1. These 'digitally signed attributes' (example: 'age: 19') are consistent across services. So if you attribute is leaked in a way that it connected to other PII, then everyone with the attribute will know your PII.

2. These attributes are generated by a central authority. Presumably the goal would be to have governments issue these attributes. Regardless, whatever verification you do with the central authority will reveal your identity, and they can always determine your PII from the attributes they created.

[0] https://irma.app/docs/what-is-irma/