The European Commission has set a clear timeline for rolling out age verification across the EU:

  • by June 30, 2026, Member States are encouraged to submit implementation plans; and
  • by December 31, 2026, at least one EU‑compliant age verification solution should be available in each Member State.

This timeline, set out in the Commission’s (non-binding) Recommendation on establishing a common EU‑wide framework for age verification technologies of April 29, 2026 (“Recommendation”), signals that age verification is moving rapidly from policy debate to practical implementation.

From Policy Ambition to Near‑Term Delivery

The Recommendation is part of a broader effort to strengthen the protection of minors online and ensure a consistent approach across the EU. It builds on the Digital Services Act (“DSA”), which already requires platforms to ensure a high level of privacy, safety, and security for minors (see also our earlier post: European Commission makes new announcements on the protection of minors under the Digital Services Act).

At the same time, the Commission is moving quickly to operationalize these objectives. For businesses, a key takeaway is that age verification is emerging as a standalone compliance workstream, rather than being tied to future legislation such as the proposed Digital Fairness Act.

A Common, Privacy‑Focused EU Approach

A central element of the Recommendation is the development of EU age verification solutions based on a common technical “blueprint”, aligned with the European Digital Identity Wallet.

These solutions aim to:

  • confirm whether a user meets a specific age threshold (e.g. 18+);
  • limit disclosure to a simple yes/no response; and
  • incorporate privacy‑enhancing technologies, avoiding tracking or unnecessary data collection.

The Commission emphasizes that age verification must be accurate, reliable, and proportionate, and must not be used to profile or track users.

Technology Ready for Immediate Deployment

Importantly, the Commission has also signaled that implementation can start immediately. On May 11, 2026, it announced that a European age verification app is technically ready and can be deployed by Member States and platforms.

On April 15, 2026, Commission President von der Leyen announced that the app will:

  • work like a digital proof of age, similar to showing an ID in the physical world;
  • integrate easily with national digital identity systems;
  • provide strong privacy protections, without revealing additional personal data; and
  • be open source and interoperable, making adoption easier for both governments and platforms.

The message for businesses is clear: technical barriers are being removed, and expectations around implementation will increase accordingly.

Avoiding Fragmentation Across the EU

The Commission’s Recommendation emphasizes that age verification should be implemented in a way that avoids fragmentation of the internal market. While Member States may introduce national measures, these must remain compatible with EU law, in particular the DSA’s harmonized framework.

Age Verification as a Building Block for Future Rules

Beyond its immediate rollout, age verification is increasingly framed as a building block for potential future regulation.

On May 12, 2026, President von der Leyen indicated that the EU may consider additional steps such as:

  • minimum age requirements for access to certain platforms; and
  • a possible “social media delay” for younger users.

While no legislative proposal has been tabled yet, she indicated that the Commission is actively assessing this option, with a potential initiative as early as summer 2026. The debate is gaining traction across Member States and in the European Parliament.

For businesses, the key point is that reliable age verification is being treated as a prerequisite for any such measures. The Commission explicitly underlined that the technology is now available, lowering practical barriers to implementation.

*              *              *

The Covington team is actively supporting clients on DSA compliance, age verification requirements, and broader digital fairness initiatives. Please reach out to a member of the team if you would like to discuss these developments.

Tags: age verification, European Commission, Minors, Recommendation
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as the IAPP’s European Advisory Board, Privacy International and the European security agency, ENISA.

Read more about Dan CooperEmail
Show more Show less
Photo of Anna Sophia Oberschelp de Meneses Anna Sophia Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act…

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act, the European Health Data Space, and EU consumer protection law, including product safety, product liability, and consumer rights legislation. She focuses on the operational side of compliance — helping clients design policies and processes, draft documentation, and build the internal frameworks needed to meet regulatory requirements in practice.

She also advises on contentious matters, drawing on experience managing investigations before national regulators and proceedings before national courts and the Court of Justice of the European Union. She works closely with Covington’s disputes teams on matters at the intersection of regulatory compliance and litigation.

Read more about Anna Sophia Oberschelp de MenesesEmailAnna Sophia's Linkedin Profile
Show more Show less