So, after many backs and forth, I finally found a way to implement hCaptcha invisible to my forms. I did not use Elements for it, but the suggested Snippets plugin, which I already had. The trick is to create a shortcode that first renders a form and second validates the input server-side via PHP. That works great for the visible captchas.
However, the invisible hCaptcha has some disadvantages (and I guess the same is true for invisible reCaptcha) that causes me to abandon the idea. It would either validate before any fields are being validated or would pop up even if the user does not want to fill in the form. The only options that would work are reCaptcha V3 and BotStop from hCaptcha. The former is not legally usable in the EU, and the latter is not free.
I will use the honeypot method for the time being, although bots become smarter and smell those pots more often than I’d like.