• One-time verification through an ID, passport, banking app, or national system
  • Age proof only, with no name or date of birth shared with the website
  • Single-use tokens designed to reduce tracking between sessions

Europe wants a lighter version of the US model

Brussels is also making a not-so-subtle contrast with the American approach. Providers such as Yoti and Persona are already part of the market, but the Commission is plainly wary of systems that lean on face scans, fingerprint checks, and long retention periods. That caution is not theoretical: age verification built on heavy identity collection tends to become surveillance with better branding.

The Commission is promoting open source architecture and leaving room for national or derivative versions from companies such as Scytales and T-Systems. Officials describe the setup as ”triangular”: a trusted third party certifies the age attribute, the website receives only the proof, and the user’s personal data stays elsewhere. The idea borrows some familiarity from Covid certificates, which is probably why regulators keep reaching for that comparison.

The awkward part: phones get shared

There is still a fairly obvious weak point. A better privacy system does not magically stop a minor from borrowing an adult’s phone, credentials, or ID. So the mini-wallet may reduce data collection without fully solving the practical problem of underage access. Technology can be elegant and still get outsmarted by a teenager in five seconds.

Even so, the Commission appears to think this is the best available bridge toward the future EU Digital Identity Wallets, which some member states are expected to implement by the end of 2026. Five countries are already testing the solution, but France and Denmark are reportedly ahead, while Greece, Spain, and Italy lag behind. That uneven rollout is usually where grand digital plans get tested: not in the slide deck, but in the patchy mess of national readiness.

If Europe gets this right, it could become the first serious test of age verification that is both privacy-preserving and scalable. If it gets it wrong, the region will still have built a cleaner version of the same old checkbox. Either way, the era of pretending a click is proof is running out of road.

Source: Wired

Europe is trying to make the internet grow up a little. After years of ”I’m over 18” buttons that amounted to pure theater, the European Commission is pushing a new age verification model that promises to confirm a user’s age without handing platforms their name, birthday, or identity documents. The target is obvious: porn sites and other high-risk services, but the bigger play is to build the plumbing for the EU’s coming digital identity system.

That shift matters because Brussels is no longer treating age checks as a polite suggestion. It is turning the Digital Services Act into an enforcement tool, with penalties that can reach 18 million euros or 10 percent of global annual turnover. The message is simple: if a platform is big enough to shape behavior, it is big enough to carry more responsibility for minors.

Pornhub, Snapchat and the Digital Services Act pressure test

The Commission’s recent investigations have become a de facto test case for how serious Europe is about enforcement. Pornhub, Stripchat, XNXX, and XVideos were all found to rely on one-click age screens that regulators say are nowhere near adequate. Snapchat also came under scrutiny for possible exposure of minors to grooming, illegal goods, and age-restricted products.

This is classic EU policy-making: start with the most unpopular corners of the internet, then build a broader framework around them. The difference now is that the Commission is not just waving a rulebook around. It is looking for technical systems that can survive real-world abuse, not just formal compliance.

How the age verification mini-wallet would work

The proposed answer is an Age Verification Blueprint, or mini-wallet, that works like a stripped-down digital wallet. A user verifies age once through an electronic ID card, passport, banking app, or another national system, then receives a reusable credential for future logins.

The clever bit is selective disclosure. The site does not get a birth date, document scan, or full identity file. It gets a yes-or-no answer to a single question: is this person over 18? In theory, the token is single-use, which makes it harder to stitch together browsing patterns across sites. That’s the privacy-friendly pitch Europe wants to own before the data-hungry versions do.

  • One-time verification through an ID, passport, banking app, or national system
  • Age proof only, with no name or date of birth shared with the website
  • Single-use tokens designed to reduce tracking between sessions

Europe wants a lighter version of the US model

Brussels is also making a not-so-subtle contrast with the American approach. Providers such as Yoti and Persona are already part of the market, but the Commission is plainly wary of systems that lean on face scans, fingerprint checks, and long retention periods. That caution is not theoretical: age verification built on heavy identity collection tends to become surveillance with better branding.

The Commission is promoting open source architecture and leaving room for national or derivative versions from companies such as Scytales and T-Systems. Officials describe the setup as ”triangular”: a trusted third party certifies the age attribute, the website receives only the proof, and the user’s personal data stays elsewhere. The idea borrows some familiarity from Covid certificates, which is probably why regulators keep reaching for that comparison.

The awkward part: phones get shared

There is still a fairly obvious weak point. A better privacy system does not magically stop a minor from borrowing an adult’s phone, credentials, or ID. So the mini-wallet may reduce data collection without fully solving the practical problem of underage access. Technology can be elegant and still get outsmarted by a teenager in five seconds.

Even so, the Commission appears to think this is the best available bridge toward the future EU Digital Identity Wallets, which some member states are expected to implement by the end of 2026. Five countries are already testing the solution, but France and Denmark are reportedly ahead, while Greece, Spain, and Italy lag behind. That uneven rollout is usually where grand digital plans get tested: not in the slide deck, but in the patchy mess of national readiness.

If Europe gets this right, it could become the first serious test of age verification that is both privacy-preserving and scalable. If it gets it wrong, the region will still have built a cleaner version of the same old checkbox. Either way, the era of pretending a click is proof is running out of road.

Source: Wired

Leave a comment

Your email address will not be published. Required fields are marked *