Age assurance laws in EU, UK starting to sting as governments ramp up digital ID

Word is beginning to get around: the regulators are coming.
As regulatory bodies in the UK and the EU begin wielding their new enforcement powers for age assurance compliance, the heft of their legal weaponry is becoming apparent to organizations standing in the path of their righteousness. Adult content sites, in particular, are staring down escalating threats from the European Commission to make an example of the biggest players, should they fail to comply with the law.
There is fresh evidence that they are beginning to shuffle toward compliance: decentralized and self-sovereign identity (SSI) provider Gataca has announced a partnership with a Dutch freemium adult network that runs nearly 50 sites, including Tube Galore. Jaime Mingot Aguirre, global director of age verification for Gataca, says Gataca Vouch offering both double blind ID wallet and facial age estimation methods is being piloted on sites in the French region, and that more are coordinating on a forthcoming wider rollout. The Madrid-based company plans to continue focusing on the freemium market for adult content, as it adds more sites to its pilot.
The Commission is also developing its own age assurance solution with Sweden’s Scytáles, to serve as a “white-label” stopgap until the EU digital identity wallet (EUDI Wallet) becomes mandatory at the end of 2026.
Digital ID sector warming to Kyle’s plan, but notes enormity of task
Meanwhile, the UK ecosystem for age assurance providers fostered under the Digital Identity and Attributes Framework (DIATF) is only somewhat reassured by Tech Secretary Peter Kyle’s recent apology for any disruption caused to the industry by the government’s Gov.uk Wallet scheme – on which it continues to plough ahead, spurred by a sense of urgency as promised delivery timelines for reusable digital identity and digital driving licenses loom on the horizon.
In his recent meeting with age assurance and digital ID providers, Kyle kept the door open to third party digital ID providers as a key part of the age assurance and identity verification ecosystem, and pointed in particular to orchestration providers as entities with a useful role to play. There are still worries that Kyle may also be keeping the door open – perhaps a bit too widely – for Big Tech, in the form of wallet products and associated digital identity use cases from Google and Apple.
But there is also tentative approval for certain aspects of Kyle’s plan; in a post on LinkedIn, Yoti CEO Robin Tombs says “I sense there’s a growing buzz about the opportunities for the private sector, but also as a UK citizen, rather than with my Yoti CEO hat on, I think the approach may be rather smart for UK society.” Tombs calls attention to the government’s commitment to require public services to issue a digital verified credential in the Gov.uk wallet, alongside any paper or card-based ID, by the end of 2027.
“I don’t think the enormity of that aim has been digested yet,” he writes, musing on just how many ID cards are out there. (53 million UK passport holders and around 49 million driving license holders, for a start.)
Although, Tombs says, “I sense Mr. Kyle is pretty determined to deliver well and fast.”
The first credential to roll out will be the digital veterans card, which is slated to launch in the summer.
UK issues guidance on using Gov.uk Wallet
To wit: the Government Digital Service (GDS) has issued guidance on using Gov.uk Wallet within government, to “make it easier to prove in your service that someone is who they say they are.”
The guidance covers who can use the wallet, why they should and how it works. “As a government service,” it says, “you’ll be able to use GOV.UK Wallet to securely save a digital version of a document you produce (for example a driving licence); update or remove documents (for example you could remove a document if it’s been used fraudulently); and prove a user’s eligibility for a service using other departments’ documents.”
For now, it says, only public sector organizations such as the NHS or local authorities will be able to access the information in the wallet. Furthermore, “any documents added to the wallet will be bound to the proven identity linked to a user’s Gov.uk One Login. That means, for now, a user can only save their own documents in their Gov.uk Wallet. It will not contain, for example, train or theatre tickets.”
(One Login is currently in the process of reclaiming certification from its own trust framework, after it expired when biometric IDV provider iProov, a key supplier, failed to renew its DIATF compliance.)
Article Topics
age verification | biometrics | digital ID | Digital Services Act | digital wallets | Gataca | Gov.UK | UK age verification | Yoti
Comments