On 14 July 2025, the Commission released the first version of an EU white-label age-verification blueprint, as a basis for a user-friendly and privacy-preserving age verification method across Member States.
The release of this blueprint launches a pilot phase during which a software solution for age verification will be tested and further customised in collaboration with Member States, online platforms and end-users. Denmark, France, Greece, Italy and Spain will be the first to take up the technical solution in view of taking it up in their national digital wallets or publishing a customised national age verification app on the app stores. Market players can also take up the software solution and further develop it.
In parallel, there will be thorough testing with online platforms, including adult content providers. Online platforms that are not involved yet are invited to participate in the pilot and join the testing phase.
User testing already started end June and will be expanded with support of EU Safer Internet Centres.
This collaborative initiative marks a key step in supporting the implementation of the Digital Services Act (DSA) and promoting a coherent and privacy-preserving approach to age verification across the EU.
The blueprint on age verification provides a method to enable users to prove they are over 18 when accessing restricted adult content, such as online pornography, without revealing any other personal information. It is based on open-source technology and designed to be robust, user-friendly, privacy-preserving and fully interoperable with future European Digital Identity Wallets.
It will technically be possible to extend the age verification solution to other age limits, or to other use-cases, such as purchasing alcohol. Member States can decide to do so when customising it to the national context, or at a later stage.
The EU age verification solution sets a new benchmark for privacy protection in age verification methods. When users will activate the app, once it becomes available at the national level, their age will be verified by the issuer using detailed personal data, like the date of birth. However, online services will only receive a proof that the user is over 18, without any other personal details. The processes of issuance and presentation will be handled by separate entities, ensuring privacy. Moreover, the proof provider will not be informed about the services where the proof is used. Each proof will only be used once, to prevent cross-service tracking.
Additionally, work on the integration of zero-knowledge proofs is ongoing. This will further ensure unlinkable transactions, underscoring a commitment to privacy-focused innovation.
Next steps
During the pilot phase, the age verification solution will be further enhanced with new features. Apart from eID, further updates will include additional options for users to prove they are over 18. The age verification will also be enhanced with the latest technical solutions (zero-knowledge proof) to ensure the highest level of privacy protection.
While privacy-preserving features cannot be modified, Member States will be able to customise the age verification solution to their national needs, including, for example, branding and translation into the national language(s).
The Commission plans to scale the pilot and related support to other Member States, in coordination with national authorities and Digital Services Coordinators.
At a later stage, all Member States will receive tailored implementation strategies that allow them to integrate the solution in their national digital wallets or publish localised apps on the app stores to make them available to end users.
The technical specifications and the open-source age verification blueprint are freely available and can be taken up by market players to deliver age verification solutions that are in line with the requirements referred to in the Guidelines on Article 28 of the DSA.
Background
The development of the age verification blueprint and stakeholder support is being carried out by the T-Scy consortium, composed of Scytales AB (Sweden) and T-Systems International GmbH (Germany), under a two-year contract awarded by the Commission in early 2025.
The age verification initiative will support the effective implementation of the provisions to protect minors online of the Digital Services Act. Article 28(1) of the Digital Services Act requires online platforms accessible to minors to ensure a high level of safety, security and privacy to protect minors online.
It also lays the groundwork for broader deployment of age-appropriate services in the future. It is also referred to as the ‘mini-wallet’, as it is built on the same technical specifications as the forthcoming European Digital Identity Wallets (EUDIW), ensuring long-term compatibility and providing a stepping stone toward the rollout of the EUDIW before the end of 2026.
More information
The EU approach to age verification
Factsheet: Blueprint for an age verification solution to help protect minors online