There's:

-the ID card which trusts the government PKI and has its own private key and certificate

- the application that does some certificate checks and facilitates communication between the card and an eID server

- an eID server which is connected to the PKI and regularly received short lived certificates to present to the card, does revocation checks, validity checks and a bunch of other stuff. Also provides a list of fingerprints of TLS certificates of eID services allowed for the session

- an eID service which opens a session with the eID server indicating requested data and ultimately receives this data from the eID server. They own the legalese certificate of which data they have access to.

- maybe another provider wrapping all this and the required certifications,. compliance and hardware into an easy to use API. But could also all be the same.

It could be argued that the government has influence on the eID server providers - which do the actual communication with the card and are the first to receive the data before passing it on - via access to the necessary PKI, but they're not directly involved in the communication.

I'm not asking what goes to the site. Does the request to the goverment come from the site you visit? Can the government pair the site with your card? They know who they issued the card to.

If the ID card cryptographically signs it, doesn't that mean that it isn't anonymous?

I assume it's a variant of PKI, with everyone trusting the government's root key, and each ID card storing a unique certificate signed by that root key. But an ID card will only have a single certificate, so it would be trivial to see that multiple data snippets were signed by the same certificate - and therefore the same person. That would allow a website to track users across sessions - or even across websites.