In February 2026 Discord announced it was delaying its global age verification rollout from March to the second half of the year. Users pushed back quickly: many feared they would have to hand over selfies and government IDs just to use the platform. Discord's CTO later wrote that the company "missed the mark" in how it communicated its plans. The rollout pause is a useful case study in communication, vendor choice, and how much verification you actually need.
The vendor breach and the pivot to on-device
Privacy concerns were amplified by a recent breach: a third-party verification vendor had exposed government ID images belonging to tens of thousands of Discord users. That incident put a spotlight on what happens when platforms and vendors accumulate sensitive identity data. Discord has since made a strict requirement part of its strategy: facial age estimation must happen entirely on the user's device so that biometric data never leaves the phone. The company reportedly rejected at least one major identity partner because it could not meet that standard. The shift to on-device processing is a direct response to both user trust and regulatory pressure.
Who actually gets prompted (and lessons for others)
~90%
Discord users who will not be asked to verify at all
The remaining share will be prompted for facial age estimation that runs entirely on-device, a credit card check, or a fallback ID flow.
Discord has also clarified that the vast majority of users will not be asked to verify at all. Around 90% will continue to be handled by internal signals (account age, payment methods, server types, activity). Only a smaller share will be prompted for verification, and the company plans to offer multiple methods, including credit card checks, and more transparency about vendors before the global rollout. For other platforms, combine strong privacy (on-device or zero-storage) with clear communication and minimal friction for users who do not need to verify. The same principle applies to B2B age verification: use a provider that never stores ID or face images and returns only a verification result and an Audit ID. Returning users can then re-prove age with a quick face check on any site in the same network, with no repeated ID uploads and no central gallery of documents, so you avoid the very breach and backlash that forced Discord to delay.
