Sort of, but not really. They have a design document for how ZKP-based age verification would be implemented in the white-label prototype app, but it is my understanding that the first implementation to be rolled out in the early adopter countries like mine (Denmark) will be based on "trust me, bro" central verifiers who promise not to do logging, with ZKP mentioned as a possible future alternative. Until I see the requirement of ZKP or equivalent provable zero-trust privacy guarantees in the law, I consider the promise of ZKP as a distraction (lie) to shut down the harshest criticism.

Google Play Integrity is not a requirement, but governments think it is. All you need to avoid trivial duplication of certificates is that keys are bound to a device which is also able to perform the primitive cryptographic operations needed to construct a ZKP proof. This could be achieved using a USB dongle. Still proprietary technology, but the scope of what needs to be locked down is much, much smaller than with a solution like Play Integrity.

One method would be to use the same key that you use to hold some cryptocurrency, so if you share then you risk losing a bond.

Of course it's not ideal to make everybody hold crypto just to use online services, but maybe we can approximate that in other ways. Say, have the private data include name/SSN/DOB and maybe a credit card number, require the user to enter that stuff (or have browser do it), prover checks that it's all correct. Combine that with a challenge/response so proofs can't be reused. User can't share credentials without risking identity theft. Downside is more openings for local malware to succeed in identity theft, but maybe that's better than sending full credentials to big juicy central locations.

A third option would be to give everyone a hardware key that's hard to copy, but that would get expensive.

I think the best idea is to just skip age verification and keep the good ol' internet we've enjoyed for decades.

I assume they are solving this with secure enclaves creating one-time signatures.

I saw a presentation about this 6 months ago, it looked promising for age verification for example, it's even an already done system, not a research article.

https://github.com/microsoft/crescent-credentials

But of course the thing would need users in order to attract users.

These topics are political and I seriously doubt these types of solutions are what the politicians are looking for. In fact, they are the exact opposite of what they are looking for because it takes away the excuses they are using and would lay bare what they are actually trying to do. BTW, I'm not suicidal and I bet you aren't either.

They care the way a cheetah cares about gazelles.