For VSD the key actions "Regenerate key" and "Generate key" should be hidden. (This is in the middle part of the view)

done in https://invent.kde.org/pim/kleopatra/-/merge_requests/233

In the bottom part of the view "Generate New Keys" should only be visible for compliant cards. Or at least a "not compliant" warning shown in those cases.

What makes a card compliant? is it just about supporting algorithms that are compliant?

Additionally, the action "Generate OpenPGP key" (which is only displayed for GnuPG 2.3.0+) should be hidden, as they might otherwise appear if the right commits would be backported in the future.

This action was recently removed https://invent.kde.org/pim/kleopatra/-/commit/bd5fb6e84bbab429d88e967792017e3d65bb01f0

What makes a card compliant? is it just about supporting algorithms that are compliant?

That they are listed in the approval document.
It lists the following Smartcards:
◦ TeleSec NetKey 3.0
◦ SLE78CFX*P mit CardOS 5.0, CardOS 5.3
◦ SLE78CLUFX*H mit Yubikey Firmware Version 5.x

Could this be checked by Kleopatra or get the info from gpg?

Kleopatra and likely also gpg have no way to know what products are listed in some approval document. And it would be very problematic to hard-code such a list in Kleopatra/gpg because it wouldn't be possible to update the list if new products are approved (which is very likely).

Then I would propose to add additional text at the top of the tool tip for VSD versions only. Something along the lines of: "Please check with the approval document whether this function is compliant for your smart card model."
Would that be possible?

I'm pretty sure that this should be backported for VSD 3.3.