Few things are as certain as age verification continues to appear everywhere on the internet. From the UK to the EU, US, and Australia, from adult-only sites to social media, gaming platforms, dating apps, and now even Google Search: we need to be ready to prove that we're over 18 to access a ton of websites.
Despite this being a work-in-progress plan for a while, the recent implementation of age verification requirements on the UK's digital soil made the need for truly private and secure solutions increasingly pressing.
However, a solution may already exist – a digital ID wallet. Some governments worldwide, the UK included, have already started working on their own national application. Yet experts warn that ID wallets aren't necessarily the one-click privacy and security fix that many might think.
If you can't beat them, join them – but privately
Starting from July 25, 2025, the latest implementation of the 2023 Online Safety Act introduced the requirements for all Brits to scan their face, a credit card, or an ID document to access certain content on X, Reddit, Bluesky, and even Spotify. The same applies if they want to play a new over-18 video game, find a new match on a dating app, or watch a video reserved for adults only.
These platforms, which were never intended to check user identities and retain this sensitive data, have often partnered with third-party age verification services to implement the checks.
Leaks, abuse, and misuse of data are just some of the risks linked to the mass data collection that age verification checks involve, pushing people fearing for their privacy and security to turn to the best VPN apps as a workaround. Issues that, according to some experts, could be easily avoided when using the right tech.
According to the Co-Founder of Privado ID, an ID management provider for private and secure verification, Evin McMullen, the UK failed to take into account all the potentially harmful consequences of these invasive age verification methods, de facto creating a centralized honey pot of data for bad actors to exploit.
"I feel strongly that we should shield children, not expose adults, and that privacy should not cost people their safety online," McMullen told TechRadar. "I then think age verification should work like a bartender's glance in real life – confirm age and retain nothing."
A secure ID Wallet should, if properly built, enable you to prove you are over 18 and can access certain content, all without revealing any of your identifiable information. It's like, as McMulen puts it, "a thumbs up or a green light that is cryptographically signed and verifiable."
That's, for example, the direction that the EU is embarking on – but not without controversy...
The encryption conundrum
Five EU countries (Denmark, Greece, Spain, France, and Italy) are set to test an age verification app, which claims to enable users to prove they are over 18 "without revealing any other personal information," the European Commission explains.
This app comes as the pilot project of a way bigger plan, which is set to be enforced among all 27 member states by December 2026 – the European Digital Identity Wallet (EUDI), as outlined in the eIDAS law.
According to McCullen from PrivadoID, whose company has actively collaborated in designing the app's technical specs, this is a welcome step. Specifically, the EU app incorporates multiple methods of verification, she explains, including a non-invasive usage of biometrics.
"This is not to say it's not without faults and is perfect," she added.
The big elephant in the room here is that the European Commission is currently split in working towards two goals that look incompatible at first glance. On one side, lawmakers want to build a trusted, private, and secure digital ID system. On the other hand, they are considering passing laws that could weaken the very technology that is supposed to hold these guarantees together – encryption.
And, as the CEO of Mullvad VPN, Jan Jonsson, told TechRadar: "You can't build trust and security on a foundation of mistrust and surveillance."
Encryption refers to the technical infrastructure that scrambles our online communications to prevent unauthorized access. A crucial piece of tech to keep us all safe from malicious actors online, which, however, law enforcement bodies often see as an obstacle to their criminal investigations.
Specifically, the EU could pass what's been deemed Chat Control as early as October 2025. This could create a mandatory encryption backdoor into all citizens' private chats as a way to halt the spread of child sexual abuse material. Experts have long argued that creating a backdoor isn't possible without undermining the security and privacy protections intrinsic to the tech.
Another EU legislative plan, the so-called ProtectEU strategy, is also looking at ways to handle encryption (and decryption) while potentially widening data retention obligations for digital platforms.
Despite the supposedly good intentions, these plans may lead to yet another privacy and security disaster.
According to Jonsson from Mullvad, in fact, it isn't negotiable: "Either citizens have secure devices and private communications – or they don’t. You can't have both."
Head of Policy at European Digital Rights (EDRi), Ella Jakubowska, agrees on what she describes as a "double standard" among EU lawmakers when it comes to digital security.
Bart Preenel, cryptographer and professor at the University of Leuven, also pointed out that, if the EU ID Wallets were eventually used for age verification, "one would definitely want a very high level of privacy and unlinkability, also with respect to governments." Something that can only be achieved with today's most robust cryptographic tools.
What's next?
As we have seen, a secure digital ID wallet could be the privacy-first solution we were waiting for, and one that'll considerably minimize the unintended consequences of age verification.
On paper, at least. The reality is that having the right infrastructure made of the most modern cryptography and zero-knowledge technology isn't enough.
What we do need are guarantees that today's encryption protections would not be weakened with new legislation. That such an ID Wallet system cannot ever be re-purposed for wider user tracking.
Sadly, it looks like we aren't there yet – and not only in the EU.
While the UK ID Wallet scheme is still very much in progress, digital rights advocates haven't exactly welcomed the proposal, rebranding it as the "Big Brother in your pocket." Worse still, a potential encryption backdoor provision is still buried within the UK Online Safety Act.
Australia, which is also implementing a strict mandatory age verification system, is also considering breaking encryption, fueling a vow from Signal to leave the country if that happens.
There's surely a certain hunger for secure and private ways of proving your identity online. It now remains to be seen if politicians will manage to live up to the challenge – and listen to tech experts along the way.
You might also like
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.