The operative part being "that you can build on top of", because the "ID token" approach means it now has to act as essentially a mini-OAuth-provider for many other websites, not just government services
Yes. But I don’t think this type of regulation should care about whether it’s technically possible to do today. You could make a New York proposal type ban e.g banning algorithmic feeds to minors, even if it’s difficult to tell who is a minor and who isn’t. Social media companies would solve the ID problem or simply stop using those algorithms outright.
