The enforcement failure is a consequence of the wrong layer. Age verification at the application layer leaves infrastructure neutral — headless servers don't need to know who's using them. Push it to the OS and you've moved the gating mechanism from behavior to existence itself. That's the same category error as trying to regulate arithmetic: the kernel doesn't know your age, and neither does a hash function.