Digital gates to adulthood: how Europe checks your online age

New rules to protect children online reveal not only Europe’s growing ambition in digital safety but also the deep differences between countries when it comes to age checks. Where does protection end – and surveillance begin?

4 min read · 22 Sep 2025

Michalina Szpyrka ·

Europe’s push for online safety

Across Europe, governments are stepping up efforts to shield children from harmful online content by introducing different ways to verify users’ ages. The common goal is clear: stop underage users from accessing pornography and other inappropriate material. But the methods vary widely – from legal tools to high-tech solutions.

The European Commission has presented a prototype framework for EU-wide age verification. It’s meant to guide national systems and offers multiple options – from traditional ID scans to advanced digital identity systems.

Meanwhile, the UK has gone further with its Online Safety Act, which forces platforms that host pornography to introduce strict age checks. The UK regulator Ofcom has even specified which methods are acceptable. In contrast, the EU’s approach is more flexible – leaving Member States free to choose how far to go.

ID cards, eID apps, and national solutions

One of the most common methods in Europe is ID-based verification. Users upload a scan of their passport or ID card to prove they’re over 18. It works – but it also raises concerns about data security and leaks.

Digital identity systems (eID) are becoming another option. These rely on apps or logins already used for public services. Spain has its Cl@ve system, France uses state-based protocols, and in Greece there’s even a dedicated “Kids Wallet” app.

The Greek model is unique: parents log in through the national TaxiNet system, select their child’s profile, and the app confirms the child’s age using civil registry data. But this raises questions: could such solutions create digital inequalities, excluding families with fewer digital skills or access?

Biometrics: tempting but controversial

Perhaps the most futuristic – and controversial – solution is AI-based facial age estimation. This method is not part of the EU prototype, but Ofcom in the UK has approved it.

The British company Yoti, a leader in identity tech, has been working with Meta’s Instagram since 2022 to test users’ ages with selfies. Over 850 million checks have already been done, and the company insists that photos are deleted right after analysis.

But the problems are obvious: cultural, genetic, or physical differences can distort the results, making them inaccurate. And from a legal standpoint, the use of biometrics clashes with privacy rules. Can facial scans really be compatible with the EU’s strict data protection law (GDPR)?

Banks and telecoms step in

Another popular approach uses services people already rely on: online banking and telecom providers.

In the UK, Ofcom allows verification through bank login or credit card use – both of which prove adulthood.
The European Commission has suggested borrowing from banking standards like KYC (Know Your Customer), which banks already apply to verify clients.
Telecom companies can also help: when issuing SIM cards, operators already check age. In theory, this system could be extended to online platforms.

Some ideas even include linking age checks to email accounts associated with financial or public services. But is such an assumption enough to guarantee real protection?

Can the EU keep up?

Despite all these efforts, Europe’s age-check landscape remains fragmented and inconsistent. The EU’s prototype is a step toward harmonisation, but national governments are still pursuing their own paths.

Unlike the UK, which has gone all-in with strict, enforceable obligations, the EU continues to balance flexibility with effectiveness. This leaves uncertainty: which methods are recommended, which are just allowed, and which might actually break EU privacy law?

And then comes the big question: should protecting children online really require such deep intrusions into personal privacy? Do kids need to be identified like bank customers just to browse the internet?

Between protection and control

The line between protection and control is becoming increasingly blurred. Should digital safety mean stricter surveillance? Or can Europe find a middle ground that keeps kids safe without treating every user as a potential suspect?

One thing is certain: the future of online adulthood is already being shaped – by algorithms, laws, and yes, even selfie cameras. And the cost of getting it wrong may be far greater than just losing access to content.

Written by

Michalina Szpyrka

0 Follower · 13 Followers

Shape the conversation

Do you have anything to add to this story? Any ideas for interviews or angles we should explore? Let us know if you’d like to write a follow-up, a counterpoint, or share a similar story.

Write a counterargument article Write a related article