National rules are tightening for platforms that serve minors or restrict access by age. In 2026, requirements still differ sharply by region.
Regulatory milestones
- 2023 · UK
UK Online Safety Act passed
- Jul 2025 · UK
UK OSA in force; Ofcom age assurance guidance
- 2025 · EU
EU age verification blueprint; DSA enforcement
- Apr 2026 · UK
UK: Major platforms demonstrate age restrictions
- Mar 2026 · AU
Australia Age-Restricted Material Codes in effect
- 2026–2027 · EU
EU Digital Identity Wallet (eIDAS 2.0) rollout
UK: Online Safety Act (in force since July 2025)
UK: Online Safety Act. In force from July 2025, the Act requires "highly effective" age assurance for services exposing under-18s to harmful content. Ofcom considers compliant methods to include: photo ID matching, facial age estimation, Open Banking checks, digital identity services, and mobile network operator checks. Self-declaration alone is not sufficient. Fines and investigations are already active.
At a glance by region
Online Safety Act
Highly effective age assurance; Ofcom guidance; fines and investigations active.
DSA + blueprint
Privacy-preserving proof of age; eIDAS 2.0 wallet; up to 6% turnover penalties.
State-by-state
No single federal law; FTC COPPA signals; many states advancing age checks.
2026 Codes
Social media, chatbots, app stores; robust verification; high penalties.
EU: DSA and the age verification blueprint
EU: DSA and age verification blueprint. The Digital Services Act obliges platforms to protect minors and implement age verification where needed. The European Commission’s age verification blueprint (2025) promotes privacy-preserving proof of age (e.g. proving "over 18" without disclosing birth date) and aligns with the upcoming EU Digital Identity Wallet (eIDAS 2.0). Member States are piloting the approach.
US: A patchwork of state laws
US: State-by-state. Roughly half of US states have passed or are advancing laws that require age checks for social media, gaming, or adult content. Methods and strictness vary. The FTC has signalled support for certain age-verification technologies under COPPA, subject to accuracy, security, and data-minimisation conditions. Some state laws have faced First Amendment challenges.
Australia: Age-Restricted Material Codes (March 2026)
Australia. From March 2026, Age-Restricted Material Codes apply to a wide set of services (e.g. social media, app stores, AI chatbots, pornography). Platforms must use strong age verification (e.g. facial age estimation, digital wallets, or photo ID) for high-impact content. Penalties for non-compliance are significant.
What multi-jurisdictional platforms should do
Platforms operating in multiple jurisdictions should map obligations per territory and choose age-assurance solutions that support compliance and data minimisation in each. A single privacy-first integration, where you receive only an 18+ token and an Audit ID per verification with no ID or face storage, can serve UK, EU, US, and Australian requirements without duplicating systems or data.
By region (expand to read)
The Digital Services Act obliges platforms to protect minors and implement age verification where needed. The Commission's age verification blueprint (2025) promotes privacy-preserving proof of age (e.g. proving "over 18" without disclosing birth date) and aligns with the EU Digital Identity Wallet (eIDAS 2.0). Member States are piloting the approach. Penalties can reach up to 6% of global turnover for serious non-compliance.
No single federal age verification law. Many states have passed or proposed laws requiring age checks for social media, gaming, or adult content. Requirements and methods vary; some laws have been challenged on First Amendment grounds. The FTC has signalled support for certain age-verification technologies under COPPA (2026 policy), subject to accuracy, security, notice, and retention conditions.
From March 2026, Age-Restricted Material Codes apply to social media, AI chatbots, app stores, online gaming, search engines, messaging, and pornography. Platforms must use robust age verification (e.g. facial age estimation, digital wallets, photo ID) for high-impact harmful content. Penalties for non-compliance are high, up to tens of millions of dollars.
Frequently asked questions
Yes, if a service is likely to be accessed by under-18s and exposes them to harmful content, the Act applies regardless of size. Ofcom has already opened investigations into smaller platforms.
Regulators accept methods such as photo ID matching with liveness, facial age estimation, Open Banking checks, mobile network operator checks, and accredited digital identity services. Self-declaration or unverified payment alone is not enough.
Some have been. In 2026 Virginia's law was temporarily blocked on First Amendment grounds, and other states face similar challenges. Others, including Texas and Louisiana, have active laws you must comply with.
Australia's Age-Restricted Material Codes accept facial age estimation, digital wallets, and photo ID-based verification for high-impact content. Penalties can reach tens of millions of dollars for non-compliance.
Yes, if it supports multiple methods (ID plus liveness, facial age estimation, tokens) and configurable age thresholds. A privacy-first provider that returns only an "18+" token and an Audit ID meets each jurisdiction's bar without creating a central gallery of IDs.
