Digital passport verification: Can the internet finally protect children? Lessons Africa must learn before it is too late
The internet was built on a simple principle: anyone, anywhere, could access almost anything.
For more than three decades, that openness has fuelled innovation, education and economic growth. But it has also created one of the greatest public policy failures of the digital age: children have been able to access pornography, gambling, violent content, self-harm material and other age-inappropriate services with little more than a click on a box declaring, “I am over 18.”
That era may be coming to an end, as the European Union has launched what may become the world’s most ambitious attempt to protect children online: a privacy-preserving age verification system designed to prevent minors from accessing harmful online content while avoiding the mass collection of personal data. The initiative is not an “internet passport”, as some social media posts have claimed, nor is it intended to monitor every website a person visits. Rather, it is a targeted system aimed at proving that a user is old enough to access legally age-restricted online services without revealing who that user is.
If successful, the European model could fundamentally reshape how countries balance children’s online safety, privacy rights and digital freedom. It also offers valuable lessons for Africa, where internet adoption is accelerating but child online protection frameworks remain uneven.
The problem the EU is trying to solve
Today’s children grow up in a digital environment vastly different from that experienced by previous generations. Smartphones provide unrestricted access to billions of webpages, social media platforms, AI chatbots, streaming services and gaming communities.
Studies have consistently linked unrestricted exposure to harmful online content with increased risks of anxiety, cyberbullying, addiction, exploitation, grooming and distorted perceptions of sexuality and violence.
Most online platforms nominally require users to be at least 13 or 18 years old. Yet these restrictions are often little more than self-declarations. A child simply clicks “Yes, I am over 18,” and access is granted.
The European Commission concluded that this model no longer provides meaningful protection. Under the Digital Services Act, very large online platforms have greater obligations to protect minors, and the Commission has argued that simple self-declaration is inadequate.
How the EU age verification app works
The European Commission’s solution is deliberately designed around privacy by design.
Instead of asking users to upload their passport or driver’s licence to every website, the system separates identity verification from content access.
The process works broadly as follows:
1. A user downloads an official age verification app or accesses it through a national European Digital Identity Wallet.
2. The user’s age is verified once using an approved source, such as:
• a biometric passport,
• a national electronic identity,
• a banking application that already holds verified identity information, or
• an authorised in-person verification service such as a post office.
3. Once verification is complete, the app generates an anonymous proof that the person meets a required age threshold.
4. When visiting an age-restricted website, the platform asks only for proof that the user is above the required age.
5. The website receives confirmation of eligibility, not the person’s name, date of birth or other identifying information.
This architecture is one of the system’s greatest strengths. It seeks to answer only one question: “Is this person old enough?”
It does not seek to answer the following:
• Who is this person?
• Where do they live?
• What other websites do they visit?
• What is their identity?
The Commission has also made the software open source, allowing Member States to inspect and customise it while integrating it into national digital identity systems.
What content will require verification?
The initial focus is on legally age-restricted services such as the following:
• pornography,
• online gambling,
• adult entertainment,
• certain AI companion services,
• alcohol-related online purchases,
• and other content deemed harmful to minors under national laws.
The broader political debate in Europe now extends to social media itself. European Commission President Ursula von der Leyen has indicated support for stronger age-based access rules, with proposals expected to introduce phased access for younger users and greater parental supervision for children under 13.
Can VPNs defeat the system?
The obvious question is whether Virtual Private Networks (VPNs) can bypass these controls.
The answer is yes, but only partially.
A VPN masks a user’s apparent geographic location by routing internet traffic through servers in another country. A child in France could, in theory, connect through a server outside the European Union to access websites that do not enforce European age verification.
The European Commission openly acknowledges that no age verification system can be made completely impossible to circumvent. Indeed, the Commission compares this to age restrictions on alcohol or tobacco: some minors will inevitably evade the rules, but that does not render age limits pointless.
Australia’s experience provides an early indication of this challenge. Following the introduction of mandatory age checks for adult content, VPN downloads increased, prompting regulators to review whether platforms were taking reasonable steps to limit circumvention. At the same time, authorities reported no evidence that VPN use had rendered the broader policy ineffective.
The lesson is that regulation aims to raise the barrier, not to create a perfect barrier.
Public policy rarely achieves perfection. Seat belts do not eliminate road fatalities. Airport security does not prevent every incident. Financial regulations do not eliminate fraud.
Their value lies in significantly reducing risk.
Age verification should be judged by the same standard.
The privacy debate
Critics have raised legitimate concerns.
Some fear that governments or technology companies could eventually track individuals’ browsing behaviour.
Others worry that age verification creates attractive targets for cybercriminals seeking identity information.
Privacy researchers have also cautioned that poorly implemented age assurance systems could increase security risks or unintentionally erode anonymity online.
The European Commission has sought to address these concerns by requiring the following:
• anonymous proof-of-age technologies,
• minimal disclosure of personal information,
• open-source implementation,
• independent validation,
• and trusted lists of approved providers.
Even so, no digital system is immune to implementation flaws. Early security researchers have identified issues in prototype implementations, underscoring the need for continuous auditing, rapid patching and transparent governance.
The challenge is therefore not whether risks exist – they do – but whether societies can design systems in which the benefits to child protection outweigh the residual risks.
What Africa should learn
Africa should resist two extremes.
The first is to dismiss age verification as unnecessary government interference.
The second is to copy European regulation wholesale without adapting it to African realities.
Instead, African policymakers should learn from Europe’s experience while designing solutions appropriate to the continent.
Several lessons stand out.
First, child protection must become a national priority.
Africa has one of the youngest populations in the world. Millions of children are coming online every year, often through inexpensive smartphones with little parental supervision.
Digital inclusion must be accompanied by digital protection.
Second, privacy should be designed into systems from the beginning.
Age verification should reveal only what is necessary.
It should never become a mechanism for mass surveillance.
Third, digital identity systems matter. Countries with robust digital identity infrastructure will find it far easier to deploy privacy-preserving verification than those relying on fragmented paper records.
Fourth, regulation alone is insufficient. Parents, schools, religious institutions and civil society all have critical roles to play.
Technology can support responsible parenting; it cannot replace it.
Fifth, AI itself can assist.
Artificial intelligence can identify grooming behaviour, cyberbullying, exploitative content and coordinated abuse far more effectively than human moderators working alone.
Age verification should therefore be viewed as one component of a broader child online safety strategy rather than a complete solution.
Africa must avoid becoming a digital spectator
The broader significance of Europe’s initiative extends beyond children’s safety.
It demonstrates that governments are increasingly shaping the rules governing artificial intelligence, digital identity and online platforms rather than leaving these decisions entirely to technology companies.
Africa cannot afford to remain a passive observer.
The continent should actively participate in setting international standards for:
• digital identity,
• AI governance,
• online safety,
• privacy,
• cybersecurity,
• and children’s digital rights.
Otherwise, Africa will once again become a rule-taker rather than a rule-maker.
A defining policy challenge
The debate over online age verification is not ultimately about technology.
It is about values. How should societies protect children without sacrificing privacy?
How much responsibility should governments place upon technology companies?
Where should the balance lie between digital freedom and public safety?
Europe’s answer is that privacy and protection need not be mutually exclusive if systems are carefully designed.
Whether that approach proves successful will become clearer over the coming years.
What is already evident, however, is that the age of unrestricted and largely anonymous access to all forms of online content is drawing to a close.
For Africa, the choice is not whether this debate will arrive. It already has.
The real question is whether African leaders will help shape the future or wait for others to shape it on their behalf.
Sonny Iroche is the founder and chief executive officer of GenAI Learning Concepts Ltd, Lagos. He is an artificial intelligence strategist, corporate governance adviser, Oxford-trained AI executive, and former Executive Director (Finance & Accounts) of the Transmission Company of Nigeria. He advises boards, governments and financial institutions on AI strategy, governance, digital transformation and economic competitiveness.
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
