Until now, the age verification sector has only had one standard, BSI PAS 1296:2018 – “Online age checking. Provision and use of online age check services. Code of Practice” This was a firm foundation for a nascent industry but with technology moving so fast, there is a need to update this.
While it is possible to refresh the PAS, the industry has instead decided to invest in a new international standard. A proposal to create a new ISO, stewarded by BSI, has been submitted and a working group is already in place to develop its content.
But the ISO development lifecycle is a long one, and there is a more immediate need to incorporate the latest developments, not least around age estimation techniques which often use machine learning and artificial intelligence to establish the likely age-range of an online user, into a new standard. We have submitted a proposal for this to IEEE, because it offers a swifter process – potentially as short a 6-9 months – and will be a more practical, detailed standard than is typically required at a global level.
Regionally, the euCONSENT project may also require a standard developed specifically with European needs in mind, so is due to draft an ETSI standard of its own as the basis of AV and parental consent providers being certified to join the new interoperable network.
And we should also mention another IEEE standard, P2089 – Standard for Age Appropriate Digital Services Framework – Based on the 5Rights Principles for Children which is at an advanced stage of development:
- This standard is the first in a family of standards focused on the 5Rights principles, and establishes a framework for developing age appropriate digital services for situations where users are children. The framework centers around the following key areas a) recognition that the user is a child, b) has considered the capacity and upholds the rights of children, c) offers terms appropriate to children, d) presents information in an age appropriate way and e) thereby offers a level of validation for service design decisions. The standard provides a specific impact rating system and evaluation criteria, and sets out how vendors, public institutions and the educational sector can meet the criteria.
We are carefully managing the interplay between these standards to ensure alignment, complementarity and appropriate differentiation of focus. But they all share common goals in terms of age verification – namely to ensure it is done independently, accurately, and in a privacy-preserving and secure manner.
Standards offer a flexible mechanism for keeping regulation current, and through audit and certification processes, encourage and coach services towards compliance, as well as providing clear signals to clients, consumers and regulators of the quality of the checks being supplied by reputable providers. The AVPA encourages all members to work towards certification for relevant standards where this is available and relevant in the markets where they operate. We also encourage regulators to reference standards in their rules and guidance, and suggest that clients specify compliance with appropriate standards in their procurement processes and contracts.