Whereas self-assertion (e.g. “Click here if you are an adult”) is a simple and commonplace but clearly very weak control, the standard aims to standardise and where necessary strengthen the process of determining someone’s age or age-range without (necessarily) requiring them to disclose their identity and thereby risk compromising their privacy.

The cunning plan is to develop and incorporate appropriate assurance controls into the framework indicating confidence in the determined age or age-range, giving policy- and law-makers options when defining age-related criteria for various purposes. In situations where age is particularly important, additional confidence in the age determination is warranted, even if that implies completing a more involved and lengthy process of age verification, perhaps utilising a third party age-verification service or aggregating multiple age indicators taking account of any contraindications, inconsistencies or doubts. Conversely, if age verification is relatively unimportant, simpler, quicker, cruder approaches may suffice.

Spoofing (e.g. where an older person pretends or claims to be, and completes the age-verification process on behalf of, a youngster, or a child simply presents a fake credential) is just one of the challenges for this project. There are also identities, credentials, tokens and age-verification subsystems and services, plus individual rights and freedoms to protect (such as privacy and inclusivity), in a framework that allows communication and collaboration between age-verifiers.