Yes, there are two modes, Hyper-V isolation and process isolation, which is similar to how Linux does it.
The kernel version has to do with process isolation not being fully there when Windows containers were initially supported, so they had the limitation the container kernel dependency had to match the host version.
Since Windows 11 this has been relaxed.
The namespacing approach is based on Jobs API.
Modern Windows security relies on several sandboxed components, Hyper-V is always running anyway, also one of the reasons of the updated harware requirements, while this configuration is optional on Windows 10, it is always enabled on Windows 11.