As demand for age assurance grows rapidly around the world, attention is increasingly turning to how this can be delivered more conveniently and cost-effectively, through interoperability, making a single age-check re-usable across multiple platforms.
In this article, we provide an introduction to the main options that have emerged so far. We will endeavour to keep this page updated and invite those behind each solution to propose any edits to ensure a neutral, fair and accurate depiction of these different approaches.
There are six options with which we are familiar (but we welcome additions if we have missed any)
- Apple App Store
- Google Wallet
- EU AV Solution
- OpenAge Initiative from k-ID
- AgeAware from euCONSENT ASBL
- AgeGraph from KWS
These differ in terms of the technology used, the commercial model, the standards applied, and how liability is allocated (or avoided).
There is a comparison table at the end of this article, although it is only a summary so it is essential to read the detail below, and to refer to each network directly for the latest, comprehensive information, so links are also provided.
Apple App Store
Apple’s solution operates primarily as a form of parental control rather than a recognised method of age assurance under international standards such as ISO 27566-1. It relies on a parent or guardian setting up a child’s device and providing the child’s age.
Assuming this information is accurate, different protections are then applied according to the child’s age, using the Family Organizer functionality. Apps can use the “Declared Age Range” API to request the user’s age range, which users (or their parents) can choose to share automatically, share on request, or not share at all.
For younger children, typically those under 13 — though the threshold varies by jurisdiction — Apple requires a “Child Account”. This gives parents greater oversight of their child’s activities, including whether the age range is shared and which apps have requested it, along with when and how it was used.
Participation by developers is optional. Apps that adopt this system can then tailor their features or content based on the age information provided.
There is no fee to the relying party for accessing this age-range information.
For further information: https://developer.apple.com/kids/
Google Wallet
Google has taken the role of facilitator, not verifier, enabling age information contained in credentials stored in its digital wallet to be shared by the user with apps and websites through a privacy-enhancing technology called Zero-Knowledge Proof (ZKP).
This allows a relying party that needs to check a user’s age to send a request to the wallet, and set criteria for which credentials it will accept e.g. which issuers, formats and types of credential. If the user consents, the wallet generates a proof that the relevant age condition is met (for example, over 18). The response is returned in a standardised, digitally-signed format that lets the relying party verify its authenticity using the public key published by the credential’s issuer.
Because the solution is double-blind – the relying party cannot learn the user’s identity, and the issuer cannot see which relying party is verifying age – the issuer has no visibility of where or how often the credential is used. As a result, the issuer cannot bill the relying party for individual checks, and there is no direct contractual relationship or shared liability between them for the accuracy of the age data.
For further information: https://blog.google/products/google-pay/google-wallet-age-identity-verifications/
EU AV Solution
The EU Age Verification App (EU AV App) is being developed by the European Commission as part of the European Digital Identity (EUDI) Wallet programme. It provides a standard mechanism for users to prove their age online or in person without disclosing their identity, using verifiable credentials issued under the eIDAS 2.0 trust framework.
The app acts as a secure intermediary between the user, the credential issuer, and the relying party. When a website or service requests an age check, the app retrieves the relevant attribute from the user’s digital identity credential — for example, a national eID or an age-verification certificate issued by an accredited provider — and generates a proof that satisfies the requested condition (such as over 18 or under 16). The proof is transmitted in a standardised, digitally signed format defined by the EUDI technical architecture, and the relying party verifies its authenticity using the issuer’s public key obtained from the EU Trusted List.
The system will support privacy-enhancing techniques, including Zero-Knowledge Proofs and selective disclosure, ensuring that only the required age attribute is revealed. It is designed to be interoperable across all EU Member States and to meet the assurance and audit requirements of international standards such as ISO/IEC 27566-1 and IEEE 2089.1.
Because the exchange follows a double-blind model — the relying party cannot identify the user, and the issuer cannot see where the proof is being used — issuers do not have visibility of individual transactions. There is therefore no per-use billing model or direct contractual relationship between issuers and relying parties; but this is effectively a government-operated solution so it is expected that European regulators will consider it sufficient to meet legal responsibilities.
There is no fee to the relying party for requesting or verifying an age attribute, although accredited issuers could charge for credential issuance or certification services. As credentials are currently only expected to be issued by government, fees to users are not expected.
For further information: https://ageverification.dev/
OpenAge Initiative from k-ID
The OpenAge Initiative, launched by k-ID, provides an interoperable framework for reusing age assurance results across multiple websites and apps. At the core of the framework is the AgeKey, a privacy-preserving digital credential that lets users prove that they meet an age threshold without revealing their identity.
Users obtain an AgeKey primarily after completing an age assurance process directly on an age-restricted service or with a participating age assurance provider. When a platform or provider performs an age check using any approved method, it may offer the user the option to save the successful result as an AgeKey. Alternatively, AgeKeys can be created on AgeKey.org, where users can complete a verification independently if they wish. Additional issuance pathways, including mobile driver licences and wallets, are planned. AgeKeys are stored locally on the user’s device using passkey-based technology, leveraging the security and seamlessness of a very broadly adopted standard.
When a user already has an AgeKey and chooses to use it on a participating platform, the service requests the required age threshold and any filters it needs to apply to the underlying age signals e.g. method, age-range, issuer. The user then confirms their AgeKey on their device using their usual screen lock through a standard passkey WebAuthn ceremony. A privacy-preserving confirmation is returned stating that the user meets the required age. This yes/no confirmation includes no identity data and cannot be used for tracking or matching one user across multiple services.
The double-blind design ensures that the service cannot see which provider performed the original age check or recognize a returning user, and the provider cannot see where the user later reuses their AgeKey. This prevents any tracking of the user’s activity. Each service chooses which types of AgeKey to accept by applying the appropriate filters. Pricing follows a transparent cost-recovery model.
For further information: https://openageinitiative.org/
AgeAware from euCONSENT ASBL
AgeAware is an interoperability network developed by euCONSENT ASBL, a non-profit association based in Brussels, to allow verified age checks from one provider to be recognised by others in a privacy-preserving way. It was initially conceived with support from the European Commission and further developed with funding from the Safe Online initiative.
When a user completes an age check with a provider participating in the network (or using a method offered by other participating providers), the user can accept an AgeAware token which is signed and verifiable from known trusted issuers that confirms their age status (for example, 18+) without revealing personal information. Other participating providers can accept this token as evidence of age, reducing the need for repeated verification across different platforms and services.
The network operates on a “double-blind” chain of trust: platforms never see the user’s identity, and verification providers do not know which websites or apps are accepting the tokens. Each transaction is cryptographically signed and auditable, but no personal data is shared.
Participation is open to any certified age-assurance provider that meets euCONSENT’s accuracy, interoperability and privacy requirements, derived from international standards and local regulatory requirements. Liability and assurance are managed through euCONSENT’s governance framework and independent certification of members.
Platforms continue to contract with one or more age assurance providers, and the providers pay commission to one another for the re-use of their age checks, with a tallying service supplying the volume data required. Pricing is set through an open and competitive market, completely independent of euCONSENT.
For further information: https://euconsent.eu/interoperability-through-ageaware-from-euconsent/
Summary
Each of the approaches described above offers relative merits for different use-cases. In some situations, digital services will want a clear contractual relationship with every provider of age data on which they rely for legal compliance, conducting due diligence on the processes that confirm age, and backed by warranties and guarantees. In others, an age probably submitted by a parent or guardian may be fit-for-purpose. More than one interoperability solution is likely to emerge as successful, just as there are multiple global networks in the payments industry.
Kids Web Services (KWS) ‘AgeGraph’ from Epic Games
Note This is interoperability from the perspective of relying parties, rather than age assurance providers.
KWS is a parental consent, parent verification, and age verification platform owned by Epic Games. It is designed for developers and platforms to embed into their own user journeys using APIs and SDKs, supporting global compliance where services must treat children differently or obtain verifiable parental consent. KWS provides consent management tooling to capture and manage parental permissions.
KWS includes an interoperability feature called AgeGraph. This is a network of verified parents or guardians where a successful adult verification can be reused across other services that also use KWS, reducing repeated verification. AgeGraph achieves this by storing a hashed representation of the parent’s email address alongside their verified status, so a parent can be recognised (for verification purposes) when the same email address is used again in another KWS-powered flow, without revealing that email address in readable form.
This approach differs from user-held credentials (such as passkey-based age tokens or wallet-based proofs). Instead, it is a platform-mediated reuse model that primarily supports reusability of verified adult status for parents or guardians across participating services, rather than a general-purpose age token that a user can present anywhere.
The graph is populated as follows:
- A service integrates KWS and triggers a parental consent or adult verification flow
• The parent or guardian completes verification using a method enabled by that service, for example payment card, ID document, or another approved method
• During this process, KWS derives a hashed identifier from the parent’s email address
• KWS stores the hashed email together with the outcome of the verification, for example verified adult or verified parent
• No readable email address is stored or shared with relying services
When another service also using KWS initiates a parental verification flow:
- The parent enters the same email address
• KWS hashes it in the same way
• If a matching hash exists in AgeGraph and the prior verification is still valid under policy, the parent can be recognised as already verified
• The service receives a confirmation result from KWS without repeating the full verification process
This page was last updated on 27 November 2025, and relies on the providers of the solutions to validate and update its content.
The AVPA cannot offer legal or compliance advice. Digital Services should seek professional legal advice in each jurisdiction where they are subject to law.