Knight-Georgetown Institute Logo

Search

Menu

Press Release /

New Report Offers Comprehensive Technical Assessment of Online Age Assurance Systems

Online age assurance requirements are reshaping how people access digital services worldwide. KGI’s latest report examines how these systems work and the tradeoffs inherent in their deployment.

Washington, D.C., January 29, 2026: The Knight-Georgetown Institute (KGI) today released Age Assurance Online: A Technical Assessment of Current Systems and Their Limitations, a comprehensive report examining how existing age assurance systems operate in practice and the consequences that can be expected from their deployment. 

The report comes at a crucial moment, as governments around the world implement online age assurance requirements that are reshaping how minors and adults access digital services and content. Numerous US states, Australia, the UK, the EU, and other jurisdictions are adopting age assurance requirements in the context of social media, AI chatbots, and adult content, and many jurisdictions are considering similar measures.

KGI’s new report examines the technologies behind age assurance systems and evaluates the most commonly deployed architectures and mechanisms against four key criteria: baseline accuracy, resistance to circumvention, availability, and privacy. Key findings from the report include:

  • Multiple use cases: There are multiple use cases for age assurance, each with different requirements and challenges. These use cases largely fall into two main categories: (1) safer defaults for general-purpose services such as social media, AI chatbots, short-form video, gaming, and search, and (2) blocking access to specific content or services, especially adult-oriented services such as gambling or pornography.
  • Multiple age signals: No single age signal is sufficient on its own.  All existing age signals (self-declaration, commercial and government records, government IDs, age estimation) suffer from either accuracy or availability issues. In order to deploy a practical and effective age assurance system, any practical age assurance system needs to support multiple age signals so that users who are unable to successfully demonstrate their age with one signal can use another signal. Because the privacy properties of age assurance systems vary greatly and many of the most privacy-preserving designs are also not highly available, allowing the user to select a more private signal if available will protect user privacy more than requiring the user to try signals in a predetermined order.
  • Privacy protection: The most commonly deployed age assurance approaches present privacy risks, even though more privacy-protective approaches are possible and becoming more widely available. The most common age assurance systems require the user to either directly identify themself by name, email, or phone number, or to provide the age verification provider (AVP) with an image of their face. This forces the user to trust the AVP not to misuse their data and to protect their data from breach or disclosure even though the user may have no prior relationship with the AVP and no real alternative options if they wish to access the desired content or experiences. These risks are especially acute in cases where age thresholds below 18 are in use and minors are asked to demonstrate their age. Systems with stronger technical privacy guarantees are possible but not widely deployed.
  • Circumvention: All age assurance systems are vulnerable to circumvention. It is not technically feasible to build an age assurance system which would prevent all minors from accessing restricted content or experiences without also blocking large numbers of adult users.

Taken together, the report’s findings illustrate the inherent tradeoffs that characterize all currently available age assurance approaches. Different use cases place varying demands on accuracy, availability, privacy, and resistance to circumvention, and no single mechanism excels across all of these dimensions on both mobile and desktop. 

“Age assurance technologies are complex systems. ” said Eric Rescorla, the report’s lead author and Senior Research Fellow at the Knight-Georgetown Institute. “Understanding their capabilities and limitations is essential to making good decisions about the use of these emerging technologies.”

“This technical assessment reinforces the need for policymakers, service providers, and age verification providers to exercise care in the design and deployment of age assurance systems that protect minors while avoiding unintended impacts on individuals and their engagement with the information ecosystem,” said Alissa Cooper, report co-author and Executive Director of the Knight-Georgetown Institute.

The full report, Age Assurance Online: A Technical Assessment of Current Systems and Their Limitations, is available here.

The Report Overview is available here.

Media contact: 
Julie Anne Miranda-Brobeck, Communications Director, Knight-Georgetown Institute, jm3885@georgetown.edu

Close