How technology can enable age verification while protecting both safety and privacy

The European Union is advancing a new wave of digital regulation, placing children's online safety firmly in focus. Several legislative efforts are converging on this issue, from the Digital Services Act (DSA) to national laws targeting access to age-restricted content. While the European Commission has yet to mandate a specific technical model for age verification, the pressure on platforms to act is intensifying.

Across the EU, member states such as France, Germany, Spain, and Denmark are pushing ahead with their own rules, introducing mandatory age checks for platforms like social media and adult content sites. But without a harmonised approach at the European level, a fragmented patchwork is emerging, with each country proposing different methods, requirements, and privacy standards.

The risk? In the rush to comply, platforms may resort to invasive age verification methods - such as ID uploads, biometric scans, or telecom-based identity checks - that meet legal requirements but undermine core European principles of data minimisation, autonomy, and privacy.

The intent is noble: children need protection in a digital world designed largely without them in mind.

But how we implement these protections matters just as much as why.

Can we safeguard children online while also protecting their privacy? Many of the solutions currently being discussed assume this is difficult to achieve. They often rely on ID uploads, biometric scans, or telecom-linked identity checks, which involve collecting and processing sensitive data. However, emerging technologies now make it possible to verify age without exposing personal information, helping to balance both the goal of online safety and the protection of privacy if such measures are required.

"There are two important aspects of safeguarding children online,” says Kim Nørskov, Chief Success Officer at Partisia. “One is ensuring that age-restricted content is properly managed, and the other is protecting the privacy of both minors and adults. Technology can help achieve both without forcing people to choose one over the other.

 

Fragmentation, friction, and a missed opportunity

As Euractiv recently reported, the EU is facing a growing patchwork of national laws with no harmonised standard for how age verification should work. Some countries want telecom data checks, others push for official IDs or third-party certification. The unintended consequence? A rush to adopt compliance measures that may actually reinforce large-scale data collection, particularly from young users.

This fragmented approach risks undermining digital trust across the board. Children, parents, and platforms alike are left navigating an inconsistent and often invasive system. The urgency to act is understandable. But if we rush into technically convenient solutions, we risk locking ourselves into models that solve one problem while creating another.

Encouragingly, efforts are now underway at the EU level to align technical standards. The EU Age Verification Framework project, supported by the European Commission, is working to define an interoperable and privacy-preserving architecture for age assurance. If widely adopted, it could offer a harmonised path forward, enabling compliance without sacrificing fundamental rights.

Security demands data, but privacy forbids it?

Fortunately, the technology to protect children's privacy already exists. Zero-Knowledge Proofs (ZKP). offers solutions that allow for age verification without exposing unnecessary personal information.

Zero-Knowledge Proofs, can be used to prevent the above issue which is commonly referred to as linkability. That is, using this technology a business would be able to verify that a customer is of legal age without knowing who they are or being able to track their purchasing behavior. 

So what is a Zero-knowledge Protocol?

A Zero Knowledge (ZK) protocol (often also referred to as a ZK proof) is a protocol that involves two parties: 

1) a prover wanting to prove the correctness of a claim and 
2) a verifier who needs to be convinced about the correctness of the claim.

For a protocol to be considered zero-knowledge, it must satisfy three properties:

Completeness: If the prover's claim is true, they should be able to complete the protocol successfully.

Soundness: The verifier should only be convinced if the prover’s claim is indeed true.

Zero Knowledge: The verifier learns nothing beyond the fact that the claim is true.
Want to know more about ZK?

By adopting these technologies, companies can comply with the law while maintaining privacy safeguards that protect children from excessive data collection and tracking.

From compliance to principle

Even though the challenge mainly seems technical. It’s in many ways just as much an ethical one. We’re looking into a time where we’re about to decide what kind of environment we want children to grow up in. 

“If systems are designed to prioritise both safety and privacy, we can support a digital environment that protects users while minimising unnecessary data collection,” adds Kim Nørskov. “Technology now allows us to enable protection without defaulting to constant monitoring, profiling, or tracking”. 

 

What’s at stake

The EU has a chance to lead not only in protecting young users, but in defining the global standard for how to do so responsibly. It’s a moment to embed privacy as a core feature of safety, not as a casualty of it. The technology exists. The regulatory momentum is here. 

What’s needed is vision.
Let’s not force children to trade their right to privacy for their right to protection. Let’s build a digital world where they never have to choose.