As outlined in the EU’s official policy on age verification, this approach is about more than checking birthdates—it reflects a fundamental shift in how online identity, privacy, and trust are managed in a digital-first society. For those in the mobile and digital ecosystem, this development will have both compliance and strategic implications.

A New Model for Digital Age Assurance

At the heart of the new app is a privacy-preserving mechanism for proving one’s age. Rather than requiring individuals to submit documents or share sensitive personal information directly with platforms, users will be able to generate and present verified age tokens—effectively proving they meet a certain threshold (e.g. 18+) without disclosing actual age or identity.

As a neutral and global industry body, the MEF will continue to engage with its members and the broader regulatory community to progress defence of minors in the mobile ecosystem. Our Identity & Data Interest Group covers key debated and activities about the identity and age verification activities. We believe this latest development offers an opportunity for the ecosystem to extend its debate”

This model aligns with data minimisation principles central to EU data protection rules. According to the Commission’s public briefings, the system relies on a modular and standards-based framework, allowing for secure integration into various services, including mobile apps, websites, and telco platforms.

The technology has been developed through a joint venture between Swedish software firm Scytales and T-Systems, a Deutsche Telekom subsidiary. Their solution, operating under the venture “T-Scy,” is currently in beta testing across multiple EU member states, with technical documentation already published to guide potential adopters.

This app is also seen as a stepping stone to the EU Digital Identity Wallet, scheduled for broader implementation in 2026. In that context, the age check feature is a test case for what privacy-preserving identity services could look like across the EU.

Policy Context: Enforcing the Digital Services Act

The app’s development is being driven by the Digital Services Act (DSA), the EU’s flagship legislation governing online platforms. Among other obligations, the DSA requires platforms to assess and mitigate risks to children, particularly where harmful or age-inappropriate content is concerned—ranging from pornography and gambling to algorithmically recommended content on social media.

The Commission has recently launched formal investigations into four major adult content platforms over suspected non-compliance with age verification standards (Pornhub, Stripchat, XNXX, and XVideos). The primary concern is that these platforms may have failed to implement adequate age verification systems, potentially allowing minors to access explicit content. Under the DSA, platforms classified as Very Large Online Platforms (VLOPs) are required to assess and mitigate systemic risks, including those related to the protection of minors.

This comes alongside ongoing probes into the design practices of major platforms such as Meta and TikTok, with EU regulators scrutinizing how algorithmic recommendation systems—particularly those designed to maximize engagement—may be negatively impacting children’s mental health and digital wellbeing. The concern centres around so-called “rabbit-hole effects,” where algorithms feed users a continuous stream of emotionally charged or addictive content, potentially leading minors to spend excessive hours on platforms without meaningful control or oversight.

Regulators are assessing whether such design choices violate the Digital Services Act’s duty of care, which obliges Very Large Online Platforms (VLOPs) to assess and mitigate systemic risks, especially when they affect vulnerable groups like minors. These investigations could lead to binding commitments or significant penalties if platforms are found to have failed in their risk assessments or have neglected to take sufficient preventive action.

While the EU has stopped short of mandating a single verification method, the release of this app provides a de facto reference model—a harmonized, secure solution that can be adopted voluntarily and may set the tone for enforcement.

In parallel, the EU is also encouraging platforms to set children’s accounts to private by default, reduce addictive design features, and increase parental control options. These trends suggest that age verification is only one part of a broader shift in platform accountability.

Implications for the Mobile Ecosystem

1. A Compliance Enabler for Mobile Services

For mobile-first businesses—app developers, telcos, content providers—the app offers a path toward compliance with EU obligations without the burden of creating proprietary age verification systems. The centralized model ensures interoperability and consistency, easing the challenge of maintaining compliance across 27 Member States.

Those operating services that involve minors or age-restricted content should consider early integration, especially given that non-compliance under the DSA can carry fines of up to 6% of global turnover.

2. An Opportunity to Lead on Privacy Tech

This app also sets a benchmark for privacy-preserving user authentication. By using techniques such as zero-knowledge proofs or selective disclosure, it represents a broader trend away from legacy ID checks and toward trust frameworks where users control their data.

Mobile ecosystem stakeholders—especially identity providers, SDK vendors, and authentication platforms—have an opportunity to align with or extend this model through plug-and-play APIs, privacy-first onboarding flows, and custom integrations into mobile environments.

3. A Catalyst for Rethinking Platform Design

Age verification is not a standalone challenge. It is linked to how platforms are designed, especially with respect to how they capture attention, recommend content, and collect behavioural data. The EU has already signalled it will expect platforms to demonstrate that design decisions do not harm users, especially vulnerable groups like children.

This will prompt mobile services to evaluate the design ethics of their apps—from infinite scroll to push notifications to advertising strategies. Stakeholders should be prepared to articulate how their systems respect digital wellbeing principles and age-appropriate engagement.

4. A Precedent for Global Regulation

Although this is an EU initiative, the broader policy environment is increasingly aligned across jurisdictions. U.S. lawmakers have introduced a flurry of child safety bills in recent years, and several Asian countries are also adopting digital ID and child protection frameworks.

By building around the EU’s standards, companies position themselves to be future-proof across regions, potentially reducing duplication and fragmentation in compliance approaches.

What Happens Next?

As the app becomes operational in the second half of 2025, several outcomes are likely:

• Broader industry uptake: Platforms seeking to demonstrate good faith will likely integrate the app early, even if not strictly mandated, especially those operating in regulated spaces like social media, dating, gambling, or adult content.
• Expansion to other identity functions: If successful, the app will pave the way for wider adoption of the Digital Identity Wallet in 2026, extending the same privacy-preserving framework to more use cases—including e-government, health services, and financial products.
• Growing demand for API-level access: Mobile platforms will likely look for integration toolkits, open SDKs, and sandbox environments to test and embed the app in existing login and access flows.

MEF’s Role and Next Steps

MEF CEO