I'd have thought an OAuth flow to a government run ID system, to create an account you first must verify your age by redirecting to the ID provider logging in via FaceID/Fingerprint to verify it's you and then you are redirected back to the original site with a verification code.

Admittedly on paper that means the Gov system would know which sites you were approved for, not logging that would require legislation to not store these logs.