The only thing you should verify is photo. Because you can't really verify an ID either (other than checking a photo). So QR code should just encode a photo URL (and sign it) and QR scanner should display that photo.
Currently the image is retrieved via a very powerful distributed database with embedded authentication, consisting of millions of wallets and handbags. The authentication key is the name and date of birth, and is printed on both the pass and the medium that stores the image.
May be it's possible to encode some kind of low-res compressed image in QR-code? I did not run the math. Or may be it's even possible to scan photo from smartphone display, run some kind of image hash and compare it to hash inside QR-code. This way it would be possible to work completely offline. I think it's called perceptual hashing, though I'm not sure if it's cryptographically secure.
The issue is not about compression (well, it could be).
It is is about the authority that delivers the QR code: if it doesn't have the data (photo) it can't produce the QR code.
For example, I have been vaccinated in April, long before the green pass appeared. No one took my picture at that time (and that's not the task of doctors to take pictures and store them in central database, for privacy reasons). I still deserves a QR-code to go out of home.
In France we have ID cards which can link a photo to the name and birth date. So encoding name and birth date in the QR-code are enough.