HomeWordPressBlogPricingDemoContactDocs
LoginGet Started
EU Digital Services Act

EU DSA age verification, without the passport vault

The Commission blueprint is feature-ready and Member States must ship citizen tools by 31 December 2026. Meet DSA Article 28 with a privacy-first flow that proves age and stores no documents on your servers.
DSA Article 28
Fines up to 6% turnover
eIDAS Wallet ready
Run the live demoRead the full guide
Key deadline

31 Dec 2026

Member States should offer citizens privacy-preserving age verification.

Blueprint feature-ready 15 Apr 2026

Member State tools by 31 Dec 2026

EUDI Wallet rollout 2026–2027

QUICK ANSWER

What the DSA expects in 2026

What changed

Blueprint feature-ready 15 April 2026; Member States urged to ship citizen tools by 31 December 2026; Commission proceedings against Meta signal enforcement.

Who must act

EU platforms with age-restricted content or services likely accessed by minors: social, forums, marketplaces, and WordPress stacks with sign-ups or UGC.

The trap

Document KYC on every registration is high friction and a PII honeypot on your servers under GDPR.

Recommended approach

Prove a threshold (16+ or 18+), not identity. Align with the blueprint and EUDI Wallet, and minimise data on your side.

Blueprint principles

Three design principles regulators reward

The April 2026 package sharpens how platforms meet Article 28 and prepares the ground for eIDAS 2.0.

Effective assurance

Regulators expect appropriate, proportionate methods, not honour-system birth years. ID + liveness, accredited digital ID, or wallet credentials are in scope.

Minimal disclosure

Receive proof a user is over a threshold without collecting passports or full dates of birth. Selective disclosure, not identity dossiers.

Wallet interoperability

Align with the EUDI Wallet architecture now so you can accept wallet-issued proof-of-age attestations later without ripping out your integration.

Deadline tracker

The EU age-assurance timeline

DSA duties apply now. The year-end target is when national tools should be available, not when your obligations start.

  • 15 Apr 2026
    15 Apr 2026
    Blueprint feature-ready

    The EU age verification blueprint becomes a complete open technical standard for privacy-preserving checks.

  • 31 Dec 2026
    31 Dec 2026
    Member State tools

    Commission recommendation: every Member State should offer citizens privacy-preserving age verification.

  • 2026–2027
    2026–2027
    EUDI Wallet rollout

    EU Digital Identity Wallet reaches citizens; private-sector acceptance timelines follow.

  • Ongoing
    Ongoing
    DSA enforcement

    Digital Services Coordinators active across France, Germany, Ireland; proceedings opened against major platforms.

Conversion matters

Why wallet-only flows hurt sign-ups

Forcing every user through a government app at registration drives abandonment. A shared, privacy-first check keeps adults moving.

Government wallet-only

User leaves your registration or basket

Downloads or opens a government app

Authenticates, sometimes via bank ID

Returns hoping the hand-off worked

AgeOnce privacy-first

In-browser ID + liveness once on the network

Signed 16+ or 18+ outcome and Audit ID returned

Light face reverification on return visits

No passport images stored on your server

Up to 6%

of global annual turnover in serious DSA cases

Digital Services Coordinators can also impose periodic penalty payments until compliance is restored. Complying by hoarding passports does not reduce risk; it relocates it from the regulator's desk to your security team's incident queue.

Go deeper

Guides and references

DSA age verification: full 2026 guide

Deadlines, methods, conversion, and integration paths in depth.

eIDAS 2.0 and the EU Digital Identity Wallet

How wallet-based proof of age fits the blueprint.

Data minimisation: what to collect

Keep outcome and Audit ID, not a document vault.

Ship a DSA-aligned gate before year-end

Test the flow on your registration, checkout, or first-post path now. Threshold result and Audit ID only, no document archive on your servers.

Run the live demoWordPress setup
FAQS

EU DSA age verification FAQ

Under Article 28, platforms must take appropriate and proportionate measures to protect minors, including age verification where content or services are age-restricted. The bar is effectiveness and privacy preservation, not a specific vendor technology.

Not exactly. The Commission recommendation from April 2026 urges Member States to make privacy-preserving age verification tools available to citizens by 31 December 2026. DSA obligations for platforms are already active; the deadline accelerates national wallet and blueprint rollouts that platforms should plan to accept.

The blueprint is a reference standard and open-source implementation, not a standalone law. It defines what the Commission considers good practice, proving over 18 without disclosing exact date of birth, and bridges to the eIDAS 2.0 Digital Identity Wallet.

Up to 6% of global annual turnover in serious cases. Digital Services Coordinators can also impose periodic penalty payments until compliance is restored.

Yes. A privacy-first flow returns only a signed age threshold such as 18+ verified plus an Audit ID to your application. ID images and selfies stay with the verification provider and are not kept as a merchant-side document vault, which reduces GDPR breach and retention risk.

AgeOnce follows the blueprint threshold-only model, so it aligns with the direction of the EUDI Wallet as Member States roll it out through 2026 and 2027. You integrate once and accept wallet-issued proof-of-age attestations later without rebuilding your gate.

The privacy-first age verification for high-risk businesses.

Legal
Terms of ServicePrivacy PolicyBiometric PolicyMerchant TermsData Processing Agreement
Solutions
WooCommerce age verificationStreaming age verificationEU DSA complianceUK age verification
Product
DocumentationWordPress PluginWordPress DocsContactStatus

© 2026 AgeOnce Inc. All rights reserved.