office@euconsent.eu

PPPA-AGEVER-01-2020: “Outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”

PPPA-AGEVER-01-2020: “Outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”

Home » News » AgeAware » Building a Safer Internet: The Journey to AgeAware®

Building a Safer Internet: The Journey to AgeAware®

As we begin a new year, we wanted to provide you with an update on our significant progress towards establishing a global ecosystem to make the Internet age-aware. We believe this is a fundamental prerequisite for the deployment of a wide-range of safety measures that will create a safer Internet for children.

You will recall that we began down this road in 2021 when euCONSENT was funded by the European Commission to “outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”. We successfully trialed with over 2,000 children and adults, across five European countries a solution modelled on the original European electronic identification, authentication and trust service (eIDAS) that allowed a user to prove their age to one website, then re-use that check on other sites, even if they used a competing age verification service provider.

Just as this project concluded, European data protection regulators, led by the French CNIL and Spanish AEPD, became more interested in the mechanics of age assurance, and proposed more exacting requirements to protect user privacy, beyond the basic safeguards already offered by GDPR.  The French proposed a “double-blind” solution enabled by cryptography, which meant signed age certificates could be generated and supplied to age-restricted websites without any risk the user could be identified by those sites, nor that their activity could be tracked.  The Spanish favoured a device-based solution, placing a particular emphasis on mitigating the risk that age verification could be used to assist predators in finding children online.

In this new context, the consortium that delivered the euCONSENT project formed a new non-profit, based in Belgium, and secured a grant from the Safe Online fund to develop euCONSENT 2.0 – a revised design that addressed these new regulatory requirements.

For the past year, we have been working to design and build the AgeAware™ ecosystem.  This new system is a tokenized solution where a user has the option to retain an anonymised record of an age check on their device which can then be used by other age assurance providers to confirm that user’s age without a fresh age check for a limited period of time.

We have worked with the three age verification providers who are members of euCONSENT ASBL, having been part of the original project team – AgeChecked, VerifyMy and Yoti – to do the detailed design work required to create a proof of concept that will demonstrate this system. So far, we have completed the first two phases of the software build:

Phase 1: Foundational Services (Complete)

Issuer Service
Develop a service to issue secure, verifiable credentials.
Define and implement issuance workflows. Integrate digital signature mechanisms for credential authenticity. Implement logging and monitoring for issued credentials.
Key Service
Manage cryptographic keys securely for signing and encryption.
Build secure key generation, storage, and rotation protocols. Enable role-based access controls (RBAC) for key usage. Ensure compliance with industry cryptographic standards (e.g., NIST, FIPS).

Phase 2: Core User Services (Complete)

Relying Party Service
Create a robust service for verifying credentials presented by users.
Implement validation workflows with minimal latency. Support diverse credential formats and standards (e.g., JSON Web Tokens, Verifiable Credentials). Develop APIs for integration with third-party applications.
Tally Service
Aggregate and report data securely without compromising user privacy.
Design data collection mechanisms with anonymization in mind. Ensure accuracy and integrity of aggregated data. Implement dashboards and reporting tools for insights.
We are now finalising the third and fourth phases of the technical build:

Phase 3: Advanced Privacy and Usability (In Progress)

Anonymisation Service
Protect user identity and ensure compliance with privacy regulations.
Develop algorithms for pseudonymization and k-anonymity. Conduct privacy impact assessments (PIA). Integrate with Tally Service for seamless anonymized reporting.
AgeAware App
Deliver a user-friendly app for age verification and related functionalities.
Design intuitive user interfaces with accessibility in mind. Implement secure authentication and age-verification workflows. Provide seamless interoperability with Issuer and Relying Party Services.

Phase 4 - Optimization and Scaling

Optimization and Scaling
Refine and scale the system to support broader use cases and higher demand.
Conduct performance testing across all services. Implement advanced security measures like zero-trust architectures. Establish comprehensive documentation and developer support resources.

Once complete, we will be auditing and certifying age verification providers so they can join the network with confidence that other members are completing age checks to specified levels of age assurance.

We have also commissioned, through the academics who are part of the euCONSENT team – Professors Simone van der Hof, Sonia Livingstone and Abhilash Nair – a comprehensive and independent academic review considering the child rights and broader human rights impact of this approach. This will be led by Emma Day and Sabine Witting of Tech Legality.

We will then be in a position to demonstrate the proof of concept in live operation. We aim to do this at the Global Age Assurance Standards Summit in Amsterdam at the start of April. We are also submitting the solution for consideration by the Australian government’s landmark age assurance technology trial which will report in June and provide another independent assessment of this innovative approach.

Of course, we do not operate in a vacuum. While we have been working on AgeAware, the European Commission has issued two invitations to tender. The first is for further large-scale pilots of the EU digital identity wallet, addressing four specific use-cases, one of which is age verification. We formed a new consortium with leading experts on the EUDI Wallet from across Europe to bid for this opportunity. The second is for an interim AV app, that the Commission will make available for Member States to deploy to deliver a solution more quickly than the wallet may allow. We’ve volunteered our support to any successful bidder, as we believe the AgeAware app we are already building could be a useful part of the design thinking, with some adjustment to align it more directly with the Implementing Act for the EUDI wallet.

So, while 2024 was a year devoted to our development activities, 2025 will be the year for deployment. We have created what is a relatively straightforward solution to a complex problem that we believe will meet the requirements of users, regulators and age-restricted platforms. It will enable cost-effective, privacy-preserving, device-based, tokenized, double-blind, convenient and proportionate age assurance through incremental changes to the existing approach, and could be operational in any jurisdiction around the world by this summer.

euConsent Consortium

Subscribe to our Newsletter

Do you want to be informed with the progress of euConsent or other related news? 

Thank you for subscribing. A email was sent to confirm your email address. Please check also spam folder.

Share This