Ah, and the sites (or whatever else) can then verify the key is valid locally? Assuming that is the case, that'd make for a surprisingly nice system, further assuming that the produced credential is not reversible. I'm highly cynical and so I expected it to be a backdoor for surveillance as it feels like most things under the pretext of 'won't anybody think about the children' are.

The site can verify the signature of the presentation document using the public key of the credential issuer, yes. Each presentation is generated on demand to avoid identity tracking (sites could collide to to track presentations otherwise).