Responding to the evolving regulatory landscape for age assurance

The internet is central to children’s lives, relevant to how they access entertainment, education, social connection and more. In this context, online age assurance has rapidly ascended the EU policy agenda, driven by concerns over children’s exposure to harmful content and behaviours.

Indeed, this topic was an important element of President von der Leyen’s recent State of the Union Address, where she highlighted her ongoing consideration of how the EU approaches children’s access to social media. This follows announcements by certain Member States, such as France and Denmark, of their intention to introduce a minimum age for social media access, requiring these platforms to verify users’ age.

Of course, under the Digital Services Act (‘DSA’), in-scope online platforms in the EU are already required to implement appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors on their service. To that end, in July the Commission published guidelines on the protection of minors online, outlining expectations for when and how platforms should check users’ age under the DSA. The Commission is also developing an age verification app, expected to set the standard for online age assurance and bridge the gap before EU Digital Identity (EUDI) Wallets become available in 2026.

In addition to EU-wide requirements under the DSA, Member States are taking a range of differing approaches. Under national regulation, age assurance duties may be targeted at certain service types, such as Video Sharing Platforms (VSPs) or internet access providers, while, in other cases, duties apply based on whether harmful content can be found on a given online service.

This fragmentation can result in significant complexity for services operating across the EU.

How can affected companies respond?

Companies should first seek to understand the requirements that apply to their service. They should then determine how the requirements influence how and where services and specific functionalities should be offered. To future-proof their approach, online services should leverage findings from risk assessments – a key feature of the EU online safety regime – to inform product development. In this context, adopting an age-appropriate design may require substantive changes, such as a tiered service model with different features for users of different ages.

Affected services will then need to address a range of operational considerations as they implement their age assurance strategy. These include design decisions such as when in the customer journey to implement age checks and how to avoid unnecessary frictions that could negatively impact the user journey. It will also be necessary to decide whether to develop age assurance systems in-house or rely on third-party providers.

Additionally, acceptable methods that services may implement to ensure appropriate age assurance can vary. For example, different countries may have different expectations regarding who should complete age checks for regulated services, to what degree of assurance, what user data can be used, and how frequently checks should be performed. These expectations are influenced by service type and associated risks.

 To find out more, please read our new report, Online Age Assurance – responding to the evolving European regulatory landscape. The report examines the regulatory landscape for age assurance across Europe, featuring case studies from Belgium, France, Germany, Ireland, Italy, the Netherlands, Spain and the UK. It then translates these findings into a set of actions for online services to prioritise. Ultimately, ensuring compliance with relevant requirements is paramount, not least to avoid fines (up to 6% of global annual revenue in the EU), reputational damage, and erosion of user trust.

Deloitte’s multi-disciplinary Digital Regulation team is comprised of a range of experts with experience across digital regulatory issues. For expert guidance and support in navigating and adapting to the fast-moving digital regulatory landscape, please reach out to one of the contacts listed below or sign up to the Deloitte quarterly digital regulation newsletter.