X could add this today. We have the technology.

To their credit, they do have an optional ID verification flow, but it requires uploading an image of your ID, which is then shared with 3rd party verification services (Au10tix / Stripe), with some PII retained.
In some cases this might be required by law, but for simply preventing spam accounts it’s likely overkill.
Using zero-knowledge proofs, you could tap your phone on your passport to provide X with a cryptographic proof that you are a citizen of some country, without revealing your real identity.
Projects like @openpassportapp demonstrate that this is possible. And if we’re lucky, operating systems will make these sorts of privacy-preserving identity primitives available to app developers out of the box.