For age assurance sector facing quantum shift, privacy-by-design is key: Allen

The question of how to implement highly effective age assurance is complicated enough on its own, as current cultural and political discussions demonstrate. The world is currently adjusting its posture toward the internet, making the first major policy moves to ensure the worst material online is harder for kids to access. There are growing pains, as nations, platforms and providers wrestle with the right model.

But there’s another shift coming that could add another layer of complexity over top of it all. So says Tony Allen, organizer of the Global Age Assurance Standards Summit 2026, in a new essay that looks at “the potentially transformative rise of quantum computing.”

The question of what quantum capabilities will do to encryption has already become urgent in the biometrics and digital identity sector. But, Allen says, “quantum capability will inevitably intersect with digital trust systems across the internet including age assurance.”

But rather than presenting a threat, “the transition to a post-quantum world could reinforce and enhance many of the privacy-preserving principles that the age assurance sector is already embracing.” The question, then, is how to design online age assurance systems today that will be able to weather the turbulence.

Design now for post-quantum world

Currently, the post-quantum forecast calls for major disruption to classical public-key cryptography such as RSA or elliptic curve cryptography, which will be no match for the speed at which quantum computers can solve problems. There’s no certainty on when this event could happen, but general opinion in tech circles is that it is closer than previously believed.

The cryptography at risk is used in digital signatures, secure communication channels protecting verification data, cryptographic tokens enabling reusable age proofs and privacy-preserving proofs that confirm eligibility without revealing any identity data.

“For age assurance providers building systems today,” Allen says, “the key question is not whether quantum computing will matter but how cryptographically agile their systems are when that transition arrives.”

The less you know, the better

What won’t change for age assurance is the fundamental goal: determining whether or not an individual is old enough to access age-restricted content. In fact, says Allen, the threat of “harvest now, decrypt later” schemes, which bank encrypted data in hopes that quantum computing will eventually enable decryption, makes it all the more important that age assurance systems hew to the data minimization principle.

In short, “do not collect or retain data that you do not need.” Any bit of stored data is a potential risk. And since the goal of age assurance is not to identify individuals, but rather to give the simplest possible answer to the question of age-related eligibility, age assurance providers are best served by aiming for the core objective: “attribute verification with minimal data disclosure.”

“Age assurance solutions that minimise data storage avoiding long-term retention of identity documents, biometric images or verification artefacts are inherently more resilient” to the quantum threat, Allen says.

“If sensitive information is never stored in the first place, there is nothing to harvest and decrypt later.”

‘Good privacy engineering today is good quantum-era security design’

Luckily, the principles of data minimization, selective disclosure and privacy-by-design are already part of the infrastructure of many age assurance systems. As such, the industry is not simply well-positioned against quantum risk. It may even benefit from it.

Allen notes that “many of the most promising age assurance approaches rely on techniques designed to minimise data disclosure. Zero-knowledge proofs, secure multi-party computation, advanced biometric processing and privacy-preserving device attestations are all rooted in the idea that navigating a regulated internet doesn’t have to mean surrendering privacy. A pressing need driven by quantum fears could accelerate innovation and development.

The sector is already exploring new approaches such as ephemeral verification processes, or reusable age tokens that reveal only an age attribute.

“The long-term vision for age assurance is increasingly clear,” Allen says. “Systems that allow users to prove they meet an age requirement without repeatedly exposing documents, identities or sensitive biometric data will be more resilient to future threat.”

Enter quantum deepfakes

The threats, meanwhile, will also evolve as quantum tech opens up new possibilities. “As computational capabilities continue to grow through more powerful hardware, distributed infrastructure and potentially hybrid quantum-classical systems, the scale and sophistication of synthetic content will increase,” Allen says. “This matters for age assurance systems that rely on biometric signals, particularly facial age estimation, biometric facial comparison or liveness detection.”

These technologies will have to evolve in tandem, toward “multi-signal trust anchors, combining biometric signals with device integrity, behavioural indicators and cryptographic attestations.”

Age assurance systems, Allen says, “will increasingly resemble adaptive trust systems, capable of assessing multiple indicators rather than relying on any single check.”

Standards anchor digital documents

Standards will also play a role in the quantum future, particularly as applied to document verification and credentials.

“Emerging standards such as mobile driving licences (mDLs) and mobile documents (mDocs) (including specifications like ISO/IEC 18013) allow users to present cryptographically signed attributes directly from a device,” Allen says. “For age assurance systems, these developments represent an important opportunity. Standards-based digital documents could become one of several reliable sources for deriving an age attribute, while allowing the underlying credential to remain under the control of the user.

But both physical document verification systems and mobile credential standards will need to transition toward post-quantum signature schemes, given the potential threat to classical encryption.

“For age assurance providers, the priority is therefore not a specific document format, but cryptographic agility. Verification pipelines should be capable of adapting as global identity and credential standards evolve whether that involves passports, mDLs, mDocs, or future digital credential formats. Thus ensuring that age attributes derived from these sources remain trustworthy in a post-quantum world.”

The perfect age assurance system

The age assurance system of the future, then, has a few key features. It accesses and stores as little data as possible. It has built-in cryptographic agility and post-quantum readiness.  It relies on layered trust signals rather than single points of verification. And it fundamentally operates as attribute verification instead of identity disclosure.

The quantum future is still somewhat hazy, but the proliferation and standardization of age assurance technology is happening now. Allen says “this creates an important opportunity: the systems being designed today can be built with quantum-resilient principles in mind,” reinforcing a design philosophy that the age assurance sector is already moving toward.

Allen, who also runs the Age Check Certification Scheme, says the organization will be launching collaborative research initiatives to explore the intersection of quantum computing, cryptography and age assurance. He is calling on those interested in collaborating to get in touch.

Namirial: ‘first practical demonstration of quantum computing applied to digital security’

Namirial is among companies already preparing for a post-quantum future. A blog from the company says it has “carried out the first practical demonstration of quantum computing applied to digital security by performing the factorization of an RSA key (the type of keys that underpin today’s digital communication protection systems) on an operational quantum computer.”

“This represents the first concrete demonstration of its kind in the digital trust sector, capable of showing the real-world impact of quantum technologies on the cryptographic mechanisms currently in use.”

The experiment, says the Italian company, “confirms the need to begin adopting quantum-resistant digital signatures based on NIST standards now, and further strengthens Namirial’s role as a European reference player at the intersection of digital security, international standards, and emerging technologies.”

Details of the experiment and its results are available via a new Namirial education portal dedicated to post-quantum security, designed as a reference point for the professional, scientific and institutional community.

Article Topics

Age Check Certification Scheme (ACCS)  |  age verification  |  biometric age estimation  |  biometrics  |  digital ID  |  post-quantum cryptography  |  privacy by design  |  reusable digital ID