Most of the people who abandon an age-gated checkout do so within a few seconds of hitting the verification step. They might be first-time buyers, or parents setting up a social account for a teenager. Each of them sees the same screen and has to prove they are old enough to be there. The question every Head of Product is asking is how to make that moment faster without weakening the check behind it.
The European Commission’s answer landed on 15 April 2026. The EU age verification app is an anonymous credential that lets a person prove they are over a given age threshold without sharing their name, date of birth, or ID document. It was announced in Brussels, confirmed as technically ready for implementation, and positioned as the Commission’s preferred route to compliance with the Digital Services Act. For UK and European businesses already carrying age assurance obligations, it is one more digital age verification method to plan for alongside the ones they already use.
Commission President Ursula von der Leyen and Executive Vice-President Henna Virkkunen presented the app as a single specification built to work across every national wallet in the bloc. In a joint statement on 15 April 2026, they told platforms: “Online platforms can easily rely on our age verification app. So, there are no more excuses.” [Source: European Commission, 15 April 2026]
Seven Member States will pilot first: France, Denmark, Greece, Italy, Spain, Cyprus, and Ireland. The app will reach the Apple App Store and Google Play in pilot countries during summer 2026, with availability across all 27 Member States by January 2027. It is built on open-source code and designed to be absorbed as a credential inside the national EUDI Wallet each state is required to make available by 31 December 2026 under Regulation (EU) 2024/1183. Additional Member States and private-sector relying parties are expected to join during 2026. [Source: European Commission, The EU approach to age verification, 15 April 2026]
Virkkunen framed the architectural choice in plain terms: “We continue to build one solution for the EU, not 27 different ones.”
The EU age verification app is an anonymous credential that proves a user is above a given age without revealing who they are. It is delivered through a user’s national digital identity wallet, generates a yes or no answer on the device, and shares nothing else with the platform requesting the check. It is one of a handful of age assurance methods the Commission recognises as privacy-preserving by design.
The Blueprint supports 15+, 16+ and 18+ thresholds by default, with 13+ available through Member State adaptation. Each threshold generates a separate attestation, so a social network asking for 15+ receives a different credential from an alcohol retailer asking for 18+. The same specification runs across every national wallet, including IT Wallet in Italy, France Identité, MitID in Denmark, Cartera Digital Beta in Spain, and Gov.gr Wallet in Greece. One specification, absorbed into each national wallet, returning the same answer to the platform. [Source: European Commission, The EU approach to age verification]
A zero-knowledge proof lets a user prove a statement is true without revealing the underlying data. In the EU app, the statement is a single yes or no answer to an age threshold question. The proof is generated on the user’s device, the platform receives only the boolean result, and each proof is cryptographically unique so repeated checks cannot be tied back to the same person.
Zero-knowledge proof age verification has practical consequences for a product or compliance lead. The credential never travels to a server before the check runs, so the user’s identity data stays on the phone. The platform receives the one piece of information it needs to enforce the gate and nothing beyond it. Each answer is also unlinkable, which means a user verifying on the same platform across different visits cannot be profiled from the credentials they present. The technical approach is based on anonymous credentials using ECDSA and the Ligero proof system, documented in the EU Age Verification Blueprint Annex B. [Source: EU Age Verification Blueprint, Annex B]
The app will be available on Apple App Store and Google Play in the seven pilot countries during summer 2026, and across all 27 Member States by January 2027. Private-sector relying-party onboarding runs through each national wallet scheme rather than through a single Commission bureau. Formal availability does not translate directly into customer adoption.
Consumer willingness to adopt an EUDI Wallet varies widely across Member States, from single-digit intent in several states to majority interest in Italy. Analyst forecasts point to digital identity wallet volumes roughly doubling from around 83 million at the end of 2025 to 169 million by the end of 2026 [Source: Juniper Research, 2025]. Even under the fastest credible trajectory, meaningful uptake for EUDI wallet age verification, including the EU age verification app, will take 12 to 24 months after availability across consumer markets.
This is a new method landing in a market that already needs age assurance today, and a business that treats the EU age verification app as a destination will miss its current obligations waiting for the destination to arrive.
What forces action on UK and EU businesses today is not the app availability date, but the enforcement cadence already in motion.
On the UK side, Ofcom has issued three age assurance fines under the Online Safety Act in the past five months. A £1 million penalty to AVS Group Ltd on 4 December 2025 for failing to meet its age check duties, plus £50,000 for non-response to an information request. £1.35 million to 8579 LLC on 23 February 2026, the largest fine in this strand of OSA enforcement to date. £450,000 to 4chan on 20 March 2026 for no age checks, with further penalties attached for risk assessment and terms of service failings. The maximum Ofcom penalty is £18 million or 10% of qualifying worldwide revenue, whichever is higher. [Source: Ofcom enforcement pages, 2025-2026]
The ICO and Ofcom issued a joint statement on age assurance on 25 March 2026. Around mid-March, Ofcom wrote to several major UK platforms requesting reports on their age assurance actions by 30 April 2026, with a public update expected in May. [Source: ICO and Ofcom joint statement, 25 March 2026]
On the EU side, DSA Article 28 requires platforms accessible to minors to put in place appropriate and proportionate measures for the privacy, safety and security of children. DSA fines can reach 6% of global annual turnover. From January 2027, once the EU app is available across all 27 Member States, the Commission has signalled it will treat the absence of an equivalent age assurance mechanism as a potential DSA breach.
For UK and EU businesses, the reasonable posture is to offer customers multiple methods today and add the EU age verification app as a further credential when it becomes available. Waiting for a single new method to mature is not a compliance strategy.
A UK business with an EU establishment can register as a relying party through the national wallet scheme of a Member State where it operates. A UK-only business can accept the credential when EU-resident users arrive with it, through an orchestration layer connected to EUDI-compliant wallets. Neither path requires rebuilding the age assurance stack.
For EU age verification UK teams planning 2026 rollouts, eIDAS is asymmetric post-Brexit. The UK recognises EU qualified trust services through the 2019 Exit Regulations. The EU does not recognise UK trust services as equivalent by default. For a UK platform serving EU customers, the cleanest route is to accept the EU credential via an orchestration layer that routes requests to the right national wallet. For a UK-only platform, the EU app is likely to become a further option that a subset of users turn up with, again via the same orchestration layer. [Source: UK EU Exit Regulations 2019, legislation.gov.uk; ICO eIDAS guidance]
Ofcom’s January 2025 guidance recognises digital identity wallets as a highly effective method. The EU age verification app is delivered through EUDI-compliant national wallets, which sit inside that category on the face of the guidance. Ofcom has not issued a public ruling naming the EU app specifically, and has not excluded it.
A defensible position on online safety age verification, EU or UK, is to accept the credential through a DVSTF-certified orchestrator that maintains an audit trail of each check. That approach aligns with Ofcom’s age assurance guidance on both method recognition and evidential record-keeping. An Ofcom update is likely after the 30 April 2026 reporting deadline closes, and a sensible stack stays flexible until it arrives. [Source: Ofcom, Highly Effective Age Assurance FAQ, January 2025]
The user at the age gate is not interested in the mechanics. They want a path they recognise, on the device they already have open, that takes a second. Different customers reach for different methods. Some tap through a bank-verified or mobile-operator check. Others prefer a document scan paired with on-device facial age estimation, and a growing share will want a digital wallet credential. When the EU app arrives, some users will choose it. Every new method is good news for the person at the gate. The commercial question is whether the business behind the gate can accept the new one without a rebuild.
OneID is a UK digital verification services provider, the first organisation certified under the Digital Verification Services Trust Framework as an Identity Service Provider, an Orchestration Service Provider, and a Holder Service Provider. The platform already orchestrates five of the seven methods Ofcom names as highly effective age assurance. OneID’s orchestration layer is built to accept new credentials as they become available to UK businesses. Any EUDI-compliant age verification credential, including the EU age verification app once a production onboarding path is in place for UK relying parties, can be integrated through the same architecture that already supports the methods Ofcom names as highly effective.
Book a conversation with the OneID team about your age verification solutions.