I'd have thought an OAuth flow to a government run ID system, to create an account you first must verify your age by redirecting to the ID provider logging in via FaceID/Fingerprint to verify it's you and then you are redirected back to the original site with a verification code.
Admittedly on paper that means the Gov system would know which sites you were approved for, not logging that would require legislation to not store these logs.
Admittedly on paper that means the Gov system would know which sites you were approved for, not logging that would require legislation to not store these logs.