Considering this, can a Data Holders (DH) support one of those two algorithms mentioned, or is it mandatory to support both algorithms to be compliant with the Consumer Data Standards (CDS)?
As per the CDS, a DH has the discretion to choose their preferred algorithm, either PS256 or ES256. The DH may support both algorithms if desired.
DHs must publish their support via
request_object_signing_alg_values_supported to allow for negotiation with the Accredited Data Recipients (ADR) clients.
If the DH does not publish its algorithm support, it is assumed the DH supports any of the recommended algorithms.
ADRs must support both algorithms because different DHs may support different algorithms.