Singapore gamers who bought and downloaded Xbox titles years ago are now being told they need to prove they’re adults before they can keep playing them.
Microsoft has started rolling out identity verification requirements across its Xbox and Microsoft Store platforms in Singapore, demanding face scans, government ID uploads, or authentication through the country’s national digital identity system, Singpass.
The price of accessing games you already own is now a biometric selfie or a copy of your passport.
The trigger is Singapore’s Online Safety Code of Practice for App Distribution Services, a regulation from the Infocomm Media Development Authority (IMDA) that took effect on April 1, 2026.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
The rule requires app stores to prevent anyone estimated to be under 18 from downloading apps rated for adults, including dating services and content with sexual material. Five storefronts are covered: Apple’s App Store, Google Play, Samsung Galaxy Store, Huawei AppGallery, and Microsoft Store (which includes Xbox).
Each company has chosen its own methods for compliance. The methods vary, but they all share one thing in common: they collect sensitive personal data that didn’t exist in the platform’s records before this regulation.
Microsoft announced its approach on March 17, 2026, framing the verification as optional, while making it mandatory for anyone who wants full access.
“Microsoft users in Singapore will have multiple options to complete age assurance for our stores, giving people flexibility while prioritising privacy,” the company wrote, listing those options as Singpass verification, “secure facial age estimation using a selfie,” or uploading “an official government ID such as a national ID, driver’s license, passport, or residence permit.”
The company describes this as a one-time process. What it doesn’t describe is who processes the data, how long it exists in transit, or what happens if the system holding it gets breached.
Discord learned this lesson last year when its own partner leaked user data. The company that promises to delete your face scan still has to receive it first.
Singapore residents have started receiving emails from Xbox notifying them about the verification requirement, prompting confusion and concern.
Some users initially suspected phishing, a reasonable response when a gaming company emails you asking for your government ID. The emails are real. So is the surveillance they’re asking you to submit to.
What makes Singapore’s approach particularly aggressive is the range of identity data the various app stores now demand. Apple requires either credit card details or government-issued identification like a National Registration Identity Card, a Foreign Identification Number card, or a driving license.
Apple specifically excludes passports, debit cards, and gift cards, which means the company has decided that the only acceptable proof of adulthood requires tying your anonymous Apple account to your legal name and financial records.
Samsung and Huawei take only credit card data. Google took a different route entirely, deploying a machine learning model in February 2026 that watches your search activity, analyzes what categories of YouTube videos you watch, and estimates your age from invasive behavioral signals already attached to your account.
Google calls this “age estimation.” A more accurate description would be continuous behavioral profiling repurposed as age classification.
Google’s system is worth examining because it reveals where this regulatory approach inevitably leads. The company’s algorithm runs silently across Search, YouTube, Google Play, Google Maps, and more.
It’s part of a push to create a permanent link between your gaming identity, your legal identity, and your biometric data, managed by third-party companies you didn’t choose, under retention policies you can’t verify, for purposes that will expand beyond what anyone is currently willing to admit.
