At first sight, the creation of an EU digital wallet may appear to some observers to offer a state-sponsored replacement for the online age verification market. Yet why, those same observers may ask, is the EU already funding a major project to develop the infrastructure require for interoperable age verification and parental consent (www.euCONSENT.eu)? The answer lies in some key distinctions between the two initiatives, but does not preclude the opportunity to leverage some significant synergies through complementary aspects of each exercise.
The “EU digital ID scheme for online transactions” is the successor to the electronic identification and trust services (eIDAS) programme which since its launch in 2018. Half the Member States have an approved scheme, giving access to digital ID for 6 in 10 citizens, but technology waits for no-one, and the move from a system built on central databases to one with distrbuted wallets, was inevitable and welcome.
But the EU ID wallet does not supplant age verification for a number of key reasons.
- eIDAS does not generally offer children a digital identity. There are some member states where young people do obtain eIDAS credentials, but these are the exception. The work of the AV sector is heavily focused on children under 18, so requires a universally accessible solution for all ages.
- While some age-restrictions apply to significant risks of harm where strict age checks are required, many use-cases require a lower level of assurance, perhaps basing the check on estimates made by artifical intelligence. This is of course a lot easier to generate than it will be to create a new EU wallet where the standard of evidenced will be that defined as “high” under existing eIDAS rules.
- The AV Sector is open and compeitive, keeping downward pressure on costs and prices, and ensuring a wide-range of private sector suppliers. It is not, therefore, a government issued ID which some users may be concerned about owning or using in certain situations.
- Indeed, through the privacy by design and data minimisation techniques required in the AV sector, consumers can have more confidence in anonymity
- Another key difference as that the AV technology offers a persistent form of proof to support an uninterupted user experience and minimize friction as they move from site to site. In time, the EU digital wallet could release age attributes in the background to automate the age assurance process, but it is a complex challenge which will not be high on the priority list for eIDAS 2.0.
- Age verification is also a global market, and consumers will demand a global solution so they can use age-restricted functions on the internet regardless of their own or the site’s location.
There are also, however, principles in the plan for the EU wallet which it holds in common with age verification:
- Both are based on a double-blind approach to checks, where the service checking does not know any more personal data than the user wishes to share, and the attribute issuer does not know who is asking.
- Nor does either project permit the creation of records of an individual user’s activity
- And both initiatives are aiming to solve the challenges they address both online and offline, in the physical environment.
The AV sector, not least through the euCONSENT project, will be working closely with the Commission as the plans for the Digital ID Wallet develop but we see these as highly complementary projects which can benefit from one another’s success.