Hello Team Policy !
I received a question through email, from the German pirates, sent by @Kayra Kuyumcu. Could you please lend us a hand in clarifying the current European projects on transnational age verification, specifically if any of those claims to minimise the provision of identity information, and if so, how?
Florian
Now with Kayra joining us on Discourse, welcome @Keeked !
Hi,
So, a quick rundown - there is a lot more detail but this is an overview:
First some terminology:
Age verification uses physical evidence and/or verified sources of information to verify the age (and also the identity) of a user.
Age estimation uses automation and data analysis to create a reasonable estimation of a user’s age.
Age assurance refers to varying solutions to verify the age of a user and covers both verification and estimation.
Cross-national
GDPR
Article 8 requires that information service provides must know if their users are under 16 (or 13, 14 or 15 depending on Member State) and if they are under the age threshold to obtain the legal consent of guardian for processing.
AVMS
Article 6a requires media providers to ensure that content that “may impair the physical, mental or moral development of minors” is not available to minors, and that data collected from minors is not used for commercial purposes.
DSA
Article 28(1-3) covers requirements to not show ads or do data profiling on minors and to have “accurate, reliable, robust, nonintrusive, and nondiscriminatory” age verification methods.
CSA (Chat Contol)
Within the current proposals the Commission and Council both want to make age verification mandatory for services deemed risky (as defined by the CSA Regulation). Potential conflict with the DSA requirements.
Per-country basis
Cyprus, France, Denmark, Germany, Greece, Italy, Slovenia, and Spain have all pushed for centralised age-verification laws.
I’m not aware that any of these mandate any data minimisation and all seem to focus on a provider carrying out verification.
Italy, France, Spain, Greece, and Denmark have all signed up to test the prototype EU age verification blueprint ( The EU approach to age verification | Shaping Europe’s digital future ).
Spain
Introduced a law in 2022 that required providers to block access to “pornography or other materials harmful to children’s health, mental wellbeing, or “moral development,”” to minors.
National Police launced an app in 2025 launched a digital app called MiDNI that provides real-time age verification.
France
Has had legislation in place since 2004, and introduced further legislation in 2024, mandating age verification for pornography providers to block access to minors. Baseline legislation has been expanded over the years and France has overstepped their remit and tried to apply this to companies providing services within the EU but outside of France, resulting in a number of legal challenges.
Italy
Has introduced legislation in 2025 that requires an initial list of some 45 pornography providers to use third-party age verification services to verify government ID before allowing access.
Germany
Has had laws in place since 2003 making it illegal to make pornographic content to minors. There have been a bunch of legal challenges over the years and the implementation is haphazard. Require providers to verify age and the regulator has an approved list of software to be used.
Ireland
Online Safety Code of 2024 requires an effective method of age assurance to stop minors accessing “pornography and extreme or gratuitous violence” content.
There is also a report from CERRE from March 2025 that goes into more detail - https://cerre.eu/wp-content/uploads/2025/03/CERRE-DSA-Forum-Age-Assurance.pdf