The European Commission’s age verification app lets users prove they are over 18 without sharing personal data. President von der Leyen hails it as a free, privacy-first solution for platforms struggling to comply with child-safety obligations under the Digital Services Act.
This launch was met with scepticism. Within days of its April debut, a video exposed how the app’s prototype could be bypassed in under two minutes. The Commission released a patch and called the flaws “prototype-stage” issues.
A delayed solution
For MEP Christel Schaldemose, rapporteur of the European Parliament’s report calling for a harmonised EU-wide minimum age of 16 on social media, the app is a welcome but insufficient step, and one that has taken far too long.
“I’m happy to learn that the tool is soon ready to be used. I think that is a first good step,” she told Euronews, but the relief is conditional. Von der Leyen announced an expert panel on children’s digital safety back in September 2024. By April 2026, the panel had barely started work.
“From September until April is quite a long time,” Schaldemose said. “I don’t know if they’re delaying on purpose, but I do think that they are too slow on this.”
The delay is costly. Member states have already moved ahead with their own age restrictions and social media rules. France, Spain, Greece, Ireland, and others are creating the exact fragmented landscape the EU was supposed to prevent.
“The danger is that we end up making it very complicated to find solutions to protect minors and that we have loopholes,” Schaldemose warned. “If you don’t have any verification tools in Germany but you have them in Denmark, young people will very quickly find a way to use a VPN. It is undermining the protection of minors if you don’t have a harmonised approach.”
‘A quick technical fix’
Child rights advocates reject the debate over the timeline. Age verification, regardless of design, fails to tackle the real sources of harm children face online.
Francesca Pisanu, EU Advocacy Officer at Eurochild, welcomes the Commission’s infrastructure, rather than relying solely on private companies. Yet, the app’s framing is problematic.
“The app should not be seen as a silver bullet, but as one tool within a much broader child-rights-based approach,” she said. “If it is presented as the solution, there is a real risk that it becomes a quick technical fix to a structural problem.”
That structural problem, in Eurochild’s view, is not children’s access to platforms; it is the platforms themselves. Recommender systems, behavioural advertising, engagement optimisation, and addictive design are the mechanisms generating harm. An app that checks a user’s age at the door leaves all that intact.
Pisanu says the public debate focuses too much on children’s access and not enough on platform design. Restricting access doesn’t address harmful systems.
Privacy: a promise still unproven
The Commission insists the app meets the “highest privacy standards.” Users verify their age with a passport or ID card, but the platform receives only a yes-or-no confirmation, not their name, birthdate, or any other personal details. The design uses zero-knowledge proofs and is open source.
Privacy advocates remain unsatisfied. Identity documents must still be scanned; third-party integrations widen potential data exposure; poorly managed tokens or logs may link users across platforms. The Commission has not addressed these objections head-on.
Schaldemose, for her part, is less alarmed about privacy than she once was. “Two years ago, we might have had some issues on data protection, but the tools developed today are made in a way where that problem is tackled,” she said. “I don’t think that we have to be afraid of privacy.”
But she adds a sharp caveat: “If you’re so afraid of it, then you shouldn’t use the platforms, because they have your data no matter who you are.”
Pisanu draws a hard line. Any age assurance system must be “privacy-preserving, reliable, robust, accurate, proportionate, and backed by wider safeguards. If not, focus will shift to access control while ignoring the business models and platform designs at the core of the risk.”
Platforms remain the problem
Experts agree: Brussels fails to recognise that platforms are primarily accountable, despite ample time for them to demonstrate responsibility.
“They know it is harmful and they should stop the practices already today,” Schaldemose said of addictive design features. “They earn quite a lot of money, it’s visible, you can look at their earnings. So, I think they can afford it.”
Pisanu says tech companies design and profit from these environments. “The responsibility should lie first and foremost with tech companies, because they design and profit from these environments,” she said. “Parents can play a crucial role, but they cannot be expected to carry primary responsibility for managing risks created by powerful commercial systems.”
The Commission’s app could ease compliance and reduce data exposure. But without binding rules on platform design, algorithmic transparency, and accountability and without a mandatory, unified framework to replace patchwork national laws, it remains a technical fix, not a complete political strategy.
As Schaldemose put it: “We cannot wait any longer for a signal from the Commission about what they expect to do.”
The EU’s age verification app is expected to be available for public download by summer 2026, with wallet integrations planned in France, Denmark, Greece, Italy, Spain, Cyprus, and Ireland.
Read the full article here