Europe Gets Serious About Age Verification Online

Comment
LoaderSave StorySave this story
Comment
LoaderSave StorySave this story

For as long as I can remember, entering a pornographic site has required the same effort as skipping a line: zero. So much for age verification; just a click on the “I'm over 18” button and off you go. The European Commission, therefore, also aided by the latest US rulings on the effects social platforms have on minors, is accelerating the process already underway to introduce effective age-verification systems.

All Too Simple

Back in May, Brussels opened formal proceedings against Pornhub, Stripchat, XNXX, and XVideos for suspected violation of the Digital Services Act (DSA). This law updated the legal framework for platforms operating in Europe. It has been in force since 2024 and imposes transparency obligations, rapid removal of illegal content, and management of systemic risks such as disinformation and the protection of minors.

A year later, in March 2026, the investigation reached its preliminary conclusions. The European Commission determined that all four sites allow minors to access their services by relying on simple one-click confirmation pages. Regulation found that mechanism to be completely inadequate in relation to the legal requirements. The same finding was made for the social media platform Snapchat, which, according to another Commission investigation, allegedly may have violated the DSA by exposing minors to attempts at grooming and recruitment for criminal purposes, as well as to information on the sale of illegal goods, such as drugs, or age-restricted products, such as e-cigarettes and alcohol.

The DSA does not explicitly impose age verification as an absolute requirement, but for Very Large Online Platforms (VLOPs)—those with more than 45 million monthly users in the European Union—the Commission expects concrete steps to be taken to mitigate systemic risks related to child protection. A failure to comply can result in penalties of up to 18 million euros or 10 percent of global annual turnover.

So What’s the Solution?

At a press conference held in recent days by the two officials leading the investigation, Prabhat Agarwal and Renate Nikolay, it was explained that the intention is to use verification systems that prove the user is above a certain age, without transmitting their name, date of birth, or other data to the platform or anyone else.

The mini-wallet, or more precisely the Age Verification Blueprint, is the technical answer being analyzed. It is a mobile application that functions like a digital wallet: The user downloads the app, verifies his or her age once via electronic ID card, passport, banking app, or other national identification system, and from that point on can prove that he or she is over 18 at any participating site without having to reload his or her documents each time.

The underlying technical principle is selective disclosure: The mini-wallet does not tell the website the user's date of birth. It only answers the question “Is this person over 18 years old?” with a cryptographically verifiable yes or no. Credentials are transmitted as single-use tokens, which in theory prevents correlation between different sessions on the same site.

The mini-wallet is not a stand-alone system. It is designed as a bridge to the future EU Digital Identity Wallets (EUDI Wallets), the digital wallets that some EU countries will implement by the end of 2026, with which the mini-wallets will be integrated. In practice, users who begin to get used to the mini-wallet now will find the same functional logic in the digital wallet that all European citizens will be required to have in the future. The wallet will allow users to manage not only their age, but also their identity, educational qualifications, drivers licenses, and other personal attributes, all from a single app.

Five member countries are already experimenting with the solution this year, but they don't all seem to be on the same page. It was pointed out at the press conference that France and Denmark are far ahead, while Greece, Spain, and Italy are lagging. This is why some experts are skeptical that the digital wallet will come into force within the established time frame.

An Alternative to the US Model

Among the players already visible in the European market for age verification are Yoti, which TikTok is using in Europe for this purpose along with other methods such as credit cards and documents, and Persona, which is an identity- and age-verification provider used by platforms such as Roblox, Discord, and Reddit.

The latter has a much more data-intrusive model, one that the Commission says it wants to avoid. In fact, its services include fingerprint verification, face recognition, screening a person's face to compare it to one on a particular list, and the retention of all such data for up to three years.

In February 2026, it also emerged that Persona publicly exposed thousands of files online. The company responded by saying that this was an isolated testing environment and that the data was not actually exposed, and, in addition, that it does not work with US government agencies to provide it with data on users.

In any case, the US model shows the risks of age verification based on massive collection and analysis of identifying data. This highlights the need for a European alternative, one that shifts the concept to another level: not so much “prove your identity so I can check your age” as “just prove your age, without revealing anything else.”

Brussels is promoting an open source architecture, leaving room for both member states and market players to publish national or derivative versions. Scytales and T-Systems were mentioned during the press conference as services to look to in Europe. Whoever develops the system will still have to consider a "triangular" architecture, officials say: A third party certifies that the user meets the required attribute, i.e., being above a certain age, without the site receiving documents or other personal data. To make the concept more understandable, the Commission cited the experience of Covid certificates.

A Glaring Loophole

There remains, however, a clear distance between the technical promise and the social reality of the problem. As recounted in the press conference, the mini-wallet seems designed primarily to prevent the site from learning too much about the user, but much less to solve the most trivial bypass of all: a minor using an adult’s phone, credentials, or ID. In other words, the system may perhaps reduce the amount of personal data in circulation, but it does not automatically eliminate the risk of age verification being bypassed in practice.

Despite this, the mini-wallet currently appears to be the most promising solution. The Commission has clarified, though, that it is not the only possible solution. The door remains open to alternatives, provided they are "equally effective." Pornhub is already involved in the pilot phase, while other operators have been invited to participate.

In short, Europe could become the first major policy laboratory where age verification stops being a formality and becomes a real infrastructure, with all the promise and—not to be overlooked—all the risks that this entails.

This story originally appeared in WIRED Italia and has been translated from Italian.