EU Commission steps up efforts on the online age verification app: “Implementation by the end of the year”

Strasbourg, by our correspondent – Following the announcement of the imminent launch of the European Union’s online age verification app, the European Commission wants to ensure that all Member States commit to implementing it and that the protection of children online is applied consistently across the continent. For this reason, at a press conference at an event held today (29 April) in Strasbourg, the Commission Vice-President responsible for Digital Technologies, Henna Virkkunen, announced the issuance of a recommendation to national governments “urging them to speed up the implementation of the EU age verification app and make it operational by the end of the year.”

The Commission’s ambitions and the Member States’ concerns

The aim of the new app – the workings of which were explained by Virkkunen herself at the press conference on 15 April – is twofold. On the one hand, the creation of a safer digital environment for children, protecting them from premature use of social media or particularly “sensitive” sites such as pornographic websites or gambling platforms. On the other hand, to ensure that monitoring is carried out in a manner that fully respects the right to privacy, thereby preventing major online platforms from accessing users’ personal information. “Adults will be guaranteed the ability to continue browsing the internet in complete privacy, but at the same time, we will ensure that minors do not access content that is not meant for them,” the Commissioner summed up today.

Following the completion of the technical work by the Commission, the app is now ready for use by Member States, who will be able to implement it as a standalone or integrate it into their Digital Identity Wallet (a sort of virtual hub for online identification that European capitals are required to introduce by the end of this year). Regardless of individual governments’ choices, what matters to Virkkunen is that all countries are committed to using the new application. “We want to ensure a single digital market, and to do so, there cannot be 27 different age verification systems: that is why we have published our European model, which Member States can then adapt to their own needs.” 

The Finnish government’s comments appear to be an indirect response to reports circulating in recent days, according to which Several Member States are reportedly rather sceptical about introducing the app in their respective national contexts. Germany, for example, has already made it clear that it has no intention of implementing the mechanism, while Ireland, France, and Poland would prefer to use solutions that have already been tested at the national level. Finally, the Netherlands has stated that it still needs to assess whether the app “is actually secure, respects privacy and is difficult to circumvent.” 

The main reason for this widespread scepticism lies precisely in the cybersecurity risks. Several IT experts who tested the tool have noted that hacking the application is fairly straightforward. Cybersecurity consultant Paul Moore, for example, wrote on X that “it takes just two minutes,” a vulnerability that opens the door to a massive data breach. Furthermore, there are numerous ways to “trick” the system by circumventing age verification: biometric checks (scanning the user’s face) can be easily bypassed, and a simple VPN can mask a user’s location to avoid the restrictions imposed by the EU.

“However, according to Virkkunen, there will be time to fix things, and national governments should not fall into the trap of alarmism. “The model we have presented is not the final one; we are still developing it,” she explained, assuring that “part of the future work will be precisely to ensure that the app’s controls cannot be circumvented, so that the tool is fully ready once countries need to implement it.”

Virkkunen on Meta: “It isn’t doing enough to protect children”

In addition to national and European institutions, online platforms also play an important role in protecting children online. In this regard, Virkkunen chose to conclude her remarks to the press by referring to the findings of a probe by the Commission to verify the compliance of Meta, the company that owns Instagram and Facebook, with the key provisions of the Digital Services Act (DSA), the EU regulation that, since 2022, has governed digital services and the responsibilities of online platforms.

“According to our findings, Facebook and Instagram are not doing enough to prevent children under 13 from accessing their services, in line with the provisions of the DSA,” Virkkunen pointed out. “In the EU, 8 per cent of children under 13 use these social media platforms, thereby exposing themselves to risks such as cyberbullying, grooming, and other experiences unsuitable for their age,” she added, explaining that “children can easily circumvent the restrictions by simply providing a false date of birth, with Meta having no effective checks in place to verify the accuracy of this self-declaration.” 

In light of Virkkunen’s call for “Meta to change its practices to ensure greater protection for minors,” could the tech giant led by Mark Zuckerberg end up relying on the age-verification app developed by the EU? The Finnish politician does not appear to be ruling out this possibility: “We will continue to work with Meta to determine what the best solution might be, but what is certain is that the current system is not good enough.“