Relying parties next up to advance age assurance: Summit Communique

Global regulators are now equipped with the tools and resources to set age assurance rules for their jurisdictions that draw on standards for trust and competitive market innovation.

This is the key take-away from the draft Communique wrapping up the findings of the Global Age Assurance Standards Summit 2025.

The Summit is organized by the Age Check Certification Scheme (ACCS), and ran from Tuesday to Thursday in Amsterdam. The Communique builds on the one issued at the end of last year’s Summit, and ACCS CEO Tony Allen says it is an evolving document.

The Communique emphasizes the significant change in the state of play for age assurance over the past year, as well as the relation between global standards and local regulation. The headline takeaway from the inaugural Summit last year in Manchester, UK, was that age assurance had reached sufficient market maturity to be effective.

Allen presents the purpose of the Communique as a product of the discussions that can function as a resource for planning and prioritization in the year ahead, ensuring the Summit “isn’t just a talking shop.”

“The standards are very difficult to digest,” he explained in a sideline interview with Biometric Update at the Summit’s conclusion. “The Communique is a means by which we can communicate the status of age assurance.”

“Last year was very much about ‘what is age assurance and can it be done.’ This year is very much about ‘how can these standards help local regulators get regulations to work well.’”

Now it is up to those regulators to refer to the standards, he says, and have confidence in them. Regulations that refer to the standards “enables the marketplace to give you solutions, and enables creativity and innovation,” rather than being overly prescriptive.

Standards support competition, continuous improvement and private sector investment. It also helps with trust, in a market where end-users are concerned about privacy. Allen also points out that digital businesses, including developers of biometric age estimation and other age assurance technologies, have themselves become averse to holding data, due to the expense and compliance risk it carries.

Building on last year’s findings

The 2025 Summit Communique states that age assurance can be valuable as part of a complete set of measures for protecting children in the digital world. Global standards can help regulation at the local level work well. Those making eligibility decisions based on age can benefit from implementing international standards, and legislators and regulators can help by setting the legal frameworks and enforcement procedures to operationalize policy based on those standards. The fundamental rights of children and the online freedom on anonymity of adults can be enhanced with age assurance.

The preamble notes the wealth of resources from which to draw principles and guidance, from the General comment No. 25 (2021) of the UN Committee on the Rights of the Child to the CEN CENELEC specification on age appropriate design, and the EU AI Act to the Digital Services Act. It also notes ongoing concern with the availability of online experiences that are incompatible with the established principles, rights and laws, and challenges created by developments like synthetic data.

ISO/IEC 27566 is acknowledged in the Communique, and was worked on at the conference. A new draft is expected of Part 3: Comparison or Analysis as soon as next week. IEEE 2089.1-2024 gets a shout-out as well, after ACCS partnered with IEEE to work on a certification program to go with the standard.

Enter the Global South, and a working group for certification framework

The Summit Communique makes eight calls to action. It reiterates calls to support the voluntary adoption of the relevant standards.

Age assurance systems should embed privacy-by-design principles, and leverage approaches like zero-knowledge proofs (ZKPs) and decentralized identity to comply while protecting user data.

Mutual recognition frameworks need to be developed and supported to reduce regulatory fragmentation and streamline compliance.

The affordability and accessibility of age assurance technologies, including in the Global South, is highlighted in the calls to action, reflecting the increased presence at this year’s Summit from countries like Brazil and Nigeria. The community can do this “by supporting and integrating mobile-based verification,” as well as national ID systems and “alternative verification models.” As was noted in multiple sessions during the event, several large nations in the Global South have very large populations of children, and in them mobile devices are the “principle or only means of connecting to the internet.”

Online platforms and digital service providers are urged to put age assurance measures in place which are robust and transparent, but also independently certified. “Governments should incentivize compliance through clear regulations, standardization, and recognition of best-practice providers.”

Research into age assurance systems based on AI, biometrics and behavior analysis needs to advance, but in alignment with global frameworks for ethics and accountability to prevent bias.

The Communique also calls for the formation of a multilateral working group to work on international collaboration and “ensure that policies evolve to address new technological and societal challenges.” The same group should also develop an age assurance certification framework.

Finally, the community should maintain its focus on the goal, or in other words: “decide to remain seized of the matter.”

New standards and principles

A section on international age assurance standards notes that they are based on existing and emerging good practice and initiatives, and also there is not a common best answer for all situations. Age assurance can neither be applied in a uniform way across the range of online and offline interactions which are expected to be different for children, nor in isolation or as a substitute for other measures.

A new principle was added this year, relating to standards-based interoperability. At this point, Allen suggests, the internet has a patchwork of “isolated excellent systems.” Aligning interfaces and making the systems interoperable can help those systems proliferate and provide the experiences users expect.

It is the complex standards regime that sits behind the global payment system that makes Visa and Mastercard work consistently across different countries and types of transactions, Allen says. Airport technology ecosystems are another example of the same principle, but with more companies involved (some of which are contributing biometrics).

Another important aspect of the trust that comes from standards-based regimes is that it applies to the technology providers as well, Allen notes. The interplay between providers of different elements of complete age assurance systems was raised repeatedly during the Summit.

The five principles endorsed by the Communique and the three guidelines under each are otherwise similar to last year, emphasizing privacy-preserving design, risk-based and proportional implementation, inclusion and accessibility, and transparency and accountability. Last year’s principles cooperation and participation in place of inclusion and accessibility. Data minimization is replaced with the broader privacy preservation by design, and moves down into the guidelines under that principle.

By next years Global Age Assurance Standards Summit, Part 1 of the ISO 27566 standard will be finalized, Allen believes, and the focus will turn to relying parties, and less on governments and regulators. “The government have done their bit; they can pass the regulations they need to do it. It’s not down to how and who’s responsible for implementing it.”

Article Topics

age assurance standard  |  Age Assurance Standards Summit (2025)  |  Age Check Certification Scheme (ACCS)  |  age verification  |  IEEE 2089.1-2024  |  ISO/IEC 27566  |  standards