If you need to do any kind of public administration in Belgium, such as perform transactions with city hall or the tax authority, for most uses you are redirected to eid.belgium.be to login using a smartcard reader. A PIN and eID serve as the 2nd factor when authenticating on this site.
But eid.belgium.be blocks Tor. Isn’t 2FA enough? Why would the confidence in their security be so low that they are skiddish about someone’s IP address? IMO it’s unlikely that their security confidence is that low. Most likely they want to track the IP address and thus day-to-day of every citizen. Otherwise it makes no sense for this service to block Tor, which mushrooms into being blocked from accessing many essential services.
This is why the right to be analog is important. I think someone in Denmark is working on that. Belgium has an org called something like the gang of angry elders working on the right to be analog.
They probably got a lot of attacks and used an IP filter list that also includes Tor. I have seen this behaviour with some of our customers. They don’t know what Tor is and just check the boxes next to Tor exit nodes (which sometimes attack, but not really bad) along with some VPNs the bigger attacks originated from.
Also, when they use services that protect vs DDOS it often accidentally blocks Tor, because some CAPTCHAs don’t work with Tor or Tor Browser.
I’m not sure what their excuse is but there aren’t enough exit nodes to DDoS a nation state. They are performing an essential but very light service which should involve very little traffic, so competency seems to be lacking. AFAIK they do not do the heavy lifting of all the websites who use them. They just get used for logins. The site that redirects to them does all the work before and after authentication.