The European Commission announced today that its age verification app is “technically ready” and will soon be available across EU member states. The app is part of a broader push toward a harmonized European approach to verifying users’ ages online.
What the Commission describes as a tool for child protection is also something else entirely: a stepping stone toward the European Digital Identity Wallets scheduled for rollout by the end of 2026.
Commission President Ursula von der Leyen framed the announcement as urgently necessary. “Online platforms can easily rely on our age verification app so there are no more excuses,” she said at a press conference in Brussels. “Europe offers a free and easy to use solution that can shield our children from harmful and illegal content.”
The language is familiar. Von der Leyen explicitly compared the effort to the EU’s COVID digital certificate, calling that earlier system “a huge success” that reached 78 countries. She described the new app as following “the same principles, the same model.”
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
That comparison should give anyone paying attention serious pause. The COVID certificate normalized the idea that accessing public life required a digital credential. This app extends that logic to the internet.
The app will require users to upload their passport or ID card to confirm their age, the Commission says, while remaining anonymous. The claim is interesting. You scan a government-issued identity document into a system built and controlled by EU member states, and the Commission promises that nobody will track you.
Henna Virkkunen, the EU’s Executive Vice-President for Tech Sovereignty, emphasized that the system uses zero-knowledge proof technology, meaning that “when users want to access an age-restricted service, you remain in full control of your data.” She added, “Because we do not want platforms to scan our passport or face.”
That guarantee is only as strong as the architecture behind it. A March 2026 security analysis of the app’s open-source code found a fundamental architectural flaw: the system’s issuer component has no way to verify that passport verification actually happened on the user’s device.
The researchers who found the vulnerability noted an uncomfortable tradeoff at the heart of the design. Fixing the security gap would likely require sending full passport cryptographic data to the server, including the user’s name and document number, which would amount to a significant reduction in the privacy the system currently promises.
The Commission calls this a “mini wallet.” That nickname reveals more than the branding intends. The app is built on the same technical specifications as the European Digital Identity Wallets, ensuring compatibility and future integration.
Today, it verifies your age. Tomorrow, it can verify your nationality, your qualifications, your right to access a government service. The solution can also be easily adapted to prove other age ranges, for example 13+. The age check is the entry point, not the destination.
Seven EU member states are already preparing to integrate the app into national digital wallets. Von der Leyen named France, Denmark, Greece, Italy, Spain, Cyprus, and Ireland as “front runners,” with each country building the age verification function into its national identity systems.
Ireland, rather than banning social media for under-16s, is developing a digital wallet that verifies age using citizens’ PPS numbers. That’s a national tax identification number tethered to an online access credential.
Virkkunen used her portion of the press conference to announce enforcement actions alongside the app launch. The Commission has taken action against TikTok, Facebook, Instagram, Snapchat, Shein, and several pornographic platforms over failures to protect minors. The dual announcement is strategic. By pairing the age verification tool with punitive enforcement, the Commission is telling platforms that the app is no longer optional and neither is the identity verification regime it carries.
Virkkunen said she will establish an EU-wide coordination mechanism by the end of April “to ensure that we continue to build one solution for the EU, not 27 different ones.” One standardized identity verification system, deployed across 27 countries, with a single set of technical requirements that all private companies must follow. The centralization is the point.
European Digital Rights (EDRi) has warned that the app’s plans show a clear intention to control access to a much wider range of platforms and services beyond pornography.
The Commission touts the app’s open-source code as proof of transparency. The code is available on GitHub, and private companies can build on the blueprint provided they meet technical requirements and, as Virkkunen put it, “respect the privacy standard.”
The part they’re less eager to highlight is what happens next. The app you actually download won’t come from the EU; it comes from your national government or its contracted service providers, bundled into each country’s digital wallet. And those national versions aren’t guaranteed to be fully open source, even when they’re built on the EU’s open components.
The app has already drawn criticism for requiring Google’s Play Integrity API on Android, creating a mandatory dependency on Google’s infrastructure that effectively locks out alternative Android distributions and sideloaded applications. An open-source app that requires Google’s permission to function is a strange definition of digital sovereignty.
Von der Leyen closed her remarks with a line that captures the Commission’s approach perfectly. “Children’s rights in the European Union come before commercial interest,” she said. “And we will make sure they do.” Nobody is arguing against protecting children. The question is whether protecting children requires every adult in Europe to register their government identity documents with a centralized digital system before accessing the internet. The Commission has decided the answer is yes. It built the app before anyone had a chance to disagree.
