TfL gatelines aren't always 'online' in the peak, AIUI, instead caching touches locally to send in batches. The latency would be far too great otherwise. So there is already a certain amount of offline and batch processing of touches.
Since the Railcard would be associated with the card in the TfL backend (for charging the correct fare at the end of the day) TfL will already know which cards have a Railcard associated with them. So from that perspective it doesn't really matter that the gateline/RID don't know that a card has a Railcard attached.
Offline verification of a card TfL don't control without maintaining an offline lookup table is challenging. It is the simplest solution and already exists for TfLs list of "bad" cards.
The EMV spec does allow for arbitrary data to be written to the general storage of a chip, I believe. Unfortunately this is usually disabled and the storage used for other things (eg. transaction history).
Another alternative would be to write a separate EMV application to the chip to sign as a 'Railcard', but that would need to be done at perso so that's never going to happen.
Realistically, it'll be a lookup table you try to keep in sync, accepting the risk that someone has registered their card with a Railcard and touched in between the last time the table was synced to your device. And then accepting revenue risk that they didn't have a valid Railcard and thus evaded a fare.
Plus, Project Oval is mainly concerned with above ground suburban areas.
Seems a fairly remote risk...
Does it? I've never been challenged at a dateline
It can be configured to reject certain discounted tickets (eg. Railcards, Freedom Pass), or highlight them with a light to be seen by an RPI.
This is common at Paddington EL (rejecting Railcard tickets) and frustratingly no-one is ever interested in seeing the actual Railcard......