Government banning insecure open standards and then not providing a secure open standard is atrocious. If I must have an official authorizing thing to prove I'm who I say I am, make it as small as possible.
If you mandated that they have to support Yubikey or whatever on open platforms I'd take that as a decent alternative. But just "no you must use a device controlled by somebody else" is not acceptable.
YAS!! The option is to provision an key from a server tied to a national id and downloadable only to specific device. BUT NO!!! Just ban things instead of doing the right thing!
If you mandated that they have to support Yubikey or whatever on open platforms I'd take that as a decent alternative. But just "no you must use a device controlled by somebody else" is not acceptable.