Does the DSA require age verification?

The DSA itself does not mandate a specific age verification method. However, the European Commission has published guidelines on the protection of minors that recommend risk-based age assurance measures. Very large online platforms (VLOPs) face specific obligations regarding minors.

Which AgeEvidence verification levels are relevant for DSA compliance?

The age_only level provides low-friction age estimation suitable for general age gates. For platforms with higher-risk content, full_age or full_kyc adds ID document verification for stronger assurance. The appropriate level depends on the platform's risk assessment.

How does client-side processing support DSA data minimization?

AgeEvidence runs biometric models (face detection, age estimation, liveness analysis) in the user's browser. This means raw biometric data is processed locally before any server interaction, supporting the DSA's emphasis on proportionate data processing and privacy-by-design.

Does AgeEvidence help with DSA risk assessments?

AgeEvidence provides the technical age assurance capability that platforms can reference in their DSA risk assessments. It does not produce the risk assessment itself. Platforms should work with legal counsel to document how their age assurance measures address identified risks to minors.

EU DSA & Minors Protection

The European Commission has published guidelines on the protection of minors under the Digital Services Act (DSA), recommending risk-based age assurance measures for online platforms.

Regulatory Context

The Digital Services Act establishes obligations for online platforms regarding the protection of minors. In July 2025, the European Commission published guidelines recommending that platforms implement age assurance measures proportionate to identified risks. Very large online platforms (VLOPs) face specific due diligence obligations, including systemic risk assessments that must address risks to minors.

AgeEvidence does not claim DSA certification or regulatory approval. It provides age assurance capabilities that platforms can integrate as part of their broader compliance strategy.

DSA Principles and AgeEvidence Alignment

DSA Principle	AgeEvidence Implementation
Risk-based approach	Three verification levels (age_only, full_age, full_kyc) allow platforms to match assurance strength to risk level
Proportionality	Age-only estimation provides low-friction verification for lower-risk contexts; ID verification available for higher-risk scenarios
Data minimization	Client-side biometric processing reduces server-side data exposure. Age-only requires no ID document collection.
Privacy by design	EU data residency, client-side processing, configurable retention, explicit biometric consent
Transparency	Clear verification notice and consent flow presented to users before biometric data processing

Recommended Flows by Risk Level

Lower risk(general social platforms, content sharing) — the age_only level provides face-based age estimation with liveness detection. No ID document required. Proportionate for general age gates.
Higher risk(adult content, age-restricted products) — the full_age level adds ID document verification and face matching for stronger assurance.
Regulatory recordkeeping(performer verification, 2257) — the full_kyc level includes automatic performer record creation with 7-year retention.

VLOP Considerations

Very large online platforms designated under the DSA face additional obligations:

Systemic risk assessments — must identify and mitigate risks to minors. Age assurance can be documented as a mitigation measure.
Independent audits — AgeEvidence provides audit trail exports and access logs that can support audit documentation.
Annual compliance reports — verification statistics and completion rates can be included in DSA transparency reports.

Limitations

AgeEvidence provides age assurance technology. It does not:

Produce DSA risk assessments or compliance opinions
Guarantee regulatory compliance in any jurisdiction
Replace legal counsel for DSA obligations
Check government databases, sanctions lists, or credit bureaus

Platforms should evaluate whether AgeEvidence's verification methods meet the specific requirements identified in their risk assessments.

Frequently Asked Questions

Does the DSA require age verification?: The DSA itself does not mandate a specific age verification method. However, the European Commission has published guidelines on the protection of minors that recommend risk-based age assurance measures. Very large online platforms (VLOPs) face specific obligations regarding minors.
Which AgeEvidence verification levels are relevant for DSA compliance?: The age_only level provides low-friction age estimation suitable for general age gates. For platforms with higher-risk content, full_age or full_kyc adds ID document verification for stronger assurance. The appropriate level depends on the platform's risk assessment.
How does client-side processing support DSA data minimization?: AgeEvidence runs biometric models (face detection, age estimation, liveness analysis) in the user's browser. This means raw biometric data is processed locally before any server interaction, supporting the DSA's emphasis on proportionate data processing and privacy-by-design.
Does AgeEvidence help with DSA risk assessments?: AgeEvidence provides the technical age assurance capability that platforms can reference in their DSA risk assessments. It does not produce the risk assessment itself. Platforms should work with legal counsel to document how their age assurance measures address identified risks to minors.