Serve Legal aims to fill compliance testing gaps for age estimation, liveness

In biometrics and digital identity verification, accuracy is important. So are fairness, accessibility, security and robustness. For these reasons, perhaps the most important measure is compliance, since standards encompass and codify all of the requirements for biometric systems to remain usable.

Serve Legal, an auditing and compliance provider based in the UK, is among firms helping businesses stay compliant in a world of constantly evolving regulation. The firm recently published a series of comprehensive insights on age assurance debates in the UK, digital identity and gaps in the biometric liveness detection testing landscape – illustrating the breadth of areas in which compliance matters.

Testing helps establish trust as age assurance laws firm up

“In 2025, the alcohol licensing legislation will be updated to allow the use of digital ID for verifying age during alcohol sales,” says Serve Legal’s post on age verification. It notes that there are currently two private UK Digital ID providers, Luciditi and Yoti, that have level 5 accreditation through the Proof of Age Standards Scheme (PASS), granting it the same level of authenticity as a passport or driver’s license.

“This technology offers privacy-preserving methods for proving identity or age and has been approved by the UK Government as a valid proof-of-age solution.”

PASS is intended to boost customer confidence in digital ID, which is crucial for successful implementation. Audits are also part of the trust ecosystem. They help businesses evaluate and enhance their readiness for compliance standards testing, and to assess whether employees understand the rules for accepting digital ID.

At this point, says Serve Legal, legislating age estimation for alcohol sales at retail checkouts is not a priority for the UK government.

“As of December 21, 2024, the Government acknowledged that it has not yet established a framework encompassing all age verification technologies, with Age Estimation tools falling outside the trust framework supported by the Data Bill,” Serve Legal says. “Until the Government supports the use of Age Estimation technology for alcohol purchases it is likely that many retailers will avoid investment.”

The compliance law firm believes that professional testing can help build trust as the sector moves toward legalizing facial age estimation for alcohol sales. “When adopting new systems, Serve Legal encourages businesses to conduct independent audits to ensure the technology meets regulatory standards and performs reliably in their sites.” A partnership with Durham University lends academic backing to its certification service.

Boasting “ethically curated testing frameworks” and “a dataset specifically designed for testing Age Estimation technologies,” Serve Legal says it can evaluate fairness across demographics, detect bias and ensure accuracy in age estimation and liveness detection.

Gap in standardized testing for liveness

Serve Legal is notably committed to liveness detection rather than Presentation Attack Detection (PAD), per se, offering a breakdown of how liveness detection is being used in a rapidly growing number of applications such as banking, government services and retail.

Outlining the differences between passive and active liveness checks, and the semantic differences between passive PAD and passive liveness detection, Serve’s piece argues that there is a gap in standardized testing for liveness.

Because the National Institute of Standards and Technology’s facial biometric tests are facilitated by their access to pre-collected facial image datasets gathered from mugshots and border control, liveness detection falls outside NIST’s core testing capability: “since NIST’s tests are based on datasets of static images, they are not equipped with living test subjects that can perform tests of liveness detection systems,” the post explains.

Serve Legal notes that ISO/IEC 30107-3:2023 provides a PAD testing framework that does cover liveness detection. “Unfortunately,” it says, “the tests available against this standard are reported to exhibit weaknesses that leave the age assurance and digital ID industries requiring more robust, independent, comparable tests of liveness detection systems.”

Current tests, then, are too easy to fool, not consistent enough and not broad enough in how they consider evolving threats. Independently verified metrics allow them to make “risk based assessments about which system will deliver the optimal balance between accuracy and user experience, given the context in which the system will be deployed” – and, critically, the associated running costs.

Article Topics

age verification  |  biometric age estimation  |  biometric liveness detection  |  biometric testing  |  face biometrics  |  passive facial liveness  |  presentation attack detection  |  Serve Legal