Technical Specification Atlas // Sheet 01 of 01 // Rev D // 2026-04-21

Subdermal
Chip Implants
Evidence Map

A compiled comparative reference for the consumer and biohacker subdermal chip implants you can actually buy in 2026 — NFC/RFID transponders, cryptographic secure‑element JavaCards, neodymium finger magnets, LED and temperature-sensor chips. Filter by what you want the implant to do, not by vendor copy.

Not medical advice. Not legal advice. Not a trip report.

Technical Drawing Register

Project

CHIP-IMPLANTS/2026

Drawing No.

CI-2026-0421-001

Scale

1:1 (full evidence)

Date

2026-04-21

Compiled

Research agent

Fact-checked

Critique agent (AI)

Verified firsthand

No — evidence review only

RevD

StatusPublic

ClassOpen

TL;DR — Executive Summary

State of the Market

In 2026 the consumer chip-implant market is small and concentrated around two US sister companies (Dangerous Things and VivoKey Technologies), one EU-only payment vendor (Walletmor via iCard), one temperature-sensor OEM (DSruptive), and a handful of regional resellers (KSEC UK, Upgraded Humans/I Am Robot Germany, Chip My Life Australia).

What you can realistically do with an implant splits sharply by price: a $25–$150 passive NFC/RFID chip acts as an access-control token, a business-card replacement, and a low-security identifier; a $349–$449 VivoKey Apex Flex acts as a FIDO2 passkey, OpenPGP card, TOTP generator, Bitcoin / Ethereum / Tesla keycard, and HMAC token — but not a payment card; a €499 Walletmor is the only live payment implant and only for residents of 31 EEA countries, with all UK and US customers from 2022–2023 already cut off by their payment partners.

Safety evidence for Schott 8625 bioglass-encapsulated x-series implants is reassuring (FDA-cleared since 1994; a 6-year canine study showing stable fibrous encapsulation; a peer-reviewed 3 T MRI study measuring 1.9°C heating with no function loss), though aggregate human infection rates have never been published and magnetic implants must be removed before MRI.

Regulation is a grey zone — neither FDA nor EU MDR treats these devices as medical because vendors disclaim medical claims — and 14 US states now ban employer-mandated implants, but no employer has actually tried to mandate one.

~30products

Orderable in 2026

dim. a

$25–$540

Price range USD

dim. b

1–5cm read range

Chip-to-phone

dim. c

14states

US enacted bans
of mandated chipping

dim. d

1.9°C @ 3 T

Peer-reviewed MRI
heating (Spark 2)

dim. e

Reader-Goal Quick-Picks

Start Here

Product Catalog — Comparison Grid

Core Artefact

0 products match current filters · prices check: 2026-04-21

Capability Matrix

Condensed Detail E — DWG-042

Cross-tab of what each class of implant can actually do. ✓ supported out of the box · ◦ conditional or partial · dot = not supported. Drawn from 03-capabilities.md. C1

Capacity caveat. On an 83 kB Apex Flex a realistic configuration is 3–5 headline applets; FIDO2 (~42 kB) + PGP + TOTP + Keycard + Satochip already exceeds capacity. Several applets share AIDs and cannot coexist. Payment is not an Apex capability — Fidesmo Pay is not authorised for implants.

Safety & Longevity

Structural Analysis

Schott 8625 bioglass (VivoTag®) — soda-lime-silicate glass, FDA-cleared for humans since 1994 (C2 on date, widely corroborated), used on virtually all x-series and pet chips. 6-year canine study shows stable fibrous encapsulation from month 12 onward. Exact wt% composition is proprietary C5. Ref: Schott VivoTag technical sheet · AVMA microchip literature · S.01
MRI, peer-reviewed. Sautter, Sautter & Shellock 2022 (Magn Reson Imaging 92:82–87) measured 1.7°C heating at 1.5 T and 1.9°C at 3 T on a VivoKey Spark 2. No displacement in intended in-vivo position. Device labelled MR Conditional at both fields in Normal Operating Mode (SAR ≤ 2.0 W/kg). By material analogy this extends to DT bioglass x-series of similar form factor. C1 Ref: DOI 10.1016/j.mri.2022.06.002 · S.02
Magnetic implants must be removed before MRI. Unambiguous across vendor docs and community consensus — xG3, Titan (discontinued), m-series, finger magnets. Neodymium is strongly ferromagnetic; torque, heating, and image artifact make the scan unsafe. Ref: DT xG3 product page · Forum threads · S.03
Flex family is not peer-reviewed for MRI. Amal Graafstra's assessment: “by all accounts it should be safe… but not tested.” Flex has less magnetically saturable ferrous material than x-series — first-principles analysis suggests equal or better — but this remains C5 until tested. Ref: forum.dangerousthings.com · S.04
Infection is the dominant real-world risk, not MRI or migration. Only one peer-reviewed human case report exists: Schiffmann, Clauss & Honigmann 2020, JBJS Case Connect 10(2) — pan-sensitive S. aureus in a middle-finger chip, resolved with removal + amox/clav + intrinsic-plus splint. Full recovery. No aggregate rate has ever been published for consumer chip implants. C1 Ref: DOI 10.2106/JBJS.CC.19.00399 · S.05
Migration rate extrapolated from veterinary literature (pet chips) is 0.6%–1.6%, usually benign — tag still reads, just not where expected. DT x-series chips are deliberately not coated with BioBond/parylene to keep removal easy; the trade-off is some first-weeks drift. Amal's rule: “you're fine as long as it doesn't cross the bone, cause pain, or restrict range of motion.” Ref: AVMA · 6-yr canine study · S.06
Removal. x-series: minor procedure — local anaesthetic + ~1 cm incision + Steri-Strip or single suture. Flex: larger incision, tissue adhesion, more visible scarring; complication rate not studied C5. Magnets: scalpel + taper; installer must avoid ferromagnetic tools. Farzad et al. 2024 recommends a low threshold for removal with any soft-tissue reaction or infection. Ref: PMC11331163 (J Hand Surg Global Online, 2024) · S.07
Payment-implant lifespan ≠ chip lifespan. Walletmor's current EU batch expires 05/2029; after expiry the EMV credential is dead but the tag remains readable as an NFC UID. US Walletmors (Purewrist batch) all expired simultaneously July 2023. UK died March 2022 when MuchBetter/Mastercard pulled support. Ref: walletmor.com/pages/faqs · DT forum threads · S.08

Installation Locations

L#/R# Convention (Graafstra 2020)

Flex rule. Flex implants must not be placed at L0/R0 (constant thumb-index flexion) or L5/R5 (knife-edge impact). One flexM1 installed at P0 came out “bent like a banana” after ~1.5 years from coil-weld fatigue. Orient Flex long-axis parallel to a single metacarpal, never crossing bones.

Security & Privacy

Cloning Posture by Class

Detail SEC-A · DWG-070

125 kHz LF — trivially cloneable (by design)

xEM, dT5, and any T5577 emulator are identification, not authentication — no cryptography in the protocol. Proxmark3 or ChameleonMini reads EM41xx / HID Prox / Indala and writes to an xEM in seconds.

Detail SEC-B · DWG-071

Mifare Classic — publicly broken

Crypto1 stream cipher reverse-engineered since 2008 (Nohl/de Koning Gans/Courtois). Keys recoverable in seconds on commodity hardware. xM1 and xMagic are deliberately writable-UID clone platforms.

Detail SEC-C · DWG-072

HID iClass legacy — broken; SE/SEOS ≠ available

INCrypt32 reverse-engineered 2011 (Garcia et al.); master keys published. flexClass handles legacy iClass only. iClass SE and SEOS are not available in any implant form factor — HID does not license SEOS to implant makers.

Detail SEC-D · DWG-073

DESFire EV2/EV3 — no public cloning attack

Hardware AES-128 + per-application keys. EV2 rated CC EAL5+ with proximity-check against relay. Strength reduces to the deployer's key-management — default keys or key leaks are the real risk, not the cipher.

Detail SEC-E · DWG-074

Apex Flex / flexSecure — EAL 6+ JavaCard

NXP P71 smart-card IC (NSCIB-CC-180212-CR5, PP-0084, CC EAL 6+). JavaCard 3.0.5 platform. Hardware RSA 4096, ECC 544, AES, 3DES, SHA. Applets inherit platform integrity; not individually certified. Bryan Jacobs' FIDO2Applet is WebAuthn-compliant but no chip implant is on the FIDO Alliance certified-authenticator list.

Detail SEC-F · DWG-075

FIDO2 on Apex — platform caveats

Works well on Windows + PC/SC reader; resident keys with PIN + UV. Android (Oct–Nov 2025, unresolved): Chrome + Google Play Services coerces UV=preferred and resident keys are not persisted. iOS: 20-second Core NFC session + APDU retry pattern can lock the chip ([6985]). Recovery needs Android or PC/SC. 2FA works everywhere; passwordless is Android-fragile.

Detail SEC-G · DWG-076

Range-based skim attacks

Realistic implant-to-phone: 1–5 cm. Lab-published hostile antennas: activation to ~25 cm (Kirschenbaum & Wool USENIX 2006), ~100 cm via 2-antenna gate (Engelhardt RFIDsec 2015), eavesdropping ~18 m (Hancke, HF-RFID). No public incident of UID harvesting against a biohacker implant is documented.

Detail SEC-H · DWG-077

Walletmor skim threat

Inherits standard contactless-payment physics. Per-transaction EMV cryptogram means a single skim does not yield a reusable clone the way a Mifare Classic scan would. Main non-technical risk: iCard's ToS forbids modification of authorised wearables, and accounts have been closed when users disclosed implanted status.

Regulation

US + EU + Airport

Consumer chip implants sit in a deliberate regulatory grey zone. Vendors disclaim medical-device status, so neither the FDA (USA) nor EU MDR (Medical Device Regulation 2017/745) treats them as regulated medical devices. The only implantable-in-humans RFID device ever cleared by FDA was VeriChip (510(k) K033440, 13 Oct 2004), discontinued in 2010. No chip implant is CE-marked as a medical device. Biocompatibility is attested at the material level (ISO 10993 / USP Class VI), not at the finished-product level.

US state bans of employer-mandated chipping 14 enacted

State	Year	Statute / Bill	Note

Count as of 2026-04-21: 14 enacted; 13 currently in effect; all 14 in effect once Washington HB 2303 takes effect 11 Jun 2026. Nevada uniquely bans voluntary programmes too (AB 226, 2019; Class C felony). Alabama is uniquely criminal (HB 4, Class D felony). No US employer has publicly required chipping; Three Square Market (2017, ~50 of ~80 employees) remains the voluntary benchmark.

Detail REG-A · DWG-081

FDA posture

Vendors do not market for medical use, so the FDA does not regulate. Dangerous Things writes on every product page: products “have not been certified by any government regulatory agency for implantation or use inside the human body, and use of this device is strictly at your own risk.”

Detail REG-B · DWG-082

EU MDR (2017/745)

A chip marketed for a medical purpose (active-implant monitoring, medical identification) falls under Annex VIII. Current consumer chips are marketed as non-medical and are outside MDR scope. Walletmor's contactless payment is regulated under EU payment rules, not MDR.

Detail REG-C · DWG-083

Airport / TSA

Metal detectors tuned to macroscopic metal don't trigger on ~12 mm implants in community reports. mmWave AIT scanners image surface dielectric inhomogeneities; subdermal passive chips sit below reported detection sensitivity. No peer-reviewed study on biohacker implants at airport AIT. C4

Detail REG-D · DWG-084

Sweden SJ train-ticket pilot

Launched 2017; conductors scanned a chip-stored SJ Prio number. As of 2026 no evidence of active promotion on sj.se; no post-2017 SJ press release references the implant option. Community consensus: pilot quietly ended without a formal announcement.

Community Signal

Forum-Sourced, Not Measured

Qualitative signal from the Dangerous Things forum (primary), r/Biohackers (via search snippets — Reddit API was blocked during research), and a handful of journalism pieces. Structural bias: Amal Graafstra owns both the shop and the forum, so happy-path satisfaction skews high. Long-term DT-audience estimate: ~75–85% satisfied; broader Reddit audience ~60–70%. No systematic survey exists. C2

Top successful use cases What works

Front-door / home lock — the canonical happy path. Appears in almost every positive review.
vCard / URL sharing — conference / networking staple. Most-demonstrated public use.
Office badge cloning via xEM / NExT / xM1 / xMagic on LF HID Prox or Mifare Classic systems.
Tesla Model 3/Y unlock via Apex apex-tesla applet or DT key-card conversion.
FIDO2 / U2F 2FA on Windows + USB PC/SC reader — reliable; primary-factor on Android less so.
EU Walletmor tap-to-pay — “as long as the machine goes beep, they don't care how you pay.”

Recurring complaints Where it bites

Flex antenna fatigue — ~3% major failure rate per Amal on ~160 units/11 months. flexNExT has acknowledged fleet-wide chip failure.
Apex applet-install failure on iOS — 20-sec NFC session + APDU retry locks the chip with [6985]. Recovery needs Android + PC/SC.
Walletmor US collapse (Jul 2023) — single Purewrist batch, all expired simultaneously.
xLED “doesn't light up” threads recur 2019–2025; LF variants damaged by non-compliant Qi chargers.
Old non-TiN finger magnets lose strength over years as coating fails.
Android FIDO2 UV-coercion bug (Oct–Nov 2025, unresolved) — resident keys not persisted.

Regret theme that does appear: “I wish I'd gotten X instead” (xNT buyers who now want an Apex; magnet buyers from before TiN coatings existed). Removals are dominated by MRI-compatibility needs for magnet wearers and placement regret for x-series, not by chip defect. Veterans describe removal more as “loss of ability” than regret.

Sources & Methodology

Confidence, Critique, Disclosure

Detail METH-A

Confidence tiers

C1 primary / vendor page · C2 credible secondary · C3 inferred · C4 anecdotal / forum · C5 unknown. Preserved inline throughout this document rather than flattened to a single “verified” stamp.

Detail METH-B

Primary sources

Vendor product pages (Dangerous Things, VivoKey, Walletmor, DSruptive, KSEC); peer-reviewed papers (Sautter & Shellock 2022, Steffen 2010, Farzad 2024, Schiffmann 2020, Halamka/Juels 2006, Garcia 2011, Hancke, Kirschenbaum & Wool 2006); the Dangerous Things forum; a small number of journalism and government records.

Detail METH-C

Critique pass

An independent critique agent spot-checked 18 load-bearing claims. Corrections applied: Nevada bill is AB 226 (2019) not AB 266 (2021); NTAG216 user memory is 888 B not 886; “enacted vs effective” labelling on state counts was inverted (14 enacted, 13 currently in effect); VeriChip FDA URL demoted from C1 to C2 (URL 404s — K033440 substantiated via Washington Post / Medscape).

Detail METH-D

Known limitations

No aggregate human infection rate has ever been published for consumer chip implants. Reddit's r/Biohackers API was blocked during research — community signal skews DT-forum. Flex-family MRI behaviour has not been peer-reviewed. Spark 2 IC identity is community inference (NTAG 413 DNA). Several vendor pages 404'd during research (m0422a, Cyberise.me, us.walletmor.com) — those specs are C5 at date of writing.

AI disclosure. This evidence map was AI-researched from primary vendor pages, peer-reviewed literature, government records, and community forum archives, then AI-fact-checked by an independent critique pass. It has not been personally verified by any author — no device described here has been tested firsthand. It is compiled, not lived. Use it as a starting map for your own research, not as an endpoint.

All dimensions and prices are approximate and captured on 2026-04-21; vendors adjust frequently. Prices in USD unless noted.
Drawing compiled from research/_summary.md, 02-product-catalog.md, 03-capabilities.md, 04-safety-biocompatibility.md, 05-installation-locations.md, 06-security-privacy.md, 07-cost-availability.md, 08-reviews-community.md, 09-regulation-legal.md, and critique.md.
Do not scale from this drawing. Not medical advice. Not legal advice. Not a trip report.

Rev	Date	Description
A	2026-04-21	Initial research pass
B	2026-04-21	Critique fact-check applied
C	2026-04-21	Revised — NTAG216 memory, Nevada bill no., enacted≠effective
D	2026-04-21	Webapp draft published