17.2 Age verification and age assurance
What changed in 2025
For most of the internet's history, accessing age-restricted content in the UK relied on self-declaration: a button that asked whether you were over 18 and took your word for it. That changed in July 2025, when the child-safety duties of the Online Safety Act came into force and required services hosting pornography, and certain other content judged harmful to children, to use what the law calls "highly effective age assurance". Self-declaration was explicitly ruled out. From that point, a real check — one that actually attempts to confirm your age — became mandatory for a growing list of sites accessed from the UK.
The shift was abrupt and widely felt. Major adult sites, social platforms with adult content, and a range of other services rolled out age gates within days of each other. For many people it was the first time the abstract idea of online regulation produced a concrete, personal demand: to continue doing something they had done freely the week before, they now had to upload a passport, scan their face, or route their identity through a verification company they had never heard of. The principle of protecting children from pornography commands wide support; the method by which it has been implemented is where the privacy problems begin.
How age checks actually work
The phrase "age assurance" covers several different techniques, with very different privacy characteristics. Understanding which is which is the first step to limiting your exposure, because some methods reveal far more than others and you sometimes have a choice between them.
Document verification
The most thorough — and most revealing — method is document verification, where you photograph an identity document such as a passport or driving licence, often alongside a "liveness" check that films your face to confirm the document is yours. This does not merely establish that you are over 18; it establishes exactly who you are, your full name, your date of birth, your document number, and frequently your address. It is age verification in name but identity verification in substance, and it produces a highly sensitive record linking a real, documented person to the specific site they were trying to access.
Facial age estimation
A less identifying method is facial age estimation, where a camera captures your face and software estimates your age from your appearance, returning only a "likely over 18" or "likely under 18" result rather than your identity. In principle this is more privacy-preserving, because it need not retain a name or a document. In practice, much depends on whether the image is genuinely processed and discarded on the spot or sent to and stored by a third party, how accurate the estimate is near the threshold, and whether the provider quietly keeps data for "model improvement". Estimation is also imperfect, so providers tend to set the bar a few years above 18 to avoid letting children through, which means many adults are wrongly rejected and pushed towards document checks instead.
Other methods
Other approaches include credit-card checks, mobile-network age confirmation, checks against banking or credit-reference data, and "reusable" digital identity wallets that you verify once and then present repeatedly. Each carries its own trade-offs. Card and bank-based checks tie your viewing to your financial identity. Reusable wallets reduce repeated document uploads but create a single, persistent record of an identity that is presented again and again, potentially building a profile of every gated service you visit. None of these methods is free of privacy cost; the question is only which costs you prefer to bear.
The privacy problem
The central concern is not the principle of keeping children away from pornography but the data trail the chosen methods create. Age checks generate exactly the kind of record that should never exist: a link between a verified real-world identity and a specific, sensitive, and often intimate online activity. Even when a provider promises to delete data immediately, you are trusting that promise, the provider's security, and the provider's resistance to future legal demands. The history of data breaches is not reassuring. A breach of a verification provider, or of a site that retained verification data, could expose precisely the information people most want kept private — and such breaches have already occurred.
There is also the problem of aggregation, the theme that runs through 1.3 and the whole of Chapter 1. A single age check is one record. But as more services adopt age assurance, and as reusable identity wallets spread, the same identity is presented across many contexts, and the potential grows for a joined-up picture of what a named individual reads, watches, and does. The danger is not any one disclosure but the slow construction of a comprehensive, identity-linked record of private behaviour, held across a patchwork of companies with varying competence and varying willingness to resist disclosure.
Finally, there is the chilling effect. People behave differently when they believe their private reading and viewing can be tied to their name. Lawful curiosity about sensitive subjects — sexuality, health, addiction, politics, religion — is exactly the kind of activity people will avoid if accessing it requires identifying themselves. That self-censorship is a real cost, borne disproportionately by the vulnerable, and it is rarely counted when these systems are assessed.
Scope creep: from adult sites to everything
The most important thing to watch is not where age assurance started but where it is going. The infrastructure built to keep children away from pornography is general-purpose: it can gate any content from any audience. Once the legal principle that access can be conditioned on a verified age is established, and once the technical machinery is widely deployed and the public is habituated to it, extending it is a matter of policy rather than engineering. Proposals to apply age checks to social media as a whole (discussed in 17.6), to app stores, and to other categories of content follow naturally from this foundation.
This is the pattern to recognise across the whole chapter: a measure is introduced for a narrow, sympathetic purpose, the infrastructure is built, and the scope then expands because the hard part — building the system and normalising it — is already done. Watching for this is not cynicism; it is simply paying attention to how such systems have historically evolved. The reasonable response is to support narrow, genuinely protective measures while resisting the open-ended attachment of identity to ordinary online activity.
Reducing what you expose
Where an age check is legally required, this guide does not advise breaking the law. It does advise minimising what you reveal within the rules. Several practical steps follow. Prefer age-estimation methods over full document upload where a service offers a choice, since estimation can reveal less. Favour providers and services that clearly state they do not retain data and that have been independently assessed, and be wary of those whose policies are vague. Avoid linking age checks to your main email address or to accounts that already identify you, in line with the compartmentalisation principles in Chapter 8.
A VPN, which makes your connection appear to originate outside the UK, will cause many UK-specific age gates not to be shown at all, because the check is triggered by your apparent location. This is lawful for an adult in the UK and is one reason VPN use rose sharply when age checks arrived; the implications, and the political reaction, are covered in 17.4 and the general capabilities and limits of VPNs in 5.2. Whatever method you use, treat any identity or biometric data you are asked to hand over as sensitive, hand over as little as the system genuinely requires, and remember that the most private data is the data you never disclosed in the first place. The consolidated checklist is in 17.7.