equipped with alternative privacy-conscious applications, services and sim cards. As Anwar put it when I spoke with him: privacy is a stack, the protocol, the app, and the hardware all have to be trustworthy, or the weakest link defeats everything else.
For me the two most exciting freedom technologies are Nostr, a decentralised protocol where your identity lives in a private key you control rather than the state, and Bitcoin, which lets value move peer to peer without middlemen granting permission. It feels like the time is right to educate the public about privacy and digital technologies; Freedom fighters such as John Burnett had put together a free course for digital privacy, and Bitcoin Policy UK Co-founder Freddie New consolidated a free privacy toolkit.
The Pattern
Each of these measures has a sympathetic justification: child protection, financial crime, national security, extremism, misinformation. These are real problems, and no serious person disputes that. The question is whether the proposed solutions are proportionate, whether they are reversible, and whether the infrastructure being built to address them can be repurposed once the justification is no longer convenient.
History answers that question clearly: emergency powers are rarely temporary. Surveillance infrastructure built for one purpose is routinely expanded to others. Identity systems created for efficiency become mechanisms of exclusion. Financial monitoring tools designed for crime become tools for managing dissent.
What is being built right now, across the EU, the UK, the United States, and their allies, is a comprehensive architecture of identification, communication surveillance, financial monitoring, and content control. Each piece connects to the others. The digital wallet links to the digital euro, which links to KYC, which links to DAC8, which links to the Travel Rule. The age verification system links to the identity wallet. The biometric border layer links to the same digital identity infrastructure. Chat Control links to the encryption backdoor. The Online Safety Act links to content moderation liability, which links to trusted flaggers, which links to government-approved information.
The cage is assembled one regulation at a time, by unelected technocrats and bureaucrats who understand that populations accept constraints they cannot see arriving all at once. If you haven’t started preparing for this highly technocratic reality by learning about and embracing freedom tech, the time is now.
Connect with me:
Twitter | YouTube | Instagram | Nostr | Podcast | All other links
Latest releases:
Sponsors:
Expat Money
→ Download the free report on second citizenships & setting up a plan B in another country with Expat Money: https://expatmoney.com/efrat
Ledn
→ Access liquidity without selling your Bitcoin with Ledn — learn more at https://ledn.io/Efrat
Trezor
→ Get your TREZOR bitcoin wallet & accessories, with a 5% discount, using my code at checkout (get my code from my podcast episode - yep, you’ll have to watch it)
Abundant Mines
→ Have you tried mining bitcoin? Stack sats directly to your wallet while saving on taxes with Abundant Mines. A month of free hosting for my followers:
Special offers:
→ Join me at Europe’s biggest and most influential Bitcoin event! Enjoy 10% off your BTC Prague using the code EFRAT.
→ Get 10% off on Augmented NAC to detox the Spike protein, using the code: YCXKQDK2, and this link. (Please note, this is not medical advice and you should consult your MD). Watch the episode with Tina below.
→ Watch “New Totalitarian Order” conference with Prof. Mattias Desmet & Efrat - use code EFRAT for 10% off
— Support my work —
I was recently banned from Stripe, so I cannot have paid memberships on Substack… but there’s always another way!
.






























