In 2025, few people on Earth logged as many travel miles as Iain Corby, the executive director of the Age Verification Providers Association (AVPA), which represents vendors in the digital age assurance industry. From Australia to Washington, DC to the UK, Corby has gone forth to fearlessly preach the facts about age assurance technology to policymakers and legislative bodies. Attendees of the recent 2026 Global Age Assurance Standards Summit may have watched him challenge Meta executives in real time on the effectiveness of age controls for its AI chatbot. The same event recognized AVPA with an Age Assurance Industry Award for its contributions to cross-sector communication.
Nonetheless, AVPA’s work up to 2026 represents a place to start. Foundational work has now given way to the project of creating a sustainable private sector for online age checks, in a world that is increasingly asking for them. There is momentum on key principles and privacy models, like the double-blind architecture required by French law and the use of zero knowledge proofs (ZKPs). Reusable checks are the next frontier, with providers across the board seeking interoperability and robust privacy safeguards. Questions remain about where device-level checks fit in the liability scheme. And the specter of government ID looms, causing ongoing concern about market advantage.
Which is to say, Iain Corby has a lot of work to do.
“Interoperability is not the destination, it is the next phase of the market,” Corby says during a presentation at the summit in Manchester, laying out AVPA’s road map for the next two years.
While interoperability unlocks greater competition through lower costs, less friction for users and stronger privacy, it also brings new challenges on the level of liability and accountability, as use cases and jurisdictions for age assurance continue to expand. Which they will: AVPA advocates for “maintaining broadly equivalent assurance expectations across functionally similar services, such as online computer gaming,” as a key to consistent protection outcomes.
Age assurance, then, is becoming part of the critical infrastructure for the internet as a whole.
Social media companies not following SMMA
This week, AVPA published a report detailing its learnings from the early stage implementation of Australia’s Social Media Minimum Age (SMMA) requirement. The big takeaway is that the biggest challenge for age assurance is not technological, but behavioral, in that social media platforms aren’t really holding up their end of the deal.
Since the SMMA went live on December 10, 2025, evidence has accrued to confirm that “multiple technical approaches are capable of supporting effective age checks, with the effectiveness of outcomes so far determined primarily by governance frameworks, assurance standards and operational controls, rather than by the technological capability or any particular limitations of the age assurance systems being deployed.” Configuration is a problem, with some platforms opting to prioritize low friction over effectiveness.
“There are now concerning reports that many underage users retain access to social media accounts,” says AVPA’s report. An issue for the industry is that perceived ineffectiveness of the law could be blamed on the tech, rather than on the social platforms and how they are implementing it. Yet it is clear who is dropping the ball. According to new data from KJR Labs, the conformity assessment body involved in evaluations for the Age Assurance Technology Trial, 9 in 10 of the largest social media platforms are “still not routinely confirming self-declared ages for new accounts.”
“They are instead allowing anyone to open a new account, and then arguing that the combination of a self-declared age and their own internet age inference models meets their legal obligation.”
In this, the social platforms have found a convenient loophole in the language of age assurance, which is still evolving. Age inference is among the three methods described by the recent international standard for age assurance, ISO/IEC 27566-1, and social companies are positioning their algorithmic models, which harvest additional user data, as inference tools. In the UK, the Information Commissioner’s Office (ICO) has begun making a point of distinguishing between these tools, which it calls “profiling” tools, and age inference tech that consults a specific database to draw conclusions, rather than collecting and analyzing data on user behavioral patterns and other signals.
Per AVPA’s report, “these approaches lack transparency; they are very difficult to audit because it is so hard to replicate for use as test data, as its user behaviour that triggers intervention.”
AVPA calls for minimum accuracy benchmarks
Perhaps anticipating further pushback from Big Tech, which wins if Australia’s law is deemed a failure, AVPA is calling for even tighter controls on what constitutes a trusted age assurance provider. Hard numbers on accuracy are a long-standing ask from many in the age check sector. Now, AVPA says, is the time to lay down some concrete requirements.
“It is now becoming clear that to sustain and strengthen early progress, not only are far more age checks of existing and new users required, but we believe the next step should be to add clearly articulated minimum accuracy benchmarks for effective age assurance to the initial regulatory guidance.”
These should be supported by audit, certification and independent conformity assessment mechanisms, to “drive compliance rates upwards, improve comparability across providers and increase public confidence while preserving flexibility in technical pathways.”
Taking these steps, AVPA says, “will address the emerging variations in platform approaches we found in empirical research which commenced three months after the introduction of the delay.”
“Without more demanding rules, platforms in scope will never consistently deliver the level of protection intended by Australia’s Parliament. The problem with Australia’s social media delay is not too much age assurance, but too little.”
A plea for more regulation
It is perhaps not stressed enough that the biometric age assurance industry wants more regulation. In many tech enterprises, regulation is seen as a barrier to innovation; for age assurance, it is part of the critical DNA of sustained trust.
As such, AVPA’s future includes advocating for technical practices surrounding credential integrity, account lifecycle management and reuse controls. “Going forward, regulation will benefit from additional expectations regarding credential protection, timebound validity with at least annual checks (more often for accounts flagged as suspicious) and reliable reuse, including explicit support for interoperable privacy-preserving tokenized credentials.”
These will “help ensure that assurance integrity is retained over time, as well as promoting convenience and removing the friction platforms are clearly seeking to avoid with their minimalist approach to compliance at present.”
Regulate us, says the age assurance sector; then regulate us harder. Indeed, one might regulate as hard as possible without ever coming to the core issue: “the root of the problem facing Australia today is not a few smart teenagers evading age assurance technology, it is the fact that they don’t even need to do so because they are not being asked to prove their age in the first place.”
AI, perception, accountability to drive future debates
Given everything learned, where is AVPA’s compass pointing for 2027 and beyond?
One answer is “at AI.” An industry originally prompted by the need to regulate pornography and purchases finds itself on the vanguard of defense against emerging risks presented by AI chatbots, deepfakes and synthetic identities.
Trust continues to be a tough nut to crack. AVPA says the biggest risk is perception, particularly confusion between age assurance and identity verification, which can lead to policy mistakes that create lasting barriers.
The organization foresees a market that will continue to evolve as interoperability becomes a reality. Its goal is to build a track record of effectiveness and privacy, and to navigate as best as possible any PR issues that arise. Laws and standards will normalize, with nations now having what executive director Iain Corby calls “second mover advantage” – the benefit of following a path others have already cleared, ultimately leading to better laws and regulations.
One major issue that remains an open wound, so to speak, is the question of liability. Are parents accountable? App stores? Or platforms? Corby’s presentation on the matter at the 2026 Global Age Assurance Standards Summit frames it as the ultimate question, on which balance in the industry hinges. He points to the “proximity principle,” which posits that the safety measure should be located closest to the risk. And in the platform model, the costs of compliance are paid for by those who created the problem in the first place.
Article Topics
Age Assurance Technology Trial | age verification | Australia age verification | AVPA | social media
Latest Biometrics News
Apr 22, 2026, 3:03 pm EDT
After content creators, politicians and journalists, YouTube will also enable celebrities to access its likeness detection tool, allowing them to…
Apr 22, 2026, 2:50 pm EDT
Japan’s policymakers are considering their own version of age assurance for social media with content filtering taking the limelight. Nikkei…
Apr 22, 2026, 1:43 pm EDT
SkyBiometry, a subsidiary of biometric technology company Neurotechnology, has announced the launch of an AI factory and an infrastructure suite of…
Apr 22, 2026, 12:41 pm EDT
London’s Met Police force has won a legal challenge to its use of live facial recognition, allowing them to continue…
Apr 22, 2026, 12:10 pm EDT
Australia is expanding its Anti‑Money Laundering and Counter‑Terrorism Financing (AML/CTF) framework, with the most significant changes in nearly two decades. The…
Apr 22, 2026, 11:51 am EDT
Meta has introduced a new employee monitoring tool that tracks the keystrokes and mouse movements of the company’s U.S.-based workers…