Perspectives

For years, online age verification has relied on the honor system: tick a box, choose a birth year, and move on. But as regulators move to protect children in digital spaces, including in the EU, that era is ending. The European Union is one of the leaders in a fundamental shift in how age is verified online. This isn’t just about regulatory compliance—it’s about building the infrastructure to support trust, privacy, and safety at scale.

Why traditional age gates are falling

Traditional self-reporting methods are easily bypassed and provide little real assurance that users are the age they claim to be. While sensitive content and services have long been available online, what has changed in recent years is the growing awareness among the public and regulators of just how accessible this material is to minors, and the potential impact such exposure can have on their mental health and well-being. This increased understanding has led to a surge in regulatory initiatives and a renewed focus on developing more effective age verification solutions.

The Digital Services Act (DSA), which came into effect across the EU in 2024, has raised the bar for online platforms. The DSA requires platforms to implement “appropriate and proportionate” measures to protect minors, including robust age verification processes that genuinely prevent underage access. Simple self-declaration is no longer enough—regulators now expect technical solutions that balance security with privacy and ease of use. With the DSA’s heightened requirements and growing public concern over children’s online safety, it’s clear that traditional age gates are no longer fit for purpose. This has driven a wave of innovation in privacy-preserving, trustworthy age assurance across Europe.

Europe’s new technical approach

The European Commission’s push for age assurance is rooted in a broader strategy to harmonise online child protection across the EU, responding to both regulatory mandates and years of consultation with privacy experts, industry, and civil society. Rather than relying on outdated methods that simply ask users to self-report their age or submit easily falsifiable information, the Commission is now encouraging a privacy-preserving, multi-layered approach to age assurance.

This new direction draws on recent technological advances and pilot projects, as well as input from stakeholders across Europe. The goal is to balance effective protection for minors with strong privacy safeguards for all users. Importantly, the EU’s approach is explicitly designed to avoid profiling or tracking individuals, addressing a key concern for both regulators and the public.

Among the tools being tested in EU pilots and industry projects, three common technologies have emerged as leading options :

• Biometric age estimation analyzes facial features or voice to estimate age—without storing personal data. Companies like Yoti and Veriff offer solutions that report high accuracy in distinguishing under-18 users, while prioritizing privacy by not retaining images or sharing personal data.
• Cryptographic proofs allow users to confirm they meet age thresholds (e.g., over 18) without revealing their actual birth date, using tokens issued by trusted authorities.
• Device-based signals use indicators like parental controls, app usage, or account history to estimate likely age. While less precise, they offer a low-friction first step.

A critical debate emerging from these pilots is where age verification should occur in the digital stack. While the DSA places liability on platforms, driving platform-level solutions, industry voices are split on alternatives: device-level verification (via operating system parental controls) could reduce user friction but raises monopolization concerns, while browser-level solutions promise seamless cross-site verification but are not widely adopted and are less applicable to mobile apps, which typically lack shared browser infrastructure. The EU hasn’t mandated a specific approach, instead favoring flexibility to accommodate the diverse range of services, devices, and user scenarios where age verification may be needed.

Infrastructure in motion: the EU’s white-label app

Meanwhile, the Commission’s white-label app has created tension with private providers like Yoti and Veriff, who view it as direct competition rather than enabling infrastructure, arguing it undermines European businesses that already have market-ready solutions.

A core component of this harmonized rollout is the white-label age verification app, developed by T-Systems and Scytáles. Launched in mid-2025, the app builds on existing digital ID systems and enables users to verify their age using government or bank credentials, all while preserving privacy. It’s customisable at the Member State level but remains interoperable across borders, supporting a harmonised approach. By bridging current practices with the upcoming EU Digital Identity Wallet (expected in 2026), the app not only streamlines compliance with the DSA’s requirements for privacy-preserving age checks, but also offers a standardized, future-proof alternative to conventional approaches—such as uploading ID documents or answering personal questions—that can be cumbersome and raise privacy concerns.

The rollout is being actively tested through pilot programs in France, Spain, Denmark, Greece, and Italy. Denmark, during its 2025 Presidency of the Council of the European Union, has prioritized child online protection and is among the first to test the EU’s app, reflecting its commitment to both practical implementation and policy leadership.

These trials are testing solutions in real-world conditions, focusing on:

• User adoption across age groups
• Accuracy of biometric and device-based systems
• Privacy protections in cryptographic tools
• Drop-off rates during verification
• Cross-border interoperability

Initial findings suggest no one-size-fits-all model—platforms must remain flexible while adhering to common standards.

What industry needs to solve

For platforms, age verification is no longer a simple compliance box to tick—it’s a complex, multi-dimensional challenge that touches every part of their operations. Integrating robust verification flows across onboarding, content access, and payments must be done without harming user experience. The technical and financial demands are significant, with costs varying widely depending on platform size and chosen methods.

User adoption is another hurdle. More intensive checks, while improving accuracy, can lead to higher abandonment rates—industry observations suggest notable drop-off, especially in high-friction flows. Platforms must also strike a delicate balance between privacy and accuracy: collecting more data can enhance verification but may conflict with GDPR and other privacy regulations. Meanwhile, cross-border coordination remains a persistent challenge, as national preferences and legal frameworks vary, making technical interoperability essential.

Non-compliance with the DSA carries real consequences, including fines of up to 6% of global annual turnover, mandatory audits, and, in severe cases, temporary service restrictions.

What organisations should do now

Europe is setting a new global standard for digital age verification, blending innovative technologies with strong political leadership and harmonised EU-wide solutions. The launch of the EU’s age verification app, pilot programs, and the upcoming Digital Identity Wallet signal real progress toward safer, privacy-first online experiences for children. While integration and user experience challenges remain, these efforts point to a future where age assurance is secure, efficient, and seamlessly integrated. Organisations—both service providers and platforms—should begin by auditing their current age verification processes and piloting multiple technical approaches to discover what best fits their users. Just as importantly, it’s vital to actively engage stakeholders across your business and industry to help shape the evolving Europe-wide solution so it aligns with your needs and interests. Proactive collaboration and open communication can turn regulatory challenges into opportunities for innovation, even for smaller players who may otherwise feel overwhelmed.

At Trilligent, we guide organizations through Europe’s evolving compliance landscape. Age verification has become a complex technical and strategic priority—far more than a simple compliance exercise. With teams in Brussels, London, and Washington, we’re here to support you from DSA risk assessments to full-scale deployment. Engaging proactively with these changes helps build digital trust, protect users, and future-proof your business.