BRUSSELS — The European Commission has made public its draft guidelines on protecting minors online under the Digital Services Act, including age verification requirements covering adult sites and platforms.
The Commission is seeking public feedback on the proposed guidelines, which it describes as “a non-exhaustive list of measures” that platforms can implement to protect minors.
The Digital Services Act obliges providers — such as sites and platforms that publish adult content — to implement AV measures beyond simple self-declaration. The new draft guidelines provide a framework that the Commission will use to determine whether providers are in compliance.
The guidance advises that, before considering whether to put in place a specific age verification or estimation method, providers should consider the following features:
- Accuracy: Providers should assess the accuracy of an age verification method against “appropriate metrics,” and periodically review whether the method’s technical accuracy remains state-of-the-art.
- Reliability: For a method to be reliable, it should be available continuously at any time, work in different real-world circumstances, and ensure that any data relied upon as part of the age assurance process comes from a reliable source.
- Robustness: Any method that is easy for minors to circumvent will not be considered robust or effective.
Unlike most AV legislation in the United States, the Commission guidelines also specify “non-intrusiveness” as an important criterion.
“Providers should assess the impact the chosen method will have on recipients' rights and freedoms, including their right to privacy, data protection and freedom of expression,” the draft reads. “A provider should only process the age-related attributes that are strictly necessary for the specific purpose.”
The guidelines state that the Commission considers AV methods that rely on “verified and trusted government-issued IDs” to be effective. In particular, the Commission expects and intends the EU Digital Identity Wallet to become the primary means of digital identification within the European Union. EU member states are currently in the process of rolling out EU Digital Identity Wallets.
To bridge the gap until the EU Digital Identity Wallet becomes available, the Commission is also working on a standalone age verification solution, which it says “will aim to provide a valid example and a benchmark for a device-based method of age verification.” The technical specifications and beta version of that app are available on GitHub.
While providers may use other AV methods, the guidelines require that such methods must constitute “an equivalent level of verification” as the EU's white-label AV app.
The guidelines also indicate that sites and platforms will be responsible for ensuring that any AV method a third party provides is effective, including in cases where solutions are provided by operating systems or device operators.
The draft guidelines are open for final public feedback until June 10. The Commission may then amend the guidelines.
Publication of the final guidelines is expected by this summer.
