I was working on a similar concept as a hobby project with PKI. The idea being that governments would have a digital registry with citizen information and issue a certificate to be stored in a Secure Enclave on a device.

When a client attempts to access an age-restricted URL, the server redirects to a custom URI scheme which begins a negotiation for requesting verification. The server signs a message and provides it to the client. The client verifies there’s not additional info or metadata before encrypting. It then forwards to the government server. The government server decrypts the message and signs a response. This goes back to the client which forwards to the server.

I haven’t fully ironed out all the details but got so far as nearly completing the server-client negotiation. The tricky part is ensuring each stage prevents MitM tampering while allowing the client to see what is in a request so that there’s no metadata which would allow a site to track the user, nor a government to track sites a user accesses.