Age verification for online platforms has moved from niche policy idea to mainstream regulation in under five years. Governments in Australia, the UK and the EU are now forcing platforms to show they can reliably stop children accessing age-restricted services — and that shift raises thorny questions about privacy, technology and enforcement. This article examines where the law is headed, the tech options being used, and the trade-offs policymakers face.

Australia: a national minimum age and a hard deadline

Australia has legislated a social-media minimum age framework that requires platforms to take “reasonable steps” to prevent under-16s holding accounts; the rules are set to apply from 10 December 2025. The government and the eSafety Commissioner are consulting on implementation but have signalled fines for non-compliance and a broad enforcement remit. This makes Australia one of the most interventionist jurisdictions on this issue.

UK and EU: model rules, strong age assurance

The UK’s Online Safety Act and Ofcom guidance require “highly effective” age assurance for certain high-risk content (notably pornography), with mandatory age checks taking effect in mid-2025 — a regime that prompted a big rise in age-checks and VPN use soon after implementation. Meanwhile, the EU has published guidance under the Digital Services Act pushing member states and platforms towards reliable, privacy-respecting age-assurance systems for services accessible to minors. Expect continued alignment across these jurisdictions (and pressure on multinational platforms to adopt cross-border solutions).

How platforms can verify age — and the privacy trade-offs

Technical options fall into three broad categories: (1) document or identity checks (government ID, driving licence), (2) third-party credential services (trusted age-verification providers or credit-card checks), and (3) biometric or AI-based estimation (facial age-estimation). Each approach has limits: document checks risk fraud and data-retention burdens; financial checks exclude those without credit instruments; biometrics raise accuracy and discrimination concerns. Independent testing (including NIST studies) shows age-estimation algorithms can be error-prone, particularly across different ethnicities and ages — a core reason privacy and consumer groups warn against over-reliance on face recognition.

Enforcement realities — and user workarounds

Early roll-outs reveal enforcement is messy. After new UK checks began, some sites reported millions of extra age checks a day and a surge in VPN use as users attempt to evade verification. Regulators will struggle to police cross-border services, and tech-savvy teenagers will keep finding circumvention routes. That suggests compliance will be a mix of technical hurdles, user friction and ongoing cat-and-mouse dynamics.

The policy balancing act

Lawmakers want to reduce harm to minors — from exposure to harmful imagery to manipulative algorithmic design — but must balance that aim against privacy, inclusion and free-expression concerns. Policymakers are trying to thread this needle by requiring age assurance that is accurate, non-intrusive and non-discriminatory, while encouraging privacy-preserving approaches (for example, cryptographic “age-yes/no” proofs rather than transferring ID documents). The EU guidance explicitly recommends privacy-respecting, robust methods; Australian consultations similarly emphasise minimising data retention and protecting children’s rights.

What to watch next

Implementation guidanceregulators will publish technical standards and approved methods (watch eSafety in Australia, Ofcom and the European Commission).

Court or rights challengesprivacy and civil-liberties groups may challenge intrusive verification schemes.

Industry responsesplatforms may prefer universal verification services (single sign-on age tokens) to avoid duplicative checks. Expect consolidations in the age-verification vendor market.

Practical advice for platforms and policymakers

• Prioritise privacy-first designs (minimise storage, use zero-knowledge proofs where possible).
• Prepare for mixed methods — no single technique solves all problems; combine signals and human review for edge cases.
• Invest in user education and accessible alternatives so checks don’t exclude vulnerable groups.

Suggested External Links:

• eSafety Commissioner — Social media age restrictions (Australia).
• UK Government / Online Safety Act guidance and Ofcom age-check advice.
• European Commission — Guidelines on protection of minors & age verification (DSA).
• NIST report on face-analysis and age estimation (technical limits).
• Privacy watchdog analysis — privacy risks of age verification.

Age verification is no longer optional. Across Australia, the UK and the EU, regulators are pushing platforms to prove they can keep under-age users out of age-restricted corners of the web. That creates a critical crossroads: choose privacy-sensitive, inclusive technical solutions — or face ethical, legal and practical backlash.

The next 12–24 months will determine whether age assurance becomes a privacy-respecting public good or a new vector for surveillance and exclusion.

Contact New South Lawyers today.