With deadlines to implement age assurance coming thick and fast – whether under the UK’s Online Safety Act, due to Arcom's requirements in France, or elsewhere – it can be tempting to focus on age assurance as a compliance box to tick. But for platforms who need to prevent access to child users, getting age assurance wrong can introduce several new risks. From failing to protect users, to wasting time and money on ineffective solutions, to dealing with regulatory information requests and fines, it’s important to get age assurance right from day one.  

How do I choose the right approach to age assurance?

One of the biggest challenges platforms face is the sheer number of options available, and the lack of clarity on what’s right for them. Photo ID scanning, open banking, mobile network checks, facial age estimation, credit card validation… the list goes on. Each comes with its own benefits, drawbacks, and regulatory considerations.

What works for one platform may be inappropriate for another. Some methods offer a high level of assurance but introduce significant friction. Others are privacy-preserving but not compliant on their own. And some may rely on assumptions about your users that may not hold true in real-world conditions.

Ofcom’s guidance doesn’t evaluate each type of age assurance in the context of your platform. Instead, they offer a set of criteria for you to use when evaluating if your approach is “highly effective” or not. At first glance, it seems they leave the grunt work to online services: figure out which AA tools fulfil the criteria and we can judge you based on your evaluation.  

Ofcom have taken this tech-neutral, principles-based approach to ensure the guidance is “future proof”. The regulator understands the age assurance sector is novel and innovating at lightning speed, and that there is no “one-size-fits-all” approach to age assurance. This means regulated services – whether in the UK or further afield – need to consider key issues carefully.

Users expect privacy

People commonly state that their main concern with age assurance is the potential impact on privacy. Asking people to upload identity documents or share sensitive data can impact trust and drive drop-off. A rights-respecting approach means adopting an approach that works effectively without over-collecting data. Ofcom expects this, and works closely with the ICO  to ensure age assurance is implemented in a privacy-preserving manner.

Getting the balance right

Getting age assurance “wrong” can go both ways. Setting the bar too low risks allowing child users onto high-risk platforms, leading to regulatory fines and brand damage. Conversely, implementing an approach which introduces significant friction into the user journey and processes significant amounts of personal data risks users dropping off, or unfairly excluding them from your platform. Ofcom’s guidance encourages service providers to consider the principle of “accessibility” when implementing age assurance. People shouldn’t have their right to access information and express themselves curtailed by regulation designed to reduce harm to children.  

We help platforms find the right tools for their risk profile - and avoid spending time or budget on something that won’t meet Ofcom’s expectations.  

Strategy, not just tech

Age assurance is about more than implementing technology, or setting a hard age gate. It’s about having a strategy that’s proportionate, risk-based, and clearly documented. You should know:

1. why you’ve chosen a particular approach

2. how it aligns with your risk assessment

3. how you’re evaluating its effectiveness

4. how you’ll explain all of the above to the regulator, and your users.  

Why Illuminate tech?

Our team have unique expertise on age assurance. From leading the drafting of Our team have unique expertise on age assurance. From leading the drafting of regulatory guidance on age assurance while at Ofcom, to delivering the Evaluation Proposal for Australia’s large-scale trial of age assurance technologies, to working with services to design bespoke age assurance strategies - we understand the landscape, the pain points, and the risk of getting things wrong.

We recognise that age assurance is not just a policy problem: it poses technical implementation challenges for platforms, who need to protect user privacy and provide a smooth user experience.

Whether you need a quick validation, a stress-test o your strategy, or full end-to-end technical deployment, our Age Assurance Fast Track services can help. And if you’re not sure where to start, we can get you from zero to confident in one discovery call.  

Reach out to as at hello@illuminatetech.co.uk or send us an enquiry with ‘Fast Track’ on our website.