Age verification is rising and euConsent wants to be a global solution
As countries such as the UK, the U.S. and Australia have been introducing or considering age verification regulation, the European Union has been building a project with ambitions to spread across the world.
euConsent is a non-profit and non-governmental organization behind the project to create an age verification and parental consent solution that would keep minors from restricted online content and products.
The organization recently completed its first phase, a European Commission-funded, €1.4 million (US$1.5 million) pilot project delivered by a consortium of 10 partners. The pilot included some 2000 children and adults across five European countries.
“Our goal in the future is to have euConsent be a global solution that can be used across the world and not only in Europe,” says Kostas Flokos, CEO of UpcoMinds and euConsent Project Coordinator. Flokos discussed the project with stakeholders at euConsent’s conference held on Tuesday in Athens.
The project may already be on its way to this goal. The United Nations’ End Violence Against Children fund pledged to support the initial stages with a grant, euConsent Secretary General Iain Corby said during the conference.
“It’s a relatively new technology and in perhaps just five years, it’s really gone from a standing start to a sophisticated global industry meeting international standards,” says Corby.
But first, euConsent will need to see widespread adoption and for that interoperability is key.
Standards as the backbone
The concept allows users to log in or check their age just one time. From then on, the system on the back-end allows the user to seamlessly move from one system to another, similar to what Google does when using its applications. The result is that users do not need to log in over and over again, explains Flokos.
“It’s an interoperable solution that allows competition to thrive,” he says.
Interoperability is not possible without standards. During the first phase, the organization completed three standards within the eIDAS framework and the ETSI standardization template, says Tony Allen, CEO of the Age Check Certification Scheme which is one of several certified accreditation bodies for age check systems in the UK. The standards covered age verification, parental consent and the certification process for both.
The International Standards Organization is also working on ISO/IEC 27566, which is to become the international standard for age assurance. euConsent’s next task is to explore how those standards can be put into actual real practice.
“The way forward with this is through not just European standards, but actually international standards to make this globally interoperable,” says Allen.
Challenges and risks ahead
To move forward, euConsent will not only have to make its solution easy to use but to also make age restrictions acceptable. With age verification, there is a risk of ending up with a two-tier internet, one for adults and one for children with less rich experiences and engaging content, says Allen. Parents should be able to feel confident in the standards and framework to enable permissive content for their children.
“The framework and tall rather dull and boring technical stuff that goes behind the scenes is what builds that confidence,” he says.
euConsent interviewed hundreds of children across Europe, as well as parents, age verification providers, eIDAS nodes and IT service providers. The pilot delivered a prototype that scored more than 85 percent on a user satisfaction scale, says Flokos.
“We started with resistance from the stakeholders, it’s clear that almost nobody believed we could achieve what we achieved during this project,” says Flokos.
It is difficult to estimate, however, when the euConsent will be ready, according to Flokos. While phase one has proved that the prototype works, phase two should get it ready for production, while phase three will include upgrading the system to a new technology.
While the first phase was completed as a consortium the next level of euConsent will have to be non-commercial. This transformation was completed in May to ensure participants are not put at a disadvantage. But it also means that euConsent will have to rely on EU member states and foundations with the current goal of raising €2.5 million ($2.7 million).
“We need funding in order to continue the work,” says Flokos.
Meanwhile, age verification companies are pitching their vision on how age checks should be performed.
Age verification solutions multiply
Some companies such as AgeChecked offer multiple solutions for checking age, including cross-checking identity documents with government databases that include a liveness test.
Companies are also working on solutions that don’t require government IDs. AGEify complements its age checking with an option to obtain a referral from two to three adults which vouch for another individual. VerifyMy uses a multi-method age assurance product that includes the Age assurance with an authenticated email address.
“If we mandate only methods where people need identity documents we again risk making the problem worse,” says Andy Lulham, Chief Operations Officer at VerifyMy. “Adoption rates will be low, drop-off rates will be high and age assurance will not be commercially viable.”
Yoti relies on facial detection and analysis to provide biometric age estimation. Unlike facial recognition, the algorithms estimate the age of the user without cross-checking the data against identity databases. The image of the user is instantly deleted, says Julie Dawson, Yoti’s chief policy and regulatory officer.
What the euConsent project doesn’t want is concentrating data into the hands of a small number of large global companies. A solution such as this may be easier for users but comes with the risk of concentrating people’s digital footprints in the hands of powerful people, says Allen.
“Having market solutions for how you do age verification and age assurance helps to ensure that concentration is dissipated,” he adds.