European Commission President Ursula von der Leyen has confirmed that the long-awaited European Age Verification Solution (EAVS) is now ready for public release. Speaking at a press conference in Brussels, von der Leyen described the tool as a “completely anonymous” system that will allow users to prove their age online without revealing their identity or other personal information. The announcement, first reported by Bloomberg, signals the culmination of months of testing and development by EU digital policy teams.
The EAVS is an open-source, cross-platform application that leverages official government-issued identification documents such as passports or national ID cards to verify a user’s age. Instead of transmitting the actual document data to third-party services, the app generates a cryptographic attestation that confirms only the user’s age or age range, thereby preserving anonymity. This approach is designed to satisfy the stringent requirements of the EU’s Digital Services Act (DSA) and the General Data Protection Regulation (GDPR), both of which impose strict rules on data minimization and user consent.
How the App Works
According to technical documents published by the European Commission, the EAVS runs locally on the user’s device. When a user attempts to access an age-restricted website or service—such as social media platforms, online gambling sites, or adult content portals—the app prompts them to present their ID. Using near-field communication (NFC) or a camera to scan the document, the app extracts only the birth date information and performs a local computation to generate a zero-knowledge proof of the user’s age. This proof is then shared with the requesting service, which can verify the attestation without ever seeing the underlying personal data.
“The system is built on principles of privacy by design,” said a senior EU digital policy advisor. “No central database stores user information. The attestation is ephemeral and can only be used once. This ensures that even if a service provider is compromised, they cannot link the attestation back to a specific individual.”
The open-source nature of the project also means that independent security researchers and privacy advocates can audit the code for vulnerabilities or backdoors. The code repository, hosted on a public platform, has already received contributions from several European tech companies and academic institutions.
Regulatory Context and Legal Framework
The launch of the EAVS comes at a time when age verification is becoming a hot-button issue worldwide. In the United States, several states have enacted laws requiring social media platforms and adult websites to verify the age of their users, often through controversial methods such as uploading driver’s licenses or credit card numbers. The EU’s approach stands out because it prioritizes anonymity and data protection while still complying with child safety regulations.
Under the DSA, very large online platforms (VLOPs) are required to assess and mitigate systemic risks, including risks to minors. The EAVS provides a standardized, privacy-preserving mechanism for these platforms to comply with obligations to verify the age of users who attempt to access content that is not suitable for children. Similarly, the Audiovisual Media Services Directive (AVMSD) imposes age verification requirements for video-sharing platforms that host harmful content.
The European Commission has also been working closely with national data protection authorities to ensure that the solution meets all legal requirements. A spokesperson for the European Data Protection Board (EDPB) indicated that the board views the EAVS as a positive step that could serve as a model for other jurisdictions.
Comparison with Existing Systems
Several other age verification systems are already in use or under development. In the United Kingdom, the government has proposed a digital identity framework that includes age verification, but privacy advocates have criticized it for potentially creating a de facto national ID system. In France, a pilot program requires adult websites to verify users through a third-party service that checks a government database, raising concerns about data leakage and surveillance.
The EU’s solution differentiates itself through its decentralized architecture. By processing all data locally and generating only cryptographic proofs, the EAVS minimizes the amount of personal information that leaves the user’s device. This is a major improvement over systems that require users to upload sensitive documents to a central server.
Another key difference is that the EAVS is cross-platform and open-source. It will be available as a mobile app on iOS and Android, as well as a browser extension for desktop users. This ensures wide accessibility regardless of device or operating system.
Implementation Timeline and Adoption
Von der Leyen stated that the app will be available for public download within the next few weeks. However, broad adoption will depend on whether online services choose to integrate with the system. The Commission is expected to issue guidelines that strongly recommend the use of the EAVS for any platform subject to age verification requirements under EU law.
Several major tech companies have already expressed interest in testing the solution during its beta phase. Social media giants, streaming services, and online gaming platforms are among the sectors that could see the most impact. For smaller websites, the open-source nature of the app means that integration costs could be relatively low, as they can use existing libraries and APIs provided by the Commission.
One potential hurdle is the requirement for users to possess a valid EU passport or national ID card. While most adult EU citizens have such documents, transient populations, refugees, and non-EU residents may face challenges. The Commission has acknowledged this issue and is exploring alternative verification methods, such as using digital identity wallets that are being developed under the eIDAS 2.0 regulation.
Privacy and Security Concerns
Despite the app’s anonymity guarantees, some privacy advocates remain cautious. They point out that even anonymized attestations could be used to build behavioral profiles if a service provider tracks the attestations over time. To mitigate this, the EAVS includes a feature that generates a new cryptographic key for each verification request, making it impossible for services to link attestations from the same user.
There are also concerns about the security of the ID scanning process. If the app’s NFC or optical character recognition (OCR) components are exploited, attackers could potentially extract more data than intended. The Commission has assured that the code has undergone rigorous penetration testing and that all data is deleted immediately after processing.
From a legal perspective, the EAVS is designed to be fully compliant with the GDPR’s principles of data minimization, purpose limitation, and storage limitation. The Commission has published a data protection impact assessment (DPIA) that details these safeguards.
Political and Industry Reactions
The announcement has been met with a mix of enthusiasm and skepticism. Digital rights organizations such as EDRi have praised the privacy-first approach but have called for more transparency regarding the specific algorithms and cryptographic methods used. Industry groups representing online platforms have welcomed the standardization but warn that small businesses may still struggle with implementation costs.
Some EU member states have already begun pilot programs using the EAVS. The Netherlands and Estonia, both known for advanced digital governance, have integrated the app into their national digital identity systems. These pilots have reportedly shown high user satisfaction and low error rates in age verification.
Critics on the other side argue that any form of mandatory age verification risks creating a new layer of digital surveillance, even if anonymized. They warn that the system could be expanded in the future to verify other attributes such as nationality, address, or biometric data, effectively transforming it into a digital ID system. The Commission has repeatedly stated that the EAVS is strictly limited to age verification, but opponents remain unconvinced.
Technical Architecture and Open Standards
The EAVS is built on open standards such as W3C Verifiable Credentials and the Decentralized Identifiers (DID) specification. This ensures interoperability with other digital identity systems being developed around the world. The use of zero-knowledge proofs (specifically, the BBS+ signature scheme) allows for selective disclosure—a user can prove they are over 18 without revealing their exact birth date.
The back-end infrastructure consists of a distributed public key directory that enables service providers to verify the authenticity of the attestations. This directory is managed by the European Commission and is designed to be resilient against attacks and outages. The Commission has also published a set of APIs and SDKs for developers to integrate the EAVS into their platforms.
One of the most ambitious aspects of the project is its scalability. According to Commission estimates, the system can handle millions of verification requests per second, making it suitable for use by the largest online platforms in the world.
Impact on Online Services and Users
For end users, the EAVS promises a seamless experience. Once the app is installed and the ID is scanned, subsequent verifications can be completed with a single tap or click. The app stores a local encrypted copy of the user’s age attestation, which can be refreshed periodically. Users can also revoke access to any service at any time.
For online services, the integration is expected to reduce legal risks and improve compliance with EU regulations. Currently, many platforms rely on self-declaration of age or credit card checks, both of which have significant privacy and security flaws. The EAVS offers a standardized, legally robust alternative that could also help reduce the burden of content moderation, as age-restricted content can be more confidently targeted to appropriate audiences.
The gaming industry, in particular, stands to benefit. Many online games require an age check for access to certain features or in-game purchases. The EAVS could streamline this process across multiple platforms, reducing friction for players while ensuring compliance with age-related laws such as the Children’s Online Privacy Protection Act (COPPA) and equivalents in the EU.
In the longer term, the EAVS could become the cornerstone of a broader European digital identity ecosystem. The European Commission has already proposed the European Digital Identity Wallet, which would allow citizens to store and share various attributes securely. The age verification app is seen as a key building block for that wider initiative.
As the date for public release approaches, the Commission is launching a widespread awareness campaign to educate citizens about the app’s benefits and its privacy protections. Information sessions, online tutorials, and partnerships with consumer organizations will help ensure that users understand how the system works and how to use it safely.
The successful deployment of the EAVS will be closely watched by regulators in other parts of the world. If anonymous, privacy-preserving age verification can work at scale in the EU, it could become a global benchmark. For now, the emphasis remains on protecting children and empowering adults to control their own data in an increasingly digital landscape.
Source: The Verge News