The person nominated by that company as their age verification guardian? Or the CEO. Or both. The defence for either could be that they took reasonable steps to know what was going on in their companies or were actively mislead.

This isn’t complicated. If it’s the law companies should comply. Fines won’t make a difference to corporate behaviour but this Might.