The age verification industry promotes the development and adoption of international standards as the most effective way to align global regulatory requirements and enable convenient, cost-effective and interoperable online age assurance.
The age assurance sector has adopted ISO/IEC 27566-1 and IEEE 2089.1 as the industry’s global standards, this page explains how these standards complement each other and create a robust foundation for the AV industry. We encourage all our members to become certified against these standards by approved Conformity Assessment Bodies.
International standards set out the requirements for high quality, reliable age checks using a wide-range of methods. Each method or combination of methods delivers a different level of confidence in the result (or “level of [age] assurance” as it is technically termed) so that websites and regulators can consider the appropriate level of check conducted – usually decided in proportion to the risk of harm particular goods, services or content present to children.
These levels are affected by a combination of factors – for example, not only their basic accuracy but also the extent to which we know the evidence used belongs to the user providing it, the ability of the system to prevent fraud such as presentation attacks using a mask or injection attacks with deepfake images, and how recently the check was performed.
We encourage all our members who offer age assurance methods to seek certification against international standards. Audits are conducted against “Schemes” derived from the standards. The only scheme at present is the Age Check Certification Scheme. Audits are conducted by Conformity Assessment Bodies, approved by their national government’s appointed agency as capable of assessing age assurance. The only approved CAB at present is AVID Certification Services Ltd. Other CABs can conduct audits if they are approved, and either develop their own scheme or apply to ACCS to use this existing scheme.
Most regulators have not yet been specific in the level of assurance they expect for particular risks, but we hope these standards will provide a framework for doing so. (A notable exception is the New York Attorney General’s regulations for social media where specific accuracy thresholds are set for age-ranges below 18 – e.g. no more than 15% of 17 year olds should pass a check as a “false positive”
Example: The UK Online Safety Act 2023 requires ‘highly effective age assurance’ for the most harmful online content. We have proposed that this could be defined as: Highly effective age assurance systems must demonstrate that their certified expected outcomes are such that more than 95% of children aged 16 or 17 are prevented from accessing primary priority content, and more than 99% of children under 16 are prevented.
Standards allow for these levels of assurance to be discussed, designed, delivered and required by regulators or laws, all using a common understanding and language so there is less confusion about what is intended.