The Digital Services Act (DSA) requires platforms to protect minors and to implement appropriate measures, including age verification, where access to certain content or services is restricted by age. The European Commission has gone further by publishing an age verification blueprint and a reference prototype that show how to verify age in a privacy-preserving way, for example by proving "over 18" without disclosing exact date of birth or other identifiers.

The blueprint is designed to work with the future EU Digital Identity Wallet (eIDAS 2.0). Until the wallet is widely available, the Commission’s solution offers an interim path: users can onboard with an ID or other credentials, and then present proof of age (e.g. one-time tokens) to platforms without leaking unnecessary data. Several Member States and adult-content and platform providers are already piloting it.

For EU platforms, the takeaway is twofold. First, you must have effective age assurance where the DSA requires it, and that can mean audits and penalties (up to 6% of global turnover in serious cases). Second, the direction of travel is clearly toward minimal disclosure: prove age, not identity, and avoid storing raw documents or biometrics. Implementing or integrating a solution that follows the blueprint’s principles (privacy-preserving, interoperable with the future wallet) positions you for both current compliance and the 2026–2027 eIDAS timeline.

If you operate in the EU, review the Commission’s guidelines and technical specs, assess whether your current flow meets the "high standard" expected, and plan for alignment with the EU Digital Identity Wallet as it rolls out.