The European Commission unveiled detailed technical specifications on July 14, 2025, for an EU-wide age verification system that will require digital identity credentials to access websites containing adult content. The announcement comes just weeks before the UK’s Online Safety Act triggered a 1,400% surge in VPN signups, according to Proton VPN data reported on July 25, 2025.
The timing demonstrates how swiftly regulatory frameworks are expanding across Europe. Following the UK’s implementation of mandatory age verification for adult content platforms on January 17, 2025, the European Union has accelerated its own digital identity requirements through the Digital Services Act (DSA) framework, with full implementation scheduled for completion by the end of 2026.
According to the European Commission’s technical documentation, the new system will operate as a “white-label solution” developed by the T-Scy consortium, composed of Swedish software firm Scytales AB and German company T-Systems International GmbH, a subsidiary of Deutsche Telekom. Denmark, France, Greece, Italy and Spain will pilot the technology first, with broader implementation scheduled across all 27 EU member states by the end of 2026.
According to the European Data Protection Board’s Statement 1/2025, adopted on February 11, 2025, organizations must implement strict data protection principles when deploying age verification systems. The statement establishes comprehensive guidelines for protecting personal data while determining users’ ages online.
Jason Nurse, a cyber expert at the University of Kent, expressed concerns about data protection implications during the UK implementation: “These sites will be entrusted with storing large amounts of personally identifiable information from potentially vast segments of the population. How can we be confident this data won’t be misused? Such centralised databases create attractive targets for attackers seeking information for blackmail, extortion or other malicious purposes.”
The EU’s approach attempts to address these concerns through technical design. According to the commission’s documentation, when users activate the app, their age will be verified by the issuer using detailed personal data, like the date of birth. However, online services will only receive a proof that the user is over 18, without any other personal details.
The EU system builds upon the Digital Services Act, which became fully operational for all platforms on February 17, 2024. Article 28(1) requires online platforms accessible to minors to ensure “a high level of privacy, safety and security” for underage users.
Unlike the UK’s immediate enforcement approach, the EU has structured implementation through a phased pilot program. User testing began in late June 2025 with support from EU Safer Internet Centres, according to commission statements. The pilot phase allows for technical refinement before mandatory compliance requirements take effect.
The commission’s guidelines specify that “methods that rely on verified and trusted government-issued IDs may constitute an effective age verification method, such as the EU Digital Identity Wallet.” This represents a more centralized approach compared to the UK’s reliance on individual platform verification systems.
To discuss advances in digital banking in Europe, attend talks and network with industry leaders, attend the 3rd Client Onboarding And Digital Identity Summit For Financial Institutions, taking place on September 24-25, 2025, in Prague, Czechia.
For more information, click here or email us at info@innovatrix.eu for the event agenda. Visit our LinkedIn to stay up to date on our latest speaker announcements and event news.
Source:
