Notifications
Clear all
Topic starter
22/06/2026 10:09 am
TL;DR: Ireland is preparing to prioritise age verification and child online safety during its EU presidency, with digital identity tools and the EUDI Wallet expected to support privacy-preserving age checks while reducing unnecessary data disclosure, according to Sumsub and Biometric Update. The real issue for identity teams is not just proving age, but deciding which identity attributes can be verified without expanding personal data exposure.
NHIMG editorial — based on content published by Sumsub: Ireland puts age verification at the top of its EU presidency agenda
Questions worth separating out
Q: How should organisations implement age verification without over-collecting personal data?
A: Use the minimum attribute needed for the access decision, then prove age through a trusted credential or wallet flow that does not expose the full identity record.
Q: Why do digital identity wallets change the age verification model?
A: Wallets can let a user present a verified age claim without sharing unnecessary identity data, which shifts the control from full identity disclosure to selective disclosure.
Q: What do security and privacy teams get wrong about age checks?
A: They often treat age checks as a simple yes or no control, when the real design problem is trust, minimisation, and auditability.
Practitioner guidance
- Define the minimum age claim needed Map each service to the smallest age signal it actually needs, then prohibit collection of full identity data where an age threshold is sufficient.
- Validate verifier trust before rollout Document which issuers, wallets, and identity providers are acceptable, and require policy checks for claim freshness, revocation, and jurisdictional fit.
- Align age assurance with retention controls Set retention limits for age-check artefacts, logs, and proofs so verification evidence does not become a separate privacy risk.
What's in the full analysis
Sumsub's full article covers the policy and regulatory detail this post intentionally leaves for the source:
- How Ireland is framing age verification inside its EU presidency agenda and child safety priorities
- What the article says about EUDI Wallet adoption as a privacy-focused verification path
- The specific policy context around under-16 access restrictions and cross-member-state alignment
- The source article's linkage to other European developments on age verification and digital identity
👉 Read Sumsub's coverage of Ireland's age verification agenda and EUDI Wallet angle →
Age verification and EUDI Wallets: what changes for IAM teams?
Explore further
22/06/2026 10:56 am
Age verification is becoming a digital identity governance problem, not a moderation feature. Once governments push platforms to prove user age, the control boundary moves into identity proofing, attribute release, and auditability. That shifts accountability from content policy teams into IAM, privacy, and compliance functions. The practical conclusion is that age assurance needs identity governance, not just platform enforcement.
A few things that frame the scale:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how weak identity inventory still is across many environments.
A question worth separating out:
Q: How do IAM teams decide whether wallet-based age assurance is ready for production?
A: Check whether the wallet ecosystem supports the required age attribute, whether verifiers can trust the issuer across jurisdictions, and whether the policy can be enforced without full identity disclosure. If those conditions are missing, the rollout will be fragile even if the user experience looks simple.
👉 Read our full editorial: Ireland’s age verification push puts digital identity in focus
