EU Age Verification. The regulatory battle to protect kids from the Digital Wild West
The political earthquake is here: as social media turns into a Digital Wild West, governments are moving rapidly to regulate the digital landscape. The Spanish Prime Minister Pedro Sanchez didn’t mince words while speaking at the World Governments Summit in Dubai: “Today, our children are exposed to a space they were never meant to navigate alone. A space of addiction, abuse, violence, pornography, manipulation, and more violence”. On this, few would disagree.
Feb Fri 27 2026
After Australia’s landmark move to ban children under 16 from digital platforms, Spain has announced the start of its own legislative process[1]. Denmark and France are now following the same direction, planning to prevent users under 15 years old from accessing social media[2], while the UK government has launched a consultation to restrict mobile phones in school as part of a broader child-protection strategy. Italy appears to be next in the line[3]
The message is clear. It is no longer acceptable to let minors freely wander online, since the online environment is clearly not built for them.
How Europe’s Age Verification works under the DSA
On 14 July 2025, the European Commission published its official Guidelines on the protection of minors online under Article 28 of the Digital Services Act (DSA)[4]. For the very first time, Brussels laid out a structured approach to age assurance, calling on platforms to adopt robust, proportionate and privacy-preserving age verification measures to shield users below a certain age from adult content, such as pornography, gambling, and harmful material.
The guidelines distinguish three main approaches:
Self-declaration, which fully relies on the individuals’ declaration that they are [HB1] above the required age.
Age estimation, Using technical means, such as behavioural or biometric analysis, to assess whether a user falls within a certain age range.
Age verification is the safest and most accurate method to declare one’s own age, since it relies on verified identity attributes and trusted credentials instead of systems that rely on self-declaration.
The last method is the one European Commission is working towards. The EU Commission emphasises that any age assurance method must comply with EU data protection law, particularly the principles of data minimisation and privacy by design under the GDPR. Age verification mechanisms must not expose minors to additional privacy risks, nor use tools for surveillance or large-scale data collection[5]. It is within this framework that the EU’s age-verification blueprint has been developed.
Blueprint for a safer Internet. Towards an EU-harmonised Age Verification approach
To support harmonisation of age verification systems across Europe, the Commission released a white-label, open-source blueprint, which can be easily customised by any Member State[6]. The initiative supports Article 28(1) of the DSA (“Online protection of minors”)[7], by offering a common strategy for online platforms to effectively check the user’s age in a simple and privacy-safe way[8].
At its core, the blueprint lets users prove they are above a certain age without revealing who they are. Instead of handing over IDs, documents or birthdates, users present an anonymized “Yes/No” token (Proof of Age). No tracking, no behavioural profiling, no sprawling databases of children’s personal information.
In October 2025, a few months after the introduction of the very first blueprint tool, the EU Commission released an enhanced second version which included new onboarding options, such as electronic IDs (eIDs), passports and national identity cards to generate age proofs. This made the system much more accessible and aligned with ongoing work on the Digital Credentials API. Age evaluation processes became easier this way, at the same time offering each Member State the possibility to integrate the model into national solutions.
Working as a standalone app, the blueprint mirrors many of the features of the future European Digital Identity Wallet (EUDI Wallet)[9], the EU-wide digital ID system expected to be implemented by the end of 2026.
The EUDI Wallet revolution. Testing Europe’s Next Digital Identity
Designed to streamline the digital interactions across Europe, the eIDAS regulation framework – recently revised to establish the European Digital Identity – provides for the creation of at least one EUDI Wallet per Member State[10].
The Wallet is intended to enable access to public and private services across the EU including government services, opening bank accounts, making payments, electronic signatures and more[11]. The Wallet will allow users to control which personal data they disclose and when, through selective cryptographically certified attributes.
To use a very familiar motto: All Your Data. All Yours.
Moreover, as outlined in the DSA guidelines, every Member State must provide at least one EUDI Wallet by the end of 2026[12]. The Wallet may allow users to prove specific attributes – such as their age – selectively and securely, using cryptographically signed attributes rather than identity documents.
In short, the Wallet system seeks to minimize data exposure while maximizing trust. For age verification purposes, it may become the default method across our continent.
What’s at stake. Challenges and Takeaways
The momentum is unmistakable: Europe is accelerating toward an era where minors will need reliable and privacy-preserving tools to prove their age and safely access certain online services, such as social media and other high-risk online environments[13]. But the road ahead is neither simple nor smooth.
In its General Comment No. 25 (2021)[14] the UN Committee on the Rights of the Child emphasized that the digital environment has a profound impact on children’s lives. It can create new opportunities for the realisation of their rights, but also new avenues for exploitation and harm. Therefore, States must ensure that digital regulation upholds children’s rights, including the right to online platforms must adopt strong safety measures – and integrate privacy-first solutions by design – to uphold fundamental rights such as right to information, education, culture, leisure, expression and privacy.
Not all platforms are built for young users. At the same time, every child should have the right to access the digital world without being targeted by malicious actors or exposed to harmful content. The proposed European Digital Identity Wallet (ID Wallet), expected as early as 2027, could support platforms in meeting age assurance requirements while fostering a safer, more privacy-respectful and child-friendly digital environment.
The regulatory battle is far from over. But developments in EU data regulation paint a clear picture of the direction of travel: the Digital Wild West is steadily giving away to a more structured and right-conscious European framework.
By Priscilla Colaci
[1] Johar, A. (2026, February 3). Spain plans youth social media ban. Mobile World Live. https://www.mobileworldlive.com/europe/spain-plans-youth-social-media-ban/.
[2] Marchal, L. (2026, January 29). Listen: Is it realistic to ban kids from social media? EUobserver. https://euobserver.com/200657/listen-is-it-realistic-to-ban-kids-from-social-media/; Ziady, H. (2026, February 3). 'We will protect them from digital Wilde West'. Another country will ban social media for under-16s. CNN Business. https://edition.cnn.com/2026/02/03/tech/spain-under-16-social-media-ban-intl
[3] Donkin, C. (2026, January 20). UK mulls following Australian child social media ban. Mobile World Live. https://www.mobileworldlive.com/europe/uk-mulls-following-australian-child-social-media-ban/; Desmarais, A. (2025, November 17). The age verification era: Which EU countries are restricting access to adult sites? Euronews. https://www.euronews.com/next/2025/11/17/the-age-verification-era-which-eu-countries-are-restricting-access-to-adult-sites.
[4] “These guidelines describe the measures that the Commission considers that providers of online platforms accessible to minors should take to ensure a high level of privacy, safety and security for minors online, in accordance with Article 28(1) of Regulation (EU) 2022/2065”. Commission publishes guidelines on the protection of minors. (n.d.). Shaping Europe’s Digital Future. https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors.
[5] Ibidem. Accuracy, Reliability, Robustness, Non-Intrusiveness and Non-discrimination are the key factors that providers of online platforms accessible to minors should consider when adopting the age verification method. On this also Articles 28, 34, 35 DSA and recital 71 DSA, as well as Articles 5(1)[c], 8, 25 GDPR.
[6] The EU approach to age verification. (n.d.). Shaping Europe’s Digital Future. https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification.
[7] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and Amending Directive 2000/31/EC (Digital Services Act). (2022). https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng.
[8] A full tutorial of how Age Verification Blueprint works is available at this link: https://youtu.be/ULFTrTznG7Y?si=KRWOtByh1l6Gbtf5.
[9] The EU approach to age verification. (n.d.). Shaping Europe's Digital Future. https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
[10] Article 5(1) states that: "For the purpose of ensuring that all natural and legal persons in the Unione have secure, trusted and seamless cross-border access to public and private services, while having full control overt their data, each Member State shall provide at least one European Digital Identity Wallet within 24 months of the date of entry into force of the implementing acts [...]", Article 5a to 5f - eIDAS 2 text. (n.d.). https://www.european-digital-identity-regulation.com/Article_5a_(Regulation_EU_2024_1183).html. For the whole text: Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework. (2024, April). European Union. https://eur-lex.europa.eu/eli/reg/2024/1183/oj
[11] The EUDI Wallet is the result of four large-scale pilot projects launched in April 2023 to test and deploy this age verification approach in a secure way. The pilots aimed to explore how Digital Wallet could improve europeans’ digital life. Find out more at: https://digital-strategy.ec.europa.eu/en/policies/eudi-wallet-implementation; https://commission.europa.eu/topics/digital-economy-and-society/european-digital-identity_en; https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors; and https://eur-lex.europa.eu/eli/reg/2024/1183/oj.
[12] Commission publishes guidelines on the protection of minors. (n.d.). Shaping Europe’s Digital Future. https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors
[13] Within the first investigative actions against Apple App Store and Google Play, Snapchat, and YouTube, under the DSA, the Executive Vice-President for Tech Sovereignty, Henna Virkkunen, said: “We will do what it takes to ensure the physical and mental well-being of children and teens online. It starts with online platforms. Platforms have the obligation to ensure minors are safe on their services – be it through measures included in the guidelines on protection of minors, or equally efficient measures of their own choosing […].” .
[14] Committee on the Rights of the Child. (2021). Convention on the Rights of the Child: General comment No. 25 (2021) on children’s rights in relation to the digital environment. https://docstore.ohchr.org/SelfServices/FilesHandler.ashx?enc=yxAGYTHP5cuVJcGAiqi5euEP%2FNt2gUesUpna7S1EIexrZEG3CjDR%2BQ%2F2J4h%2B2grTLzoWZgAUTh7KZMq%2Fyxdqyw%3D%3D