[RGamma]

Yeah, the initial enrollment is pretty problematic without trusted attestation. Reading the wikipedia entry on this, it seems at least the older devices can be fooled into accepting non-live-tissue scans (dunno the SOTA on this) which would enable fake enrollments but also impersonation. Impersonation could be mitigated with MFA at least. Dealing with compromised scanners would probably require a PKI and revocation mechanism, but don't take my word on this.

Seems kinda like a tough problem when you really mean to follow through, especially when making the least amount of concessions. It'd probably be easiest to integrate with existing government systems like eID, but that's region-specific and who knows how trustworthy that is long-term. I guess, there's also these sorta weird identification services that banks use (hold ID card and face into the video feed and variants), but same problem.

As for conceiving such a system in the first place, good luck ;)