By the time you’re reading this, there’s a decent chance that somewhere, quietly and with a great deal of bureaucratic back-patting, someone is trying to figure out exactly how old you are. And not because they’re planning a surprise party.
Not because you asked them to. But because the nine horsemen of the regulatory apocalypse have decided that the future of a “safe” internet depends on everyone flashing their ID like they’re trying to get into an especially dull nightclub.
This is the nightmare of “age assurance,” a term so bloodlessly corporate you can practically hear it sighing into its own PowerPoint.
This is a sprawling, gelatinous lump of biometric estimation, document scans, and AI-ified guesswork, stitched together into one big global initiative under the cheery-sounding Global Online Safety Regulators Network, or GOSRN. Catchy.
Formed in 2022, presumably after someone at Ofcom had an especially boring lunch break, GOSRN now boasts nine national regulators, including the UK, France, Australia, and that well-known digital superpower, Fiji, who have come together to harmonize policies on how to tell whether someone is too young to look at TikTok for adults.
The group is currently chaired by Ireland’s Coimisiún na Meán.
This month, this merry band of regulators released a “Position Statement on Age Assurance and Online Safety Regulation.”
If that sentence made you feel like time had stopped moving, you’re not alone. Inside this gem of a document is a plan to push shared age-verification principles across borders, including support for biometric analysis, official ID checks, and the general dismantling of anonymity for the greater good of child protection.
But don’t worry, it insists that all of this should be “accurate, reliable, fair, and non-intrusive,” which is a bit like saying you’d like your chainsaw to be “gentle, precise, and whisper-quiet.”
More: The Digital ID and Online Age Verification Agenda
The pitch, of course, is that it’s all for the kids.
But behind the scenes, it’s starting to look suspiciously like a surveillance infrastructure.
Most of these tools rely on facial recognition, third-party credential brokers, and databases that not only guess your age, but also remember you. Forever.
The moment you hand over your ID to prove you’re 18, that information is out there, possibly shared, possibly stored, and quite possibly turned into a marketing profile.
And once this machinery exists, it won’t stop at pornography. It never does. Mission creep is the only thing in government that’s ever truly efficient. If they can check your ID to block adult content, they can check it to block content they decide is “psychologically harmful,” “emotionally damaging,” or “financially risky.”
According to GOSRN’s own terms, those categories include anything that might affect your social, emotional, or even “psychological” safety. Which is basically everything.
Part of the plan is to make all these systems “interoperable,” which is just regulator-speak for “you’ll only need to have your soul scanned once, and then everyone gets to share it.” The goal is to stop companies from “forum shopping,” or in other words, choosing to operate in countries that don’t insist on scanning your face every time you log in.
Imagine telling someone in 1996 that the internet would one day be patrolled by a global safety committee ensuring you’re old enough to watch a cooking video that contains a swear word. They’d have laughed in your face, then uploaded a .wav file of it to their Geocities page.
But here we are.
Ofcom, the UK regulator, is fully on board and already flexing its new muscles. Under the Online Safety Act, it has launched 83 investigations and started handing out fines to websites that fail to deliver “highly effective age assurance.” That’s the phrase. “Highly effective.” Not “sensible,” or “proportionate.” “Highly effective,” as in industrial-strength nannying. Spray it over the entire internet until everyone under 18 is bubble-wrapped in an algorithmic playground built by committee.
This is part of what they call “Safety by Design,” but it is actually a regulatory philosophy that wants everything on the internet pre-chewed, sterilized, and algorithmically approved.
It’s a blunt instrument wielded by people who think the web should be a combination of Sesame Street and LinkedIn. That’s fine if you want to reduce the most dynamic communication tool ever invented into a glorified brochure for soft drink companies, but not so great if you believe in things like privacy, freedom of speech, or not being treated like a criminal.
The most alarming part of all this isn’t the bad tech or the condescending tone, it’s the creeping normalization of digital identity checks as the price of entry to online life. Once it’s built, this system will be hard to dismantle.
You’ll be expected to prove who you are, how old you are, and what you’re allowed to see. Every. Single. Time.
Anonymity? That’s for criminals and weirdos, didn’t you know? Real people sign in with their real names, linked to their real faces, and behave like good little users in the polite, sterile techno-state.
And that’s the plan. All wrapped in a warm blanket of child safety, drizzled with concern, and served up by a committee that no one voted for but who’ve decided they know what’s best for everyone.
GOSRN might say it’s committed to human rights, democracy, and the rule of law. But its definition of “online harm” is so elastic it could be used to classify sarcasm as a threat to national security.
And once everyone agrees on the need for interoperable, identity-based age gates, we won’t just have lost our privacy. We’ll have signed it away, smiling politely, because we were told it was for the children.
