2A just says that if the e.g. client request headers say the age bracket, the server (dev) can trust the reported age, but also shall not ignore it on purpose. No "just ignore the do-not-track flag" escape hatch here. "A bartender can't willfully refuse to check someone's ID if they are presented with it."

For incorrect OS answers, keep reading. 3B covers what happens if there's clear and convincing evidence that the age covered in 2A is inaccurate. (Reported profile birthday, for instance) This is "if someone shows a bartender a valid drinking-age ID but says they're celebrating their 17th birthday, this can't be ignored".