Commission releases enhanced second version of the age-verification blueprint

To help online platforms implement a robust, user-friendly and privacy-preserving age verification method, the Commission has developed a common approach in close collaboration with the Member States.

As a result, a blueprint for an EU age-verification app was released in July 2025, serving as a basis for a harmonised approach across Member States. The Commission released a second version of the age verification blueprint, further improving the solution.

This new version allows for the use of passports and identity cards as onboarding methods, in addition to eIDs in order to generate a proof of age. Furthermore, it introduces support for a more user-friendly proof presentation method, the Digital Credentials API, which is increasingly becoming available in modern operating systems and browsers.

The blueprint consists of technical specifications that are aligned with those of the EU Digital Identity Wallets and an open-source implementation of these as a mobile app that can be customised to national contexts.

It can be published as stand-alone app or integrated as age verification functionality in digital identity wallets. Market players can also take up the open-source and free of charge software solution and further develop it.

Protecting minors online from age-inappropriate content

The privacy-preserving age verification app will help to protect minors from being exposed to age-inappropriate and potentially harmful content online. It enables users to easily prove they are over 18 when accessing restricted adult content, such as online pornography, without revealing any personal information, not even their exact age.

It will technically be possible to extend the age verification solution to other age limits, or to other use-cases, such as purchasing alcohol in a shop. Member States can decide to do so when customising it to the national context, or at a later stage.

The age verification solution is designed to meet the highest privacy standards. It prevents identity tracking. The identity of the user is only checked once during the issuance of the proof of age. The proof of age itself does not contain any identity data.

When presented to online service providers, the proof of age only informs that the user is over 18 years, not who the user is or any other personal data like the exact age. Conversely, the trusted proof provider is not informed about online services for which the user presents the 18+ proof. To prevent linkability of transactions, proofs are issued in batches, for one-time use only.

Pilot testing phase

The blueprint is now being thoroughly pilot tested with Member States, online platforms, end-users and other stakeholders.

Denmark, France, Greece, Italy and Spain are the first Member States to take up the technical solution and customise it to their national context. This is done by integrating a compatible age verification functionality into their national digital wallets or by preparing a customised national age verification app for publication in the app stores.

In parallel, pilot testing is taking place with online platforms, including adult content providers. Online platforms that are not involved yet are invited to participate in the pilot and join the testing phase.

End-user testing has also started and is being further expanded with support of EU Safer Internet Centres. At the upcoming Safer Internet Forum (SIF), on 4 December, end-users will have the opportunity to test the age verification app and provide their feedback.

Next steps

This collaborative initiative marks a key step in supporting the implementation of the Digital Services Act (DSA) and promoting a coherent and privacy-preserving approach to age verification across the EU.

Work is ongoing to include zero-knowledge proof technology in a future release before the end of the year. The introduction of this technology will further underscore the commitment to privacy-focused innovation.

While privacy-preserving features cannot be modified, Member States will be able to customise the age verification solution to their national needs, including, for example, branding and translation into the national language(s).

The Commission is offering tailored support to Member States to implement the blueprint in their national age verification solutions. This is done in coordination with national authorities and Digital Services Coordinators. The first customised apps are expected to be published early 2026.

Background

The development of the age verification blueprint and stakeholder support is being carried out by the T-Scy consortium, composed of Scytales AB (Sweden) and T-Systems International GmbH (Germany), under a two-year contract awarded by the Commission in early 2025.

The age verification blueprint supports the effective implementation of the provisions to protect minors online of the Digital Services Act. It fulfils the requirements of a robust and privacy-preserving age verification solution set out in the DSA guidelines on the protection of minors and will provide a compliance example and a reference standard for a device-based method of age verification. The second blueprint was accompanied by a family-friendly version of the DSA guidelines on the protection of minors, as well as the publication of the guidelines in all 24 official EU languages.

The age verification blueprint lays the groundwork for broader deployment of age-appropriate services in the future. It is also referred to as the ‘mini-wallet’, as it is built on the same technical specifications as the forthcoming European Digital Identity Wallets, ensuring long-term compatibility and providing a stepping stone toward the rollout of the European Digital Identity Wallets before the end of 2026.