The third party company shouldn't ever need to see the IDs, either. Same issue.

When governments do things the wrong way around, like mandating age control before they have a method for doing that in a secure manner, what's a company to do?

Good question. I'm not primarily blaming Discord or the other company for this (even though they both obviously share some responsibility, too) — I'm blaming government/legislators. I'm arguing that the government agencies/departments that own the relevant forms of ID should have been required to develop the capability to facilitate this sort of secure ID verification _years_ ago. Instead policy makers ignored reality and rushed through this legislative hatchet job... and here we are yet again. As anybody who's been awake during the last few decades could have predicted.

Tangent: I've regularly been required to provide copies of my ID to all kinds of businesses simply to function in society — i.e. in practice there is no realistic option to opt out. Want to rent a house? X points of ID. Want a phone? X points of ID. Pretty much every real estate agency in town has copies of at least my driver licence. And they in turn share my details with tenant database companies, credit reporting agencies and so on. Do you think many of these businesses have good data handling practices? Of course they don't. And so all my details are available for purchase in bulk data sets on the dark web, and get refreshed by new data breaches every few years. And yet government still treats it as somehow unexpected each time this happens, or wags its finger and bemoans those naughty criminals, instead of developing any kind of policy that would start to address the underlying issue... which is that our personal details are spread so far and wide in the first place.