TL;DR: Age assurance is moving toward interoperable, privacy-preserving standards as Incode, Persona, and Veratad join the OpenAge Initiative, which aims to reduce repeated verification across platforms and align implementations with tightening regulation. The shift matters because age claims increasingly sit at the boundary of identity verification, privacy, and cross-jurisdiction compliance, where fragmented controls create friction and governance gaps.
At a glance
What this is: OpenAge is an industry effort to standardise interoperable, privacy-preserving age assurance across platforms, with Incode joining the initiative alongside other identity vendors.
Why it matters: It matters to IAM and identity verification teams because age assurance is becoming a cross-jurisdiction governance problem that touches data minimisation, user experience, and regulatory consistency.
By the numbers:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
👉 Read Incode's article on OpenAge and privacy-preserving age assurance
Context
Age assurance is the process of confirming that a user meets a required age threshold without necessarily disclosing all underlying identity data. Incode's OpenAge participation points to a broader industry problem: platforms need a repeatable trust model that works across services, markets, and legal regimes without forcing users through redundant verification flows. That is a digital identity governance issue, not just a product feature.
The identity angle is the privacy boundary. When age signals move between providers, the design choices determine whether the system transmits only a claim or exposes broader personal data, authentication artifacts, or re-verification friction. For IAM and identity verification teams, this is similar to how NHI governance must separate reusable trust from uncontrolled credential reuse: portability is useful only if lifecycle and disclosure controls are explicit.
Key questions
Q: How should identity teams implement interoperable age assurance without over-collecting data?
A: Start by separating the age claim from the underlying identity proof. Define the minimum data needed to satisfy the use case, limit retention, and ensure the receiving service only gets the assertion it actually needs. Interoperability should reduce duplicate verification, not expand disclosure across every platform involved.
Q: Why does age assurance create governance issues across multiple jurisdictions?
A: Because the same age check can trigger different privacy, consent, and evidentiary expectations depending on the market. Teams need one architecture that can support local compliance rules without rebuilding the entire verification flow each time a regulation changes.
Q: How do you know if privacy-preserving age verification is actually working?
A: Look for evidence that the system discloses only the age outcome, retains less personal data, and avoids repeated collection across services. If users are still re-verifying unnecessarily or the service is storing more information than required, the privacy model is not doing its job.
Q: Who is accountable when age assurance data is reused across services?
A: Accountability sits with both the service requesting the claim and the provider issuing it, because each controls different parts of the trust chain. Organisations should assign ownership for issuance rules, acceptance rules, expiry, and revocation so portable claims do not become unmanaged trust artefacts.
Technical breakdown
Interoperable age claims need shared trust semantics
Interoperability in age assurance means different providers can produce and consume comparable age claims without each service rebuilding the full verification stack. Technically, that requires shared schemas, consistent assurance levels, and rules for how a claim is validated, represented, and accepted across contexts. Without common semantics, portability becomes a guessing exercise and compliance teams end up compensating for ambiguity with repeated checks. Practical implication: platforms need to define what an acceptable age assertion is before they decide how to exchange it.
Practical implication: define acceptable age assertion formats before integrating cross-provider verification.
Privacy-preserving age verification depends on data minimisation
Privacy-preserving age assurance should confirm the age threshold while revealing as little additional personal data as possible. That usually means separating proof of eligibility from full identity disclosure, limiting retention, and avoiding unnecessary transmission of raw biometric or document data. This matters because once a verifier receives more data than it needs, the legal and operational burden expands quickly. Practical implication: architecture decisions should treat minimisation as a control objective, not a user-experience preference.
Practical implication: minimise data fields and retention in every age assurance flow.
Biometric age estimation needs evaluation methodology, not just accuracy claims
Biometric age estimation is only as defensible as the method used to measure it. Vendors and standards bodies need to specify evaluation datasets, bias considerations, confidence thresholds, and acceptable error ranges, because a raw accuracy number means little outside its test conditions. In age assurance, failure to define measurement methodology can create false confidence and inconsistent enforcement across jurisdictions. Practical implication: require documented testing methods before accepting biometric age estimation in production.
Practical implication: require documented test methodology before production use of biometric age estimation.
NHI Mgmt Group analysis
OpenAge is a governance response to fragmentation, not a vendor feature race. Age assurance has become a distributed identity problem because platforms, regulators, and users all need different evidence from the same transaction. Open standards only help if they reduce repeated verification while preserving assurance boundaries. For practitioners, the key question is whether a shared model can lower friction without diluting trust.
Privacy-preserving age assurance should be treated as a data minimisation control. The technical challenge is not just to verify age, but to prevent broader identity exposure during the exchange. That places age assurance closer to privacy engineering and identity governance than to simple compliance automation. Practitioners should evaluate whether their flows disclose only the minimum necessary claim.
Age assurance introduces a portable trust boundary that resembles the lifecycle problems seen in identity systems. Once a verification result can be reused across services, the lifecycle of that trust signal matters: issuance, expiry, revocation, and contextual binding all need explicit rules. In NHI terms, the lesson is familiar. Reusable assertions without lifecycle control create governance debt, even when the underlying technology is privacy-aware. Practitioners should map portability to lifecycle governance before deployment.
Biometric age estimation will be judged by standards quality, not marketing language. Accuracy, bias handling, and measurement methodology will determine whether the market trusts these systems at scale. OpenAge can help only if it forces consistent evaluation criteria across providers and jurisdictions. Practitioners should demand test transparency before they treat age estimation as an operational control.
From our research:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- From our research: 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
- For a lifecycle lens: See Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for how governed trust should be issued, rotated, and retired.
What this signals
Portable age assurance will force identity teams to think in lifecycle terms. If a verification result can travel across services, it needs expiry, revocation, and binding rules just like any other trusted identity artefact. That is the same governance problem that makes uncontrolled NHI reuse dangerous: reusable trust without lifecycle control becomes operational debt.
Practitioners should expect privacy, fraud, and identity verification teams to converge around shared controls for disclosure minimisation and evidence retention. The practical signal is that age assurance programmes will increasingly be judged on whether they can prove less, not collect more. Teams that can align policy with NIST Cybersecurity Framework 2.0 and internal data minimisation rules will have the cleanest governance story.
For practitioners
- Define the age assurance claim boundary Specify whether your service needs an age threshold, an identity proof, or both, and keep those requirements separate in policy and architecture. The clearer the claim boundary, the less likely the system will over-collect personal data.
- Map portability to lifecycle controls Treat reusable age assertions like governed identity artefacts with defined expiry, revocation, and re-verification conditions. That prevents a portable claim from becoming an unbounded trust token.
- Demand evaluation methodology for biometric age estimation Ask for test datasets, confidence thresholds, and bias handling methods before accepting age estimation in production. A number without methodology is not enough to support compliance decisions.
- Align verification design with privacy requirements Review data minimisation, retention, and disclosure rules together so legal, privacy, and engineering teams are working from the same model. This is especially important when age assurance crosses multiple jurisdictions.
Key takeaways
- OpenAge reflects a wider shift from isolated age checks to governed, interoperable identity assertions.
- Privacy-preserving age assurance succeeds only when data minimisation, lifecycle control, and evaluation methodology are explicit.
- Identity teams should treat portable age claims as governed artefacts, not disposable verification events.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST SP 800-63 and NIST CSF 2.0 set the technical controls, while GDPR and ISO/IEC 27001:2022 define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST SP 800-63 | SP 800-63A | Age assurance relies on identity proofing and assertion handling. |
| NIST CSF 2.0 | PR.AC-1 | Age assurance depends on controlled access to identity and attribute data. |
| GDPR | Art.5 | The article centres on privacy-preserving processing and data minimisation. |
| ISO/IEC 27001:2022 | A.5.15 | Shared access rules are central when age claims move across services. |
Use SP 800-63A to define identity proofing evidence, assurance levels, and acceptable assertions.
Key terms
- Age Assurance: Age assurance is the set of controls used to determine whether a person can access content or services restricted by age. It can include document checks, biometrics, in-band verification and decision logging, but the governance requirement is the same: the organisation must be able to justify the outcome.
- Claim Minimisation: The practice of including only the identity attributes required for a specific access decision. In API security, claim minimisation reduces unnecessary data exposure, simplifies token review, and lowers the risk that broad identity context becomes a hidden authorisation dependency.
- Interoperable Identity Assertion: An interoperable identity assertion is a verification result that can be understood and trusted across more than one platform or provider. The practical challenge is to keep the claim portable without turning it into an uncontrolled, reusable token that outlives its intended context.
What's in the full analysis
Incode's full article covers the operational detail this post intentionally leaves for the source:
- The working areas Incode is contributing to within OpenAge, including biometric age estimation, privacy architecture, and interoperability protocols.
- The regulatory context behind the initiative, including how different jurisdictions are shaping implementation pressure for age assurance.
- The practical rationale Incode gives for joining a standards body rather than building a closed implementation model.
- The article's broader explanation of why open standards matter for platforms operating across multiple markets.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, identity lifecycle, secrets management, and workload identity. It is designed for practitioners building control models that need to scale across identity, security, and compliance programmes.
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org