For as long as I can remember, entering a pornographic site has required the same effort as skipping a line: zero. So much for age verification; just a click on the “I'm over 18” button and off you go. The European Commission, therefore, also aided by the latest US rulings on the effects social platforms have on minors, is accelerating the process already underway to introduce effective age-verification systems.
All Too Simple
Back in May, Brussels opened formal proceedings against Pornhub, Stripchat, XNXX, and XVideos for suspected violation of the Digital Services Act (DSA). This law updated the legal framework for platforms operating in Europe. It has been in force since 2024 and imposes transparency obligations, rapid removal of illegal content, and management of systemic risks such as disinformation and the protection of minors.
A year later, in March 2026, the investigation reached its preliminary conclusions. The European Commission determined that all four sites allow minors to access their services by relying on simple one-click confirmation pages. Regulation found that mechanism to be completely inadequate in relation to the legal requirements. The same finding was made for the social media platform Snapchat, which, according to another Commission investigation, allegedly may have violated the DSA by exposing minors to attempts at grooming and recruitment for criminal purposes, as well as to information on the sale of illegal goods, such as drugs, or age-restricted products, such as e-cigarettes and alcohol.
The DSA does not explicitly impose age verification as an absolute requirement, but for Very Large Online Platforms (VLOPs)—those with more than 45 million monthly users in the European Union—the Commission expects concrete steps to be taken to mitigate systemic risks related to child protection. A failure to comply can result in penalties of up to 18 million euros or 10 percent of global annual turnover.
So What’s the Solution?
At a press conference held in recent days by the two officials leading the investigation, Prabhat Agarwal and Renate Nikolay, it was explained that the intention is to use verification systems that prove the user is above a certain age, without transmitting their name, date of birth, or other data to the platform or anyone else.
The mini-wallet, or more precisely the Age Verification Blueprint, is the technical answer being analyzed. It is a mobile application that functions like a digital wallet: The user downloads the app, verifies his or her age once via electronic ID card, passport, banking app, or other national identification system, and from that point on can prove that he or she is over 18 at any participating site without having to reload his or her documents each time.
The underlying technical principle is selective disclosure: The mini-wallet does not tell the website the user's date of birth. It only answers the question “Is this person over 18 years old?” with a cryptographically verifiable yes or no. Credentials are transmitted as single-use tokens, which in theory prevents correlation between different sessions on the same site.
The mini-wallet is not a stand-alone system. It is designed as a bridge to the future EU Digital Identity Wallets (EUDI Wallets), the digital wallets that some EU countries will implement by the end of 2026, with which the mini-wallets will be integrated. In practice, users who begin to get used to the mini-wallet now will find the same functional logic in the digital wallet that all European citizens will be required to have in the future. The wallet will allow users to manage not only their age, but also their identity, educational qualifications, drivers licenses, and other personal attributes, all from a single app.
Five member countries are already experimenting with the solution this year, but they don't all seem to be on the same page. It was pointed out at the press conference that France and Denmark are far ahead, while Greece, Spain, and Italy are lagging. This is why some experts are skeptical that the digital wallet will come into force within the established time frame.
An Alternative to the US Model
Among the players already present in the European age verification market are Persona and Yoti. Persona is an identity and age verification provider used by platforms such as Roblox, Discord, and Reddit. It offers verification based on IDs, selfies, and other personal signals—a more data-intensive model than the privacy-focused approach promoted by the European Commission, which aims to prove users' age without revealing further identifying data.
In February 2026, independent researchers reported the public exposure of a subdomain containing information related to the Persona service, a reconstruction partially disputed by the company in a subsequent public statement. In the statement, the company explained that it had had direct and fruitful discussions with the researchers.
Yoti, meanwhile, is currently used by TikTok in Europe alongside other methods like credit cards and ID cards, and was fined €950,000 by the Spanish data protection authority: the Yoti Digital ID app allegedly violated data protection regulations. The company denied the violation and announced it would appeal.
Brussels is promoting an open source architecture, leaving room for both member states and market players to publish national or derivative versions. Scytales and T-Systems were mentioned during the press conference as services to look to in Europe. Whoever develops the system will still have to consider a "triangular" architecture, officials say: A third party certifies that the user meets the required attribute, i.e., being above a certain age, without the site receiving documents or other personal data. To make the concept more understandable, the Commission cited the experience of Covid certificates.
A Glaring Loophole
There remains, however, a clear distance between the technical promise and the social reality of the problem. As recounted in the press conference, the mini-wallet seems designed primarily to prevent the site from learning too much about the user, but much less to solve the most trivial bypass of all: a minor using an adult’s phone, credentials, or ID. In other words, the system may perhaps reduce the amount of personal data in circulation, but it does not automatically eliminate the risk of age verification being bypassed in practice.
Despite this, the mini-wallet currently appears to be the most promising solution. The Commission has clarified, though, that it is not the only possible solution. The door remains open to alternatives, provided they are "equally effective." Pornhub is already involved in the pilot phase, while other operators have been invited to participate.
In short, Europe could become the first major policy laboratory where age verification stops being a formality and becomes a real infrastructure, with all the promise and—not to be overlooked—all the risks that this entails.
This story originally appeared in WIRED Italia and has been translated from Italian.
