The European Commission's April 2026 age verification framework, built on software-based Zero-Knowledge Proofs (ZKP) atop the European Digital Identity (EUDI) Wallet, fails to achieve its stated privacy guarantees due to a structural enrollment binding problem: any ZKP scheme whose trust root is a government identity credential inherits that credential's linkability at the point of issuance. This paper proposes a replacement architecture based on hardware bearer credentials — physically issued FIDO2 tokens whose identity binding is discarded immediately after issuance — combined with an anonymous hardware-handle revocation list, offline kiosk enrollment, and a self-funding economic model. The proposal is technically feasible with current production technology, financially viable at EU procurement scale, and operationally self-sustaining through a €10 citizen co-payment at issuance plus a €30 replacement fee. A cost model for national deployment using Italy as a case study demonstrates that the system requires near-zero net public expenditure. The primary novel contribution is a game-theoretic mechanism embedded in the replacement fee structure that renders secondary market trading of credentials economically irrational without requiring any surveillance of credential holders.
meowmeowbeanz et al. (Wed,) studied this question.