European authorities are advancing mandatory age verification technologies to protect children online, but critics warn these measures risk infringing on privacy, autonomy, and inclusion. The European Commission (EC) promotes an age verification app using cryptographic zero-knowledge proofs designed to keep users’ age information anonymous while confirming eligibility for access to online services, including social media platforms.
The EC’s blueprint app integrates with the upcoming European Digital Identity (EUDI) Wallet, a digital platform planned for release by the end of 2026. The wallet will enable citizens to store various credentials—such as identity documents and certificates—on their smartphones and selectively share verified information with service providers.
Privacy and Security Challenges
While zero-knowledge proofs enhance data confidentiality by avoiding the direct sharing of sensitive personal details like birthdates, experts highlight other privacy risks. As digital identity wallets become widespread, individuals may face frequent requests to disclose various personal attributes to access online or offline services. This normalization of identity verification risks restricting access for those unwilling or unable to provide such proofs.
Critics also point to difficulties in ensuring the authenticity of the proofs presented, a problem known as “user binding.” Some industry voices advocate for biometrically bound credentials to validate that the person presenting a proof is its rightful owner, yet this raises additional privacy concerns due to biometric data processing.
Exclusion and Governance Concerns
The European Digital Rights (EDRi) network and a coalition of over 400 privacy and security researchers caution that age verification schemes may disproportionately exclude vulnerable groups. This includes individuals without official identity documents, those lacking digital literacy, or those who cannot afford or choose not to use smartphones required for digital wallets.
Moreover, the role of governments as central issuers of digital identities prompts questions about trust for communities skeptical of state or corporate identity providers. Legal safeguards embedded in the eIDAS regulation—which sets the framework for EUDI wallets—aim to protect privacy and uphold voluntary use. However, critics highlight that Member States’ varying implementations and additional regulatory proposals, such as anti-money laundering mandates, may undermine these protections.
Impact on Digital Autonomy and Market Control
Implementation of EUDI wallets is already tied to infrastructures controlled by major technology companies like Apple, Google, and Samsung, which raises concerns about reliance on centralized cloud services and potential gatekeeping over digital identity functionalities. For example, certain wallet platforms require internet connections and accounts managed by these corporations, complicating true user control and autonomy.
Despite the EC’s emphasis on decentralization via user-held data on smartphones, the dependence on centralized technical and corporate infrastructures could paradoxically centralize control over digital identity and access.
Why it matters
The EU’s move to enforce age verification across digital services aims to protect minors from harmful content but risks infringing on broader privacy, freedom, and inclusion rights. The balance between safeguarding children online and preserving citizens’ autonomy and equal access to digital spaces remains unresolved.
Experts urge regulators to reconsider the rapid rollout of these trust technologies by addressing security vulnerabilities, potential exclusion of marginalized groups, and governance transparency to avoid unintended social and political consequences.
Sources
This article is based on reporting and publicly available information from the following source:
Read more AI Regulation stories on Goka World News.