You're totally right that it would be easy from a tech perspective to do that. it's a shame that:

(A) most people cannot grasp how it could be that "GovSSO" can attest "This person you just sent our way just logged into GovSSO [with biometric 2FA], and they are at least 16 years old" without the receiving system having any way of knowing who that citizen is or even whether they're 16 or 99.

(B) very real terrible government policies the UK has (like jailing people for speech, and like demanding encryption backdoors that compromise the security, at minimum, of the whole of every British citizen's devices, and at worst every device in the world) incline anyone who's paying attention to assume that the government will somehow use anything related to "ID" and "internet" to do idiotic things like figuring out who owns a Twitter account that committed some wrongspeak so the bobbies can come round them up.

> (A) most people cannot grasp how it could be that "GovSSO" can attest "This person you just sent our way just logged into GovSSO [with biometric 2FA], and they are at least 16 years old" without the receiving system having any way of knowing who that citizen is or even whether they're 16 or 99.

The loophole that every kid everywhere would instantly figure out is that they just need to borrow their mom’s ID, their older brother’s ID, or a pay some Internet service $1 to use their ID.

This is why the services aren’t designed to totally separate the ID from the account. If nothing actually links the ID to the account then there is no disincentive for people to share their IDs or sell their use for a small fee. Stolen IDs would get farmed for logins.

So the systems invariably get some form of connection to the ID itself. The people making these laws aren’t concerned about privacy aspects. They want maximum enforcement of their goals.