The UK's controversial Online Safety Act (OSA) passed over a year ago, and ostensibly, it "puts a range of new duties on social media companies and search services, making them more responsible for their users’ safety on their platforms." But the ramifications of the bill are still being figured out, as are how to implement measures, including these age verification checks. To this end, two UK regulatory bodies have now issued a joint statement [PDF] on what companies should do to meet these obligations.
The Information Commissioner's Office (ICO) and Ofcom—the former dealing with UK information rights and the latter with regulation and competition in all major communication industries in the UK—give companies some broad outlines. The main statement that gets repeated throughout is "highly effective": when relevant, online services should use "highly effective age assurance (HEAA)."
- "Credit card checks
- Open banking
- Photo-ID-matching
- Facial age estimation
- Mobile-network operator (MNO) age checks
- Digital identity services
- Email-based age estimation"
It does not include "Self-declaration, debit cards, [or] general contractual restrictions on the use of the service by children."
If, as an online service provider, you don't have HEAA checks, then "you will need to take account of this in your children’s risk assessment and deploy the necessary protections to ensure that your service is appropriate for all children."
This "highly effective" requirement seems to be primarily reserved for services that allow pornographic content: "Under the OSA, if you are a user-to-user service that is likely to be accessed by children and allows harmful content known as primary priority content, or if you are a service that publishes or displays its own pornographic content, you must use highly effective age assurance (HEAA) to prevent children from encountering such content."
Importantly, the ICO and Ofcom say they share a "flexible, tech-neutral approach" to age assurance. In other words, the regulators won't mandate any particular technological solution as long as it's "highly effective" and is "necessary, proportionate to your risks, and complies with data protection legislation."
This, notably, is different to the EU's approach. The EU has developed an age verification blueprint that lays the groundwork for a common method for EU member states to use to verify age. Which should make regulation easier, but it puts extra pressure on the political body to get the technology just right.
One of the big concerns with age verification in general has been how to ensure data privacy. There are tons of unique and, let's say, interesting solutions to choose from, but the best ones all use 'zero knowledge proofs' (ZKPs). These essentially allow a company to get solid proof of identity or age without ever passing that information on to the company itself, keeping it completely private.
The joint statement doesn't mention such proofs, but nothing should preclude them from being deemed "highly effective." And there's certainly plenty of mention of data privacy. For instance, the ICO suggests in separate guidelines that "you must embed data protection into the design of your products, services and applications."
There is, however, a difference between protecting data from being leaked or sold once it's been collected and preventing it from being collected and stored in the first place. In other words, mandating a focus on privacy and data protection doesn't necessarily mean ZKP and complete data privacy.
Which is why I'll keep on yapping about it, to remind anyone who's listening that there are ways of keeping all this age assurance malarkey in play (if we must) without giving up a lick of privacy. We just need to push for those methods above others. And, of course, we don't need to think such verification is inevitable at all: there are plenty of clever people warning us against it, after all.
1. Best overall:
Razer Blade 16 (2025)
2. Best budget:
Lenovo LOQ 15 Gen 10
3. Best 14-inch:
Razer Blade 14 (2025)
4. Best mid-range:
MSI Vector 16 HX AI
5. Best high-performance:
Lenovo Legion Pro 7i Gen 10
6. Best 18-inch:
Alienware 18 Area-51
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
