UK Age Assurance
AgeEvidence is designed to support highly effective age assurance outcomes as described in UK regulatory guidance.
Regulatory Context
The UK Online Safety Act requires services that host user-generated content to implement age verification or age estimation measures where there is a risk of children accessing harmful content. Ofcom has published guidance on what constitutes “highly effective age assurance,” emphasizing multi-factor approaches, liveness detection, and anti-spoofing measures.
Since July 2025, platforms hosting pornographic content are required to implement age assurance measures meeting Ofcom's guidance. Ofcom has begun enforcement actions, including fines for non-compliance with age verification requirements.
AgeEvidence does not claim Ofcom certification or official approval. It is designed to provide the technical capabilities that platforms need to support effective age assurance outcomes.
Verification Methods
AgeEvidence supports three methods relevant to UK age assurance:
- Age estimation (face-based) — the
age_onlylevel uses face analysis to estimate a user's age without requiring an ID document. Multiple face samples are collected and the median estimated age is used. - ID document verification — the
full_ageandfull_kyclevels capture and verify government-issued ID documents. An admin extracts the date of birth and confirms the subject is at least 18 years old. - Liveness detection— all verification levels include liveness challenges (blink detection, head turn) with anti-spoofing analysis to confirm the user is a live person, not a photo, video, or mask.
How AgeEvidence Aligns with Age Assurance Guidance
| Guidance Principle | AgeEvidence Implementation |
|---|---|
| Multi-factor approach | Combines liveness detection, face analysis, and (optionally) ID document verification in a single flow |
| Anti-spoofing | Detects printed photos, video replay, masks, and screen-displayed documents. Enforces minimum real and live scores. |
| Manual review for borderline cases | Users estimated between 14 and 24 years old are routed to admin review rather than auto-decided |
| Data minimization | Client-side biometric processing reduces server-side data exposure. Age-only verification requires no ID document. |
| Privacy by design | EU data residency, client-side processing, configurable retention, and explicit biometric consent |
Limitations and Transparency
AgeEvidence is a self-contained verification service. It does not:
- Check government databases (DMV, passport, national ID databases)
- Perform credit bureau or financial checks
- Screen against sanctions, PEP, or watchlists
- Provide a formal compliance opinion or legal certification
Platforms using AgeEvidence should evaluate whether the verification levels and methods meet the specific requirements of their content type, risk profile, and regulatory obligations.
Frequently Asked Questions
- Is AgeEvidence certified by Ofcom?
- AgeEvidence is not certified by Ofcom or any specific UK regulatory body. We are designed to support highly effective age assurance outcomes as described in Ofcom guidance. Certification and compliance determinations are the responsibility of the platform deploying the verification service.
- Which AgeEvidence verification levels are relevant for UK age assurance?
- Both age_only and full_age/full_kyc levels are relevant. Age-only provides face estimation with liveness detection for lower-friction age gates. Full age and full KYC add ID document verification for higher-assurance scenarios. The appropriate level depends on the risk profile and regulatory requirements of the specific platform.
- How does AgeEvidence handle users who appear to be under 18?
- For age-only verification, users with an estimated age below 14 are auto-rejected. Users estimated between 14 and 24 are routed to manual admin review. For full KYC and full age verification, an admin extracts the date of birth from the ID document and verifies the subject is at least 18 years old.