diff --git a/TODO b/TODO
index da248ff296..860e86f5af 100644
--- a/TODO
+++ b/TODO
@@ -62,6 +62,14 @@ Features:
 * pid1: also remove PID files of a service when the service starts, not just
   when it exits
 
+* seccomp: when SystemCallArchitectures=native is set then don't install any
+  other seccomp filters for any of the other archs, in order to reduce the
+  number of seccomp filters we install needlessly.
+
+* seccomp: maybe use seccomp_merge() to merge our filters per-arch if we can.
+  Apparently kernel performance is much better with fewer larger seccomp
+  filters than with more smaller seccomp filters.
+
 * systemd-path: add ESP and XBOOTLDR path. Add "private" runtime/state/cache dir enum,
   mapping to $RUNTIME_DIRECTORY, $STATE_DIRECTORY and such