For the government, it seems strictly worse than using multisig.
The same is true for multisig.
How can KYC be enforced on the receiving end? Anyone with non-covenant bitcoin can freely decide how to spend them, including to a KYC address.
So to register a new address with the government, a government employee would have to carry the address(es) over to the air-gapped device and back? Whatever the process is, it seems no different than an air-gapped process to sign a KYC-multisig.
Instead of running an (airgapped) cosigining sever, they’d have to run an (airgapped) whitelist server.