The AVPA is a member of euCONSENT ASBL, a Belgium non-profit set up to take forward the work of the euCONSENT project which, with EU funding, made the first attempt to create interoperability for age verification and parental consent processes.
euCONSENT has just published the specification for a new generation of this solution, AgeAware®. This is a substantially upgraded version of the we first developed, and is in effect the age assurance industry’s collective proposal to address all the latest requirements for online age assurance.
The document, which is being released in the form of a public consultation, explains our plan to upgrade the approach to a tokenized solution, adapting to new demands from regulators for better technical guarantees of privacy and delivering a hybrid solution which balances the convenience of a device-based solution with the ongoing need to confirm the age of a particular user, not just a particular device, and to do so through a commercially sustainable open and competitive market for standards-based, certified age assurance services.
Key features of the AgeAware approach are:
- Double-blind anonymity – it is impossible for the user’s identity to become known to the websites or apps they visit, and it is impossible for the age assurance provider to track which sites or apps a user visits.
- Device-based – for the agreed period of validity, AgeAware® tokens are stored on a user’s device so they can be reused across multiple apps and websites.
- Bound to the user not the device – regular authentication can be triggered to confirm the user of the device is still the same person to who the token was issued, rather than indefinitely labelling the device itself as that of either an adult or a child.
- Compatible with the European Digital Wallet – tokens can be created from the PID held in the wallet, for those who have access to this authoritative source of age attributes
- Proportionate – AgeAware® tokens indicate the level of assurance obtained when they were issued so appropriately accurate and reliable checks can be required for each use-case.
- Accessible and inclusive – by giving user’s a wide range of choice about which method of age assurance to use, the maximum number of users should be able to secure an age check that can be used repeatedly without the need for specific evidence or frequent assistance.
- Commercially sustainable – by tallying how often each site or app uses a token from each age assurance provider, each provider can charge relying parties for its services.
- Cost-effective – by enabling the re-usability and interoperability of a single age check, the cost of assuring a user’s age can be defrayed across multiple apps and websites.
- Secure – there is no need for age assurance providers to retain any personally identifiable information centrally, minimising the risk of data breaches.
- Audited and certified – to become part of the AgeAware® ecosystem, each age assurance provider must be audited and certified to international standards for data protection, data security, accuracy and robustness.
We are now beginning work to develop the AgeAware® ecosystem to deliver it as a proof of concept into live operation before the end of the year across three age assurance providers who are also members of euCONSENT, thanks to funding from Safe Online. The network will then be open to other audited and certifed age assurance providers in 2025.
Loading...
Reload document 
Open in new tab Responses to the consultation should be sent to secgen@euCONSENT.eu by the end of September 2024
