Private sector age verification providers aren’t dying – but they do have to change

To date, government age assurance solutions have prompted lively discussion about whether or not they pose a threat to age check providers in the private sector. That framing assumes a binary, us-or-them scenario, in which would-be free age verification strangles out the private sector. But there are realities for age assurance providers that go beyond that narrative. Government initiatives are changing the dynamics of the market.

Case in point is the EU’s white label age verification app, released last month to much fanfare and much skepticism. The European Commission is pushing member states to adopt the app, customize its architecture for their national use case and make it available by the end of 2026. Some countries want to use their own apps. Meanwhile, private providers continue to advocate for a system that already exists and an industry that has begun to build a body of evidence for its effectiveness.

In a new article on LinkedIn, the Age Check Certification Scheme’s Tony Allen argues that, although it might seem cut-and-dried – “if governments are providing a free, privacy-preserving, standardised way to prove age, why would platforms continue to pay third-party providers?” – the EU app need not be a “death blow to commercial age verification providers.” But it does represent a fundamental shift in how providers position themselves in the overall system.

Wallets will change the shape of age assurance

The EU, Allen says “has not removed the need for age verification services. It has changed where the complexity sits and therefore where the value lies.” Rather than a product set up to compete with the private sector, the EU app represents an “architectural shift” in how the world thinks about identity, and aligns with digital transformations happening in parallel with online safety legislation.

Importantly, it establishes an age verification model, rather than one that relies on estimation or inference. “The model is built on digital identity wallets, verifiable credentials and selective disclosure,” Allen says. “Instead of uploading documents or relying on probabilistic estimation, users can present a cryptographically signed proof of age, typically derived from a government-issued credential such as their Person Identification Data (PID).”

“This is a significant departure from today’s ecosystem. It introduces a standardized, privacy-preserving way to prove age that removes the need for many of the techniques current AV providers rely on.”

But if age assurance providers are not performing age verification, what are they doing?

Cue the orchestrators to handle everything but verification

A free, open-source, government-backed app will be attractive for many organizations seeking an age assurance solution. But, Allen says, not everything in the resultant flow will be free.

“What has been commoditized is the verification primitive (i.e. the ability to prove an age-related attribute in a trusted, interoperable way). What has not been commoditized is everything required to make that work in a real product, at scale, across global jurisdictions and without harming user experience.”

For most relying parties, Allen says, “direct integration is far from trivial.” It is not, so to speak, a plug-and-play solution, and the total cost of ownership – engineering effort, UX optimisation, security assurance, regulatory risk, and ongoing maintenance – remains high. “Even with open standards, implementation involves handling wallet detection, managing cross-device journeys, supporting multiple wallet providers across Member States and adapting to evolving specifications.”

Therefore, the argument goes, the EU architecture does not exclude intermediaries. “It simply changes their role.”

Age assurance as a subset of digital identity

In the EU scheme, age verification providers can integrate directly with the white label app and underlying wallet infrastructure. This turns entities that were previously external actors into an integrated decisioning and control orchestration layer between the user (and their wallet), EU verification protocols and the relying party’s application.

Theoretically, providers could take responsibility for orchestrating multiple verification pathways, normalizing outputs into consistent decisions relevant to policymaking, managing failure modes, monitoring for anomalous behavior, and “abstract protocol complexity into stable, developer-friendly interfaces.”

“This is not about replacing the EU mechanism,” Allen says. “It is about wrapping it in a production-ready service layer.”

For providers, it means the ability to combine EU wallet-based verification with other methods,  ensuring coverage when wallets are unavailable or unsuitable, so that the EU app is “one signal among several, orchestrated within a broader age assurance framework.”

In effect, Allen’s argument hinges not on whether the EU app works, but how well. “For relying parties, the relevant question is not simply whether the protocol is secure, but whether the end-to-end experience is robust, resilient and resistant to abuse. This is where an AV provider layer adds further value. By sitting between the relying party and the underlying infrastructure, providers can monitor flows, detect anomalies, introduce fraud controls and respond quickly to emerging threats or vulnerabilities.”

Again, this may seem to suggest a full pivot for age assurance providers. But many already operate verticals in identity security and fraud prevention, under the larger blanket of digital identity. In truth, it points to a larger digital ecosystem in which age checks are tied to digital ID, rather than a bespoke service that exists outside of the total identity framework.

EU app not fully up to snuff on ISO/IEC 27566

Tony Allen is the chief torchbearer for ISO/IEC 27566, the international standard he helped draft and shepherd to publication. Here he notes that the standard’s scope goes beyond mere verification to consider functionality, privacy, security, performance and user acceptability.

“The EU wallet-based approach addresses part of this (particularly around trusted credentials and privacy-preserving disclosure),” Allen says – “but it does not, on its own, constitute a full age assurance system as described in ISO/IEC 27566.

To implement a compliant and effective age verification product that meets the standard, “there is still substantial work and value above the protocol layer.”

That said, Allen acknowledges that the industry is seeing “a reconfiguration of the value chain.”  Age verification providers don’t disappear. But they move away from owning proprietary verification methods, and pivot from performing verification to orchestrating it.

Thus, Allen says, “they no longer act as the primary source of truth, but instead become the layer that makes multiple sources of truth usable, reliable and secure in practice. Instead of asking ‘can we verify this user’s age?’, the problem becomes: ‘how do we reliably obtain, validate and operationalise an age signal across a fragmented, probabilistic and evolving ecosystem?’”

‘Not the end of paid age verification services in Europe, but their evolution’

In the big picture, it is a major conceptual shift, but not one that will require operational overhaul. In the transformed market, providers now “must compete on their ability to reduce complexity, minimize friction, ensure security and operate across a fragmented global landscape.”

They are “no longer defined by how they verify age, but by how effectively they operationalize trust across an increasingly complex age assurance landscape.”

“The companies that recognise this shift early (towards orchestration, integration, certification and assurance) are likely to define the next phase of the market.”

Article Topics

age assurance standard  |  Age Check Certification Scheme (ACCS)  |  age verification  |  biometrics  |  digital identity  |  EU age verification  |  identity orchestration  |  ISO/IEC 27566