Consent.except.securityLabel should be constrained to tags appropriate for use on data. That is the HCS includes both data tags, and obligations. Where obligations are securityLables appliable to a package of data, but would not be persisted as

Th Consent.except.securityLabel has an existing comment

Not all of the security labels make sense for use in this element (may define a narrower value set?).

This comment is asking if a more constrained valueset should be defined. I am asserting in this comment that the Obligations (handling caveaots) are potentially not useful as data tags. However I am unconvinced that this removal of the Obligations would be useful.

So, either create a sub-set without Obligations (which should then be the one bound in Resource.meta), or remove the exising comment. – note removal from the valueset does not forbid the use of Obligations in this way, it just limits confusion by those not aware of proper use of Obligations as securityLabels.