That's true, but as this is only a small part of the larger project, it's also targeting a very specific part of legislation.
The README for the age verification spec specifically calls out article 28 of the DSA and the Louvain-la-Neuve Declaration. Neither is aiming to be the mandated age verification mechanism for every single website, but rather a specific tool to solve a specific problem: age limits on social media and big tech websites.
If, or, seeing Denmark's recent bullshit: when, we do get mandatory age requirements, it'll be part of new legislation that will likely take years to go into effect, and, seeing how long it took websites to comply with the GDPR, will start affecting most websites even later. This isn't the doomsday law that I would've expected to come from the US if they were to write something like this, and using privacy-first cryptography does give me some faint hope that this isn't just a big performance to hide malicious intent. This could've been as bad as eIDAS 2.0 with the QACs and other unreasonable technical requirements.
The README for the age verification spec specifically calls out article 28 of the DSA and the Louvain-la-Neuve Declaration. Neither is aiming to be the mandated age verification mechanism for every single website, but rather a specific tool to solve a specific problem: age limits on social media and big tech websites.
If, or, seeing Denmark's recent bullshit: when, we do get mandatory age requirements, it'll be part of new legislation that will likely take years to go into effect, and, seeing how long it took websites to comply with the GDPR, will start affecting most websites even later. This isn't the doomsday law that I would've expected to come from the US if they were to write something like this, and using privacy-first cryptography does give me some faint hope that this isn't just a big performance to hide malicious intent. This could've been as bad as eIDAS 2.0 with the QACs and other unreasonable technical requirements.