In Canberra on Thursday, Tony Allen, CEO of the Age Check Certification Scheme (ACCS), presented a stakeholder briefing on the age assurance trial ongoing in Australia, where the government is currently embroiled in a fuss over legislation banning teens under 16 from using social media.
The full project plan is now publicly available, and Allen’s presentation addresses questions about structure and governance of the trial, who’s involved, and what exactly is going on below the big age assurance fuss.
What is the goal of the trial?
Australia selected the UK-based ACCS in a tender and tasked it with studying and evaluating the effectiveness, reliability and privacy impacts of various age assurance technologies. Results from the trial are expected sometime in fall 2025 – although the government is on a mission to push through the social media and adult content legislation this week.
Gambling, pornography, access to weapons and alcohol – or, for that matter, to senior citizens’ discounts: regardless of the purpose, ACCS is exploring methods and options for age assurance, from points in the customer journey where age assurance could be deployed (such as app stores), to the differences between biometric age verification and age estimation tools.
Allen says the trial aligns with global developments in creating safer digital environments for young users, and will offer guidance to policymakers guiding the future of age verification in Australia. He emphasizes up front that the idea is not to block children from accessing the internet, or to harvest sensitive data. Indeed, part of the reason for his briefing is to dispel myths about what age assurance tech actually does and doesn’t do.
The goal is to shepherd age assurance into the still cautious mainstream: “through rigorous testing, stakeholder engagement and compliance with privacy standards, the trial aims to identify solutions that not only meet regulatory needs but are also feasible for widespread adoption.”
This Trojan horse is empty: no hidden agenda
It’s a common concern in discussions around age verification: some variant on the Trojan horse argument, which says age assurance vendors are setting up the world for a global crackdown on online activity.
Iain Corby, executive director of the Age Verification Provider’s Association and an advisor on ACCS’ trial, explains in an interview with activist Melinda Tankard Reist why that notion is incorrect. “It would be a big mistake to say we shouldn’t do this because we think it’s going to bring in a surveillance state,” Corby says, because “the whole point of our industry is to prove your age online without disclosing your identity.”
In providing highly regulated and scrutinized third-party services for age assurance, the industry removes the risk that comes from sharing personal identity data with, for instance, TikTok or Chaturbate. It also takes the pressure off parents to monitor their kids’ every click.
“These platforms and adult websites,” says Corby, “which are making a pretty large amount of money, should really be the first and primary people responsible for protecting kids online.”
Key standard authored by ACCS lead
ACCS is based in the UK but operates globally. For the age assurance trial, it has joined with Australian partners in software, data science and legal affairs. Allen says the team “worked really closely with the Australian government through Infrastructure Australia.”
The plan includes details of the standards-based accreditation and evaluation scheme, the product quality model, ethics and legal compliance, and other areas. It makes frequent specific reference to ISO/IEC DIS 27566-1 (age assurance systems).
The standard “sets out a framework and core characteristics for age assurance systems deployed for the purpose of enabling age-related eligibility decisions by anybody for any reason in any location through any type of relationship between an individual and the provider of any goods, content, services, venues or spaces that has policy requirements for acquiring assurance.”
The ACCS has an accreditation layer meeting ISO/IEC 17065:2012 on conformity assessment, an evaluation model layer meeting ISO/IEC 205010:2023 on systems and software engineering quality requirements. But ISO/IEC DIS 27566-1 is the backbone, and rightly so: Allen wrote it. Also in play is the IEEE 2089.1:2024 standard for online age verification, which Corby edited.
How methods differ matters for testing
Allen is careful to outline the differences between age assurance (an umbrella term) and the three methods it covers: age verification, age estimation and age inference methods.
Age verification requires a date of birth to confirm someone is a certain age, using valid identity documents or other verification methods. The trial will involve “document verification testing using a dataset of 4,000+ legitimate, fake, and altered identity documents (e.g., passports, driver’s licenses) from various regions, nationally and internationally.” Tests will also cover worn, damaged or poorly scanned documents, to “assess how tolerant the system is to imperfect inputs.” Security testing will identify vulnerabilities that could allow users to bypass verification, including biometric comparisons and deepfake and video injection presentation attacks.
Age estimation “analyzes biological and behavioral features of humans that vary with age” (not, says Allen, technically biometrics.) Existing test datasets will be augmented with additional images of users of varying ages, ethnicities and genders to reflect “the full diversity of the Australian population.” Different lighting conditions, angles and facial expressions will be tested.
The team will also explore age estimation through voice, hand geometry or typing speed analysis.
Age inference methods establish a fact other than date of birth that implies a person is over a certain age; Allen gives the example of having a commercial airline pilot’s license. Other data inputs might include “purchase history, possession of other age-related evidence, browser behaviour or online activity;” Corby likes to joke that it’s unlikely for an eleven-year-old to have a mortgage. The team will deploy personas to test the assumptions and reliability of the inference behind decision-making tools.
Involve children in developing the plan
Allen says it was important to involve children in developing the plan and its associated data protection and ethics handbook. First Nations are also being consulted on scenarios specific to them. Impartiality and engagement are key commitments. George Billinge, former senior policy officer on age assurance for Ofcom, is overseeing the ethical approach, which “will include analysis and extent of Aboriginal and Torres Strait Islander peoples andmulti-ethnic diverse in the demographic spread of human test subjects.”
In general, the ACCS briefing echoes Corby’s assertion that what age assurance providers, and the age assurance trial, are trying to do is enable people to verify their age and share as little data as possible in doing so, and then only with a strictly regulated third party that wants to get rid of it as quickly as possible.
The plan describes the age assurance trial as “an holistic project for Australia leading the world in building a thorough understanding of the effectiveness of age assurance as a practical tool for enhancing the protection of children online (and offline too).”
“The Age Assurance Technology Trial represents a significant step forward in understanding and implementing effective, reliable and privacy-conscious age assurance technologies. As online safety concerns grow, particularly around protecting minors from age-inappropriate content, this trial will provide essential data on the practical, ethical and technological considerations of various age assurance methods.”
Results of the trial could be ready as early as June, although a deadline of September has been floated by the government. Presently, the newly hatched Age Assurance Technology Trial website allows providers to submit an expression of interest in being considered for testing. The scope is broad. ACCS notes that it has not been granted any power of selection or decision, but rather, has been tasked with looking at every available option for effective age assurance that is safe and privacy-preserving, for a variety of existing and emerging use cases.
“I think what we’re hoping to deliver at the end of the project,” Corby says, “is information and good quality data around the relative performance of all of these different methods.”
Article Topics
Age Assurance Technology Trial | Age Check Certification Scheme (ACCS) | age estimation | age verification | Australia | biometrics | children | face biometrics | social media
