As we begin a new year, we wanted to provide you with an update on our significant progress towards establishing a global ecosystem to make the Internet age-aware. We believe this is a fundamental prerequisite for the deployment of a wide-range of safety measures that will create a safer Internet for children.
You will recall that we began down this road in 2021 when euCONSENT was funded by the European Commission to “outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”. We successfully trialed with over 2,000 children and adults, across five European countries a solution modelled on the original European electronic identification, authentication and trust service (eIDAS) that allowed a user to prove their age to one website, then re-use that check on other sites, even if they used a competing age verification service provider.
Just as this project concluded, European data protection regulators, led by the French CNIL and Spanish AEPD, became more interested in the mechanics of age assurance, and proposed more exacting requirements to protect user privacy, beyond the basic safeguards already offered by GDPR. The French proposed a “double-blind” solution enabled by cryptography, which meant signed age certificates could be generated and supplied to age-restricted websites without any risk the user could be identified by those sites, nor that their activity could be tracked. The Spanish favoured a device-based solution, placing a particular emphasis on mitigating the risk that age verification could be used to assist predators in finding children online.
In this new context, the consortium that delivered the euCONSENT project formed a new non-profit, based in Belgium, and secured a grant from the Safe Online fund to develop euCONSENT 2.0 – a revised design that addressed these new regulatory requirements.
For the past year, we have been working to design and build the AgeAware™ ecosystem. This new system is a tokenized solution where a user has the option to retain an anonymised record of an age check on their device which can then be used by other age assurance providers to confirm that user’s age without a fresh age check for a limited period of time.
We have worked with the three age verification providers who are members of euCONSENT ASBL, having been part of the original project team – AgeChecked, VerifyMy and Yoti – to do the detailed design work required to create a proof of concept that will demonstrate this system. So far, we have completed the first two phases of the software build:
Phase 1: Foundational Services (Complete)
Phase 2: Core User Services (Complete)
Phase 3: Advanced Privacy and Usability (In Progress)
Phase 4 - Optimization and Scaling
Once complete, we will be auditing and certifying age verification providers so they can join the network with confidence that other members are completing age checks to specified levels of age assurance.
We have also commissioned, through the academics who are part of the euCONSENT team – Professors Simone van der Hof, Sonia Livingstone and Abhilash Nair – a comprehensive and independent academic review considering the child rights and broader human rights impact of this approach. This will be led by Emma Day and Sabine Witting of Tech Legality.
We will then be in a position to demonstrate the proof of concept in live operation. We aim to do this at the Global Age Assurance Standards Summit in Amsterdam at the start of April. We are also submitting the solution for consideration by the Australian government’s landmark age assurance technology trial which will report in June and provide another independent assessment of this innovative approach.
Of course, we do not operate in a vacuum. While we have been working on AgeAware, the European Commission has issued two invitations to tender. The first is for further large-scale pilots of the EU digital identity wallet, addressing four specific use-cases, one of which is age verification. We formed a new consortium with leading experts on the EUDI Wallet from across Europe to bid for this opportunity. The second is for an interim AV app, that the Commission will make available for Member States to deploy to deliver a solution more quickly than the wallet may allow. We’ve volunteered our support to any successful bidder, as we believe the AgeAware app we are already building could be a useful part of the design thinking, with some adjustment to align it more directly with the Implementing Act for the EUDI wallet.
So, while 2024 was a year devoted to our development activities, 2025 will be the year for deployment. We have created what is a relatively straightforward solution to a complex problem that we believe will meet the requirements of users, regulators and age-restricted platforms. It will enable cost-effective, privacy-preserving, device-based, tokenized, double-blind, convenient and proportionate age assurance through incremental changes to the existing approach, and could be operational in any jurisdiction around the world by this summer.