Age Verification
Age verification: prove your age without revealing your identity
Age verification checks whether a person meets a required minimum age, and the aim is not only to satisfy the obligation but to satisfy it with as little data collection as possible.
The moment an online service may only grant access to content or offers above a certain age, it faces a dual requirement. It must check the age reliably enough to meet its duty of protection. And it must not collect more personal data than that check strictly needs. The two goals look opposed, but they are not: there are methods that prove an age without revealing the identity. This page sets out the legal drivers, contrasts the technical methods from the simplest to the most privacy-preserving, and shows where an implementation breaks in practice.
Why at all: the legal drivers
Age verification is rarely an end in itself; it follows from an obligation. Four drivers come together in Swiss and European practice:
- Youth protection. Children and young people are to be protected from unsuitable content. In Switzerland the Federal Act on the Protection of Minors in the Areas of Film and Video Games (JSFVG, SR 446.2) provides the basis. Together with its ordinance it partially entered into force on 1 January 2025 and requires nationally uniform age labelling and age control for films and video games, including for online platforms. The sectors have a transition period to draw up their own youth-protection rules.
- Platform and market regulation. In the EU, the Digital Services Act and accompanying guidelines oblige online platforms to protect minors from risk, with stricter duties for very large platforms (VLOPs); depending on the risk and the service, proportionate age-assurance measures may be needed. Where an AI system is used for age estimation, the risk logic of the EU AI Act applies on top.
- Sector-specific thresholds. Alcohol, tobacco, gambling or adult content each carry their own age limits that follow from special legislation.
- Data protection as the counterweight. Every check processes personal data and therefore falls under the revised Swiss Data Protection Act (revFADP) and, where there is an EU nexus, the GDPR. The European Data Protection Board (EDPB) adopted a dedicated Statement 1/2025 on Age Assurance on 12 February 2025. It holds that the check must be proportionate and as little intrusive as possible and must not enable further profiling.
The last point is the central tension of this page. The duty to check and the duty to minimise data apply at the same time. The technical choice decides whether they contradict each other or fit together.
The methods compared
The common methods can be placed on a scale that rises with how deeply they intrude on privacy. One distinction matters: age assurance is the umbrella term, age verification is the strictly checking part of it, while age estimation only yields a probability value.
- Self-declaration. The person confirms their age by a click or a date of birth. Data-frugal but barely robust, because nothing checks the claim. It works as a hint, not as proof.
- Age estimation. A method, often AI-assisted via a selfie or via usage patterns, estimates the likely age. It offers no certainty but can be data-frugal if the image is processed locally and not stored. As an AI system it falls, depending on its design, under the EU AI Act and raises questions of accuracy and bias.
- Document check. An ID card or passport is checked, usually via a third-party provider. Robust but data-intensive, because far more information arises than the pure age question needs. The biggest data-protection risk appears here when ID data is stored.
- Attribute-based proof. A trusted party confirms a single attribute once, for example "over 18", and issues a reusable proof for it. The service learns only the yes-or-no answer, not the date of birth and not the identity.
Attribute-based proof is the lever that lets the obligation and data frugality combine. This is exactly where the privacy-preserving architectures described in the next section start.
Privacy-preserving and double-blind
The core of a privacy-preserving solution is separating the parties so that no one sees the full picture. In a double-blind construction the service that needs to know the age does not learn the person's identity, and the issuing party that knows the identity does not learn at which service the proof is presented. What is checked is solely the statement "above the threshold", not the date of birth.
Technically, two building blocks carry this. Attribute-based credentials transport only the one needed attribute. Zero-knowledge methods can prove the threshold statement without disclosing the underlying value. On this basis the European Commission developed a blueprint for an age-verification solution and published it on 14 July 2025; the app that grew out of it was reported feature-ready on 15 April 2026. As the Commission describes it, it lets a person prove they are above an age without sharing further personal data, can be used as a standalone application and is built on the same technical specifications as the future EU Digital Identity Wallet. Which of these properties apply in a given case depends on the concrete configuration and the national implementation.
This separation links the age question to the broader Digital Sovereignty: checking without collecting the identity builds data protection into the technology instead of merely promising it.
How a check runs
The sequence below shows a privacy-preserving check. The decisive point is that the identity stays with the issuing party and the service receives only the yes-or-no answer:
flowchart TD
A["Service requests<br/>proof of age"] --> B["Person presents<br/>attribute proof"]
B --> C{"Attribute met?<br/>above threshold"}
C -- "Yes" --> D["Access granted,<br/>no plaintext date of birth"]
C -- "No" --> E["Access denied,<br/>no record created"]
D --> F["Proof discarded,<br/>no storage"]
E --> F
The most important step is the last. A check that does not discard the proof after use but stores it reverses the data frugality and creates exactly the risk the whole construction is meant to avoid.
Where age verification breaks
- Data collection instead of checking. Storing ID documents in full instead of only checking the age statement creates a data hoard. Breaches at verification services have shown that this hoard becomes a target.
- Sham check. A mere click confirmation satisfies the form, not the purpose. It deters no one and carries little legal weight.
- Estimation sold as certainty. Age estimation yields a probability, not a guarantee. Treated as firm verification, it produces both wrongful blocks of adults and minors let through.
- Exclusion instead of access. Methods that require a smartphone, a particular app or an official ID lock out people who do not have them. A viable solution needs a second path.
One design, several obligations covered
A solution that checks the age via an attribute-based, double-blind proof covers several obligations with a single architecture, because it reduces the data collection while still enabling the age check. This pairing of regulatory obligation and demonstrable data frugality is the real gain for any organisation: the control obligation can be met without building a data hoard. For Swiss organisations several layers meet here, the JSFVG with its control obligation for films and video games, the revFADP with its limit on the data collected, and, where there is an EU nexus, the GDPR; a double-blind proof supports all three at once. The broader technical view on evidence and control is described by the Compliance page.
References
- European Commission European age-verification app to keep children safe online. Announcement of the feature-ready, anonymous age-verification solution based on the EU Digital Identity Wallet. (15.04.2026). commission.europa.eu/news-and-media/news/european-age-verification-app-keep-children-safe-online-2026-04-15_en
- European Commission Blueprint for an age-verification solution to protect minors. Privacy-preserving approach: prove being above an age without disclosing further data, interoperable with the EU Digital Identity Wallet. (14.07.2025). digital-strategy.ec.europa.eu/en/policies/eu-age-verification
- European Data Protection Board (EDPB) Statement 1/2025 on Age Assurance. Ten principles for data-protection-compliant age assurance, including proportionality and data minimisation. (12.02.2025). www.edpb.europa.eu/our-work-tools/our-documents/statements/statement-12025-age-assurance_en
- Swiss Confederation Federal Act on the Protection of Minors in the Areas of Film and Video Games (JSFVG, SR 446.2). Nationally uniform age labelling and age control, partially in force since 1 January 2025. (30.09.2022). www.fedlex.admin.ch/eli/cc/2024/331/de
Related topics
- EU AI Act, the risk logic for AI-assisted age estimation.
- nFADP / revFADP, the data protection that limits the data collection.
- Compliance, the technical view on evidence and control.
- Digital Sovereignty, the sovereignty layer behind the data-frugal proof.
Ask AI
These links open external AI services, the conversation and its content are sent to their providers.