Parents and young people alike expect Google to provide safe, educational, and enriching online spaces . At the heart of this proposition is age verification (or age assurance more broadly): a term referring to the various methods used to determine or estimate the age of a person visiting a site or app.
Just as a playground requires age-appropriate equipment, every website and app requires appropriate safeguards. Companies like Google use age assurance to:
- Protect young people from content that may be inappropriate for their age.
- Offer relevant features and settings tailored to different age groups.
- Empower parents to use parental control tools such as Family Link.
- Comply with child protection regulations.
For many years, we’ve been deploying age assurance methods across our sites and apps, enabling us to seamlessly provide online protections for children, teens, and parents. But the lack of a secure and interoperable online age assurance solution remains a persistent challenge.
We support the European Commission’s approach
This is particularly relevant today in Europe, given the efforts being made to help businesses engage in effective age assurance. The European Commission, for example, is working on a technical solution for EU digital IDs, issued by governments or other trusted sources. Also, its new guidelines on the online protection of minors, under the Digital Services Act (Article 28 of the DSA), provide a policy framework to tie it all together.
Credential Manager: Age Assurance Technology, Now Available on Android
Google’s Credential Manager API creates a secure channel for sharing identity information, including age. Sites and apps can use this tool to “call” a visitor’s credential holder, similar to a mobile wallet or digital age verification app, securing only the necessary age information. This removes one of the biggest barriers to universal age assurance today.
Credential Manager uses Zero Knowledge Proof technology for age verification. This cryptographic method now allows online visitors to prove they are over 18 years old without revealing any additional information, including their identity.
In the future, this technology may be able to accommodate more proofs of age and specific age groups, including those under 18, subject to further work to define standards and specify appropriate safeguards. We encourage age verification solution providers and app and website developers to build on this secure infrastructure for Android devices.
Taking responsibility for age insurance
Other approaches have been proposed. One suggests that a device’s operating system verify users’ ages for the websites they visit. This would alter the protocols of the decentralized web, with consequences that are difficult to predict.
Another proposal, presented as “simple” by its proponents, such as Meta, would require mobile app stores to verify the age of mobile app visitors. This proposal is misleading. In addition to allowing app developers to shirk their responsibilities toward children, it would not protect children. Computers or other devices commonly shared within families would not be covered (and it would also be ineffective against pre-installed apps, such as Meta’s).
Even more worrying, this would require sharing granular age-specific data with millions of developers who don’t need it. We are very concerned about the risks this “solution” would pose to children.
Future prospects
The digital landscape is constantly evolving. We remain committed to collaborating with experts, regulators, and families to create safe, useful, and inspiring products for every generation, and to empower others to do the same.