Common views shared by members of the AVPA
The Age Verification Providers Association is a politically neutral trade body. We represent all elements of the age-assurance ecosystem, not favouring one approach or technology over another, and including both B2C and B2B organisations. Members nevertheless share some common views on issues relevant to the sector.
In summary, we support independent, third-party, audited, certified, interoperable anonymised age verification.
Age Verification Methods
We recognise a wide-range of methods of age verification, from traditional database and ID document-based age verification checks through to AI-based biometric and behavioural age estimation.
We are technologically neutral, but recognise that different forms of age assurance achieve differing levels of assurance in the context in which they are used.
Age verification is necessary when a specific date of birth is a requirement. In order for age verification to be relied upon in higher-risk use cases; there must be adequate liveness detection and document authenticity checks.
For lower-risk use-cases, such as a child giving consent to share their personal data without needing parental consent, or for a platform to impose its own terms and conditions, both age verification and age estimation are effective
For higher-risk use-cases with a specific, legally-enforceable age limit, age estimation will require a buffer (setting the age checked above – or for child-safe spaces below – the age of interest) to reduce the chance that a user outside the age requirement is a false positive e.g. circa 3-5 years around that of the age of interest to provide equivalent confidence to regulators and courts as age verification.
We adopt a common approach to the measurement of the level of accuracy that different methods of age assurance can achieve. This is based on either the percentage of false positives and false negatives a system yields, or where estimation techniques are used, the mean average error of the estimate and the standard deviation of a set of results.
Accuracy can be combined with other factors to meet specified standard levels of assurance. For example, other aspects that contribute to the strength of the age check include
- the minimisation of bias across protected characteristics,
- the prevention of fraudulent use (spoofing), and
- the strength of authentication (ensuring the user claiming the age is the person to whom the evidence of age belongs). We note this is inherent in biometric and behavioural age estimation techniques but requires a liveness test or other security measures to bind the evidence to the user when age verification is conducted.
We support common international standards for age verification to maintain the quality, reputation and integrity of the age verification ecosystem.
We support a co-regulatory approach, where regulators recognise certification against international standards provided by accredited auditors.
We encourage the use of test purchasing, both face-to-face and online, to provide assurance that technology and processes are working effectively together, and to demonstrate due diligence.
We champion an open and competitive market in the provision of age verification. For this reason, we resist the provision of age verification to other services by large, market-dominant platforms.
We also support independent provision of age verification in general because we are wary of asking services to mark their own homework. Services may be dependent on users being a certain age to earn revenue; independent AV providers can be more easily regulated and have more to lose as their entire business reputation rests on the legitimacy of their age checks.
If a service does wish to conduct its own checks “in-house” we believe it should be subject to the same level of independent audit and be required to achieve the same certification as we encourage our members to secure.
We aim to facilitate interoperability between providers to improve the user experience – without it, users must verify their age repeatedly. Interoperability allows you to use the same age check across multiple services. This is dependent on providers meeting equivalent standards and levels of assurance.
Age versus identity
Age can be derived from a digital identity, but age is not simply a subset of identity as it can be ascertained without ever knowing a user’s full identity e.g. with facial estimation.
Attitudes to regulation/governments/etc.
We see age verification and age estimation as being a key building block to governments and regulators achieving their online safety objectives, and support the development of consistent legislation and regulation around the world, to allow age checks to be applied consistently and efficiently.