Global Age Assurance Standards; Age Restrictions & Child Privacy Laws

Introduction:

The realm of age assurance is achieving a number of milestones in recent years, gaining healthy traction, increased attention from regulators and urgent enforcement steps from enforcing agencies. The publication of the finalized ISO standard and introduction of a regulatory framework in several nations mark a significant development in this sector. A research publication by PEW highlighted that almost half of Americans who spend time online don’t know what a privacy policy is and as per the Times, last year saw 10,000 arrests in the UK involving online child sexual exploitation, double the number over the previous twelve months. With this alarming lack of awareness resulting in unchecked use of online space by minors, everyone from commentators , policy advisors to regulators are working together on developing laws and standards promptly to protect underage children from the harms internet poses. 

The Age Check Certification Scheme organized The Global Age Assurance Standards Summit 2025 with a specific focus on this and several related issues. Remarks on market competition, benefits and drawbacks of performing age checks using different methods and other mechanisms required to walk side by side to the regulations, were presented by Stakeholders from around the globe.

Age gating and Age estimation are the two widely used methods for verifying a user’s age online. While the two terms sound similar, there lies a significant difference between the two. Age gating is a practice of restricting access to certain content or services based on the user’s age, typically done by requiring users to provide birthdate or confirm they are over a certain age before the grant of access to websites, apps or content. 

On the other hand, age estimation is the use of technology , often powered by AI and machine learning to predict or estimate a person’s age without the need of directly asking them. Instead of relying on user input, age estimation uses biometric data, facial features, liveness detection or other physical characteristics to estimate the person’s age. 

2. Standards for effective age verification

The rising use of social media and internet by minors raised significant debate in 2024 on what age assurance is and why it is necessary. Meanwhile 2025, now sees a shift in the discussion narrative towards ‘ how can these standards help local regulators get regulations to work well’

It is expected that in coming years, Part 1 of the ISO 27566 and other regulations; national or international will be finalised and the focus will shift to relying parties and less on legislation.

ISO 27566-1 has provided comprehensive guidelines for establishing “age assurance systems” which balance the need for protecting minors online while also respecting user privacy. This first of its kind standard outlines various age verification techniques including self-reporting, biometrics, government-issued IDs and third party verification services.

A key component of the standard is making sure that privacy considerations are integrated into the age verification process e.g. data minimization, informed consent and security. Mandating alignment with global privacy regulations such as COPPA and GDPR, ISO 27566-1 aims to help platforms implement systems that are secure and legally compliant. 

Additionally, accuracy and user experience are also essential parts of ISO 27566-1, reiterating that age verification tools must be effective in verifying age and protecting minors from inappropriate content while balancing these with ease of process and user access convenience.

This push in rapid advancement of the regulations and standards are forcing the hand of social media and tech companies to develop mechanisms as soon as possible and as effectively as possible so that compliance can be made possible.

Global Legal Frameworks for Age Verification

 
Several national and international regulators are in play now with development of new laws/standards in some jurisdictions and enforcement of established laws in other jurisdictions. 

The United Kingdom

UK regulator Ofcom’s Children Access Assessment has required content providers which offer user to user services in the UK, including social media platforms, gaming platforms and dating apps, to provide a response to ‘whether or not kids can access their site’ by 16th of April 2025. The provided responses will determine whether or not businesses are in compliance with Online Safety Act and the proposed Protection of Children Codes.

As per a report by Brett Wilson LLP, the UK government estimates that “around 25,000 businesses will be subject to the new rules”. Social media and pornography sites are category 1 bearing the highest degree of duty of care. While Category 2A contains search engines such as Google and Bing and category 2B will contain all of the remaining high-risk and high reach sites.

South Korea

The Korean Online Safety Protection Act (KOSPA) introduced in South Korea regulates collection of children’s data and protects minors in the online space. The Act requires platforms to verify user age before allowing access, mandating that ‘ children be protected from harmful or age-inappropriate content’. Moreover, the act imposes strict regular reporting duties on companies for compliance. KOSPA emphasizes age gating and age verification tools to ensure that minors are not exposed to inappropriate content, recommending age assurance technologies are integrated into platforms to confirm minors are not accessing adult content or services. 

The United States of America

The US is also not new to introducing legislation for the protection of minors.. Children’s Online Privacy Protection Act (COPPA) 1998 required verified parental consent before collecting any personal data from children. Similarly, for age assurance provision and measures several US states have introduced legislative actions:

• California Age-Appropriate Design Code (2024) aims to mandate online platforms prioritise the safety of children and design digital products with age appropriate features, including provisions for age verification to make sure platforms are not exposing minors to harmful content. 
• The Protecting Against the Misuse of Social Media Act (PAMS 2022) , 
• The Children’s Advertising Review Unit (CARU) Guidelines , 
• Section 230 of The Communications Decency Act (CDA) 
• Florida’s age verification Law, encourages platforms to regulate content and implement age verification systems to protect minors from harmful content. 

Among European countries,  France is also being seen increasing its efforts on implementing effective age assurance to protect minors from adult content. The Regulatory Authority for Audiovisual and Digital Communication (ARCOM) requires all pornographic streaming sites operating in France to implement age assurance measures.

Age verification is an important requirement  in safeguarding minors from accessing harmful online content. The rapid rise of digital platforms, social media and online gaming has exposed minors to unrestricted access to adult content including but not limited to violence, graphic material and age inappropriate interactions. 

Methods of Age verification

Several methods are used to verify and estimate the age of users online. Such methods or techniques provide that age restrictions are respected, significantly mitigating the risk of underage access to restricted content. 

• Date of Birth: This method is fairly outdated and easy to bypass but is still being used by majority popular online platforms.
• ID Verification: A government issued ID is required from the user to confirm age. Although more reliable than the DOB method, it still can be bypassed with fake IDs and Deepfakes. 
• Biometric Age Estimation: This is one of the most effective methods which uses AI powered facial recognition and other biometric indicators to estimate the user’s age based on their facial features, voice or other characteristics. 
• Liveness Detection: Also a highly effective method of age verification, AI powered liveness detection ensures that the individual providing their data is a live person and not a deepfake being used to bypass age verification.

Challenges in Enforcement & Compliance

Lack of homogeneous compliance is a significant challenge, different regions have different laws and compliance requirements making compliance a financial and operational burden on companies to effectively implement compliance across regions. 

Moreover, accurate age verification can be challenging as several methods used today rely on self-reporting which is easily falsified. Additionally, biometric verification systems are not up to speed in deployment and development with the need of the moment. 

Businesses and Platforms can ensure compliance with Age Assurance and Verification laws by: 

• Implementing Strong Age Verification systems such as AI powered biometric solutions using AI-based age estimation tools assessing facial features and liveness detection. 
•  Conducting Regular Audits and Monitoring user data access patterns can help identify non-complying actions. 
• Data Minimization & Encryption, using on premises data storage solutions, while storing only the necessary data, ensuring sensitive information is protected, especially data concerning minors.

Conclusion

As the enforcement of age assurance regulations draws nearer, compliance with age restrictions and child privacy laws is not only urgent but requires a strategic approach including but not limited to implementation of reliable age verification systems and strong privacy policies.

Social media and tech companies must use AI powered biometric age verification tools which use liveness detection, facial biometrics, age estimation and implement them in their User Interfaces so that effective age assurance can be made a reality. By utilizing this technology, businesses can create safer online environments for children while also building trust with their users. 

FACIA uses advanced AI technology and a wide array of datasets to train its algorithms for effective facial biometric verification, liveness detection and age estimation. Its compliance with core principles of mitigating bias and extremely low False Rejection/False Acceptance rates.