Category: Ethics

At first, the idea of reusable identity might sound redundant. After all, what is identity if not a stable set of characteristics that can be referred to as needed to prove one is who they say they are? In the quest to harness digital identity, however, reusability has a more specific, technical meaning – even more so when it comes to age assurance.

While there are varying models, the core idea of a reusable age check is that you only have to verify your age once, and can then apply proof of that single verification across different platforms and services. As such, it is closely related to interoperability, but there are subtle differences. Re-use allows the user to rely on a check completed with the provider of that check on another website. Interoperability allows the user to rely on a check completed with multiple providers, operating independently for other websites. Some systems use digital tokens that live on a user’s device. Others use systems based on the passkey model of digital encryption. The technology is still fresh and the market open, even as standards and testing begin to shape its boundaries.

Several options have already emerged, but as legislation matures in some places and takes root in others, the field is sure to grow. The various factors shaping the field go beyond legislation to encompass payment models for providers, sociocultural attitudes toward pornography and centralized government, privacy and surveillance concerns, youth mental health, and more. In the short to medium term, being able to prove your age once and use that proof repeatedly is going to come in very handy.

Two major reusable age check projects circle one another

Among those currently proffering reusable age verification technology are a smattering of biometrics firms and a couple of initiatives tied to networks of providers. Lithuania-based Ondato has offered its product, OnAge, since 2024. UK firm Yoti offers its Yoti Keys, which are proof-of-age tokens that live on a browser. Portuguese firm AgeVerif claims to offer reusable age checks certified against IEEE 2089.1-2024 by the Age Check Certification Scheme (ACCS). French company Needemand has combined gestural biometrics with a PIN code for its reusable model, BorderAge.

In an email to Biometric Update, Jean Michel Polit, chief business officer for Needemand, says BorderAge “features a unique, proprietary ZKP PIN code technology that allows the user to re-use the result of the initial age verification with hand movements and that ‘survives’ private browsing without using any personal data.”

“This means that to be able to re-use the initial age verification a user will not have to create an account with us, or download an app, even in private browsing. This is a major benefit, since forcing users to create an account or download an App means adding friction that can turn them away.”

The last quarter of 2025 saw the launch of two new initiatives tied to existing entities and networked models. Another French firm, Opale.io, invented a system it calls AgeKey, which is based on passkey technology and leverages on-device biometrics for authentication. The company was acquired by k-ID, the Singapore-headquartered firm that offers automated compliance and age controls. Subsequently, the combined entity launched OpenAge, a reusable proof of age system based on the AgeKey model, which allows users to prove their age simply by unlocking their screen.

A day or so after OpenAge launched, a project gestated by the euCONSENT ASBL consortium also went live to offer reusable age checks. AgeAware is a “standards-based, anonymised, interoperable age verification network” that “allows global providers of age assurance technologies to recognise one another’s age checks, under the governance of euCONSENT.” The euCONSENT project is technically a non-profit organization, but its members include providers Yoti, AgeChecked and VerifyMy, as well as the Age Verification Providers Association.

On launch, there was a degree of tension between the two entities, over fears that toes might get stepped on. The recent announcement that Meta has signed on to OpenAge suggests it has the necessary momentum to become a go-to solution.

However, following the launch announcement, clarifications ensued, and the result appears to be moving in the direction of a solution that factors in everybody – independent age verification and age estimation providers that don’t want to get boxed out of a dominant system, k-ID and its AgeKeys, the advocacy bodies that want to make sure everyone is getting paid fairly for services rendered, and the regulatory bodies whose policies prompted all this to begin with.

The Age Verification Providers Association (AVPA), the industry body representing private age verification, age estimation and age inference providers, has framed interoperability as a fundamental issue for age checks.

“We recognised early on that to compete against both government-issued digital ID and BigTech, we would need to be at least as convenient as them,” says Iain Corby, executive director of AVPA, in comments to Biometric Update. “We welcome the innovation that is now deploying new options for interoperability, and will continue to champion it.”

Corby warns, however, that in the legislative rush to impose age assurance rules on various sites, the industry must remember to prioritize user experience. “As more platforms come into scope, or simply begin to comply with existing laws, we must not let age checks become cookie-popups on speed, as the public will eventually push back,” he says. “So the onus is on the age verification industry to pre-empt that, and we are making excellent progress.”

National digital identity schemes loom over private sector

Enter the government, to say, “We’re here to help.” As nations move ahead on plans to implement national digital ID systems, and others (like India’s Aadhaar) become established as core infrastructure, there have arisen questions about whether government wallets could be vehicles for age assurance – and attendant fears among private firms that they could be rendered irrelevant.

The situation is particularly prickly in the UK, where companies certified under the Digital Identity and Attributes Trust Framework (DIATF) have been pleading their case to a revolving cast of policymakers. The UK digital ID debate took center stage in a recent episode of the Biometric Update Podcast, wherein the Association of Digital Verification Professionals (ADVP), which counts a number of age assurance providers among its members, argued in favor of DIATF-certified firms, while the Tony Blair Institute made the case for government-led digital identity.

Some question whether the government should shoulder the cost of keeping kids off porn sites and social media platforms. Others fear Big Brother tracking their secret online habits. On the other hand, when it comes to data privacy, trust in digital platforms is not much better, and suspicion lingers, no matter how clearly the industry explains the French double-blind model or the development of global standards to govern age assurance systems.

Sharing members makes for complex relationship

The battlefield would thus seem to host three armies: the government, the private digital age assurance sector and the masses of average internet users who just want to doomscroll or look at some skin, but also agree that it probably shouldn’t be so easy for six-year-olds to learn about the versatility of ball gags. However, the ample overlap – between methods and members and frameworks and goals – defies clean boundaries.

One thing that seems clear is that people do not enjoy having to take additional steps to get to the content they want – colloquially, “friction.” The number of people that enjoy having to click on a cookie popup is zero. Constant age checks to log onto social media or Pornhub are effectively  guaranteed to kill anyone’s mood, choke traffic, and drive users to alternative platforms.

How the world gets to trusted, reusable proof of age is still being decided. But the ground is beginning to stabilize: this month saw the publication of ISO/IEC 27566-1:2025 – Age assurance systems, the first global standard covering age assurance technology. By the end of 2026, the landscape will look different, in that we will begin to see which parts of the age assurance ecosystem are likely to endure, and which are past their use-by date.

One thing is certain: no one intends to stop talking about how to save the children.

“Protecting children is a societal issue that will continue to gain momentum in 2026,” says Needemand’s Polit. “Age assurance will become a reality in an increasing number of countries and use cases. On the other hand, the media coverage of the frequent personal data breaches involving major platforms will increasingly steer web users toward age assurance solutions that do not rely on personal data.” His company is preparing to launch another product in 2026 that offers an alternative to BorderAge’s hand gesture system.

Other solutions promise further innovation. Which is to say, reusable, interoperable age checks are among the age assurance industry’s first major milestones. There are many more to come.

By the end of 2025, it was no longer credible to describe the U.S. government’s use of biometrics in immigration enforcement as fragmented, experimental, or limited to border checkpoints.

Over the course of the year, a steady accumulation of procurement records, privacy filings, rulemakings, and operational disclosures revealed something far more durable. It unmasked a layered, interoperable surveillance architecture in which identity itself has become a persistent enforcement surface.

What distinguished 2025 was not a single explosive revelation, but the way previously discrete systems, often discussed in isolation, began to resolve into a coherent whole.

Facial recognition databases, mobile biometric collection tools, and backend case-management platforms were not merely expanding in parallel; they were converging.

And together, they showed how the federal government has been methodically pushing biometric enforcement outward in space and forward in time, embedding identity surveillance into routine administrative processes while oversight mechanisms lagged behind.

No technology better captured this shift than Clearview AI. Once treated as a scandal-driven outlier – a private company scraping billions of images from the open Internet – Clearview’s true significance in 2025 lay in how unremarkable its underlying model had become.

The controversy surrounding Clearview no longer centered on whether law enforcement should use facial recognition at all, but on which vendor or system would supply it.

The premise that a person’s face could be captured anywhere, matched against vast image repositories, and used to generate investigative leads without notice or consent had largely been accepted.

Even where Clearview itself was absent, its logic persisted. Federal and state systems increasingly mirrored the same assumptions: large-scale image aggregation, probabilistic matching, opaque accuracy metrics, and limited avenues for challenge once a match had been made.

What Clearview normalized was not simply facial recognition, but a governing idea that identity could be inferred and acted upon without any prior relationship between the individual and the state.

By the end of the year, the Clearview story had ceased to be about a single company and instead marked the maturation of mass facial recognition as infrastructure rather than exception.

If Clearview illustrated normalization at the database level, Mobile Fortify showed how that normalization reaches the street.

Throughout 2025, Immigration and Customs Enforcement (ICE) quietly expanded its use of Customs and Border Protection’s Mobile Fortify application under an oversight framework that barely registered the scope of what was being authorized.

A joint ICE–CBP privacy threshold analysis did not dispute that agents were capturing facial images, fingerprints, and associated metadata in the field. Instead, it argued that existing Department of Homeland Security (DHS) privacy documentation elsewhere in the bureaucracy was sufficient to cover the practice.

That procedural move proved decisive. By framing Mobile Fortify as an extension of existing systems rather than a new capability, DHS avoided the triggers that would normally require a full Privacy Impact Assessment or a public System of Records Notice. In doing so, the department effectively treated real-time biometric collection on personal mobile devices as an incremental change, not a qualitative shift.

Operationally, Mobile Fortify collapsed the distance between encounter and database. Identity capture, biometric matching, and enforcement decision-making could now occur almost instantaneously, often during brief, unplanned interactions where individuals had little understanding of what data was being taken or how it would be used.

The significance of Mobile Fortify was not merely that it enabled field biometrics, but that it demonstrated how mobility itself has become a regulatory blind spot. Oversight regimes built around static systems and centralized processing struggled to respond to tools designed to move faster than the paperwork meant to govern them.

Less visible, but no less consequential, was the growing role of ImmigrationOS. Marketed as a workflow and case management platform, ImmigrationOS initially appeared administrative rather than coercive.

Systems that determine how data flows, which alerts are generated, and how cases are prioritized often exert more influence over outcomes than the sensors that collect the data in the first place.

ImmigrationOS repeatedly surfaced as a connective hub linking biometric identifiers, enforcement priorities, location data, and third-party inputs. It does not need to collect fingerprints or facial images directly to shape enforcement decisions.

By structuring how biometric matches are surfaced and operationalized – who sees them, when, and with what recommended action – it effectively governs behavior at scale.

The critical insight from this is enforcement logic is migrating upstream into software architecture. Decisions once left to supervisory judgment are increasingly encoded into dashboards, queues, and automated workflows that few outside the system ever see.

Together, these technologies revealed the emergence of an integrated immigration biometrics stack.

Biometric enrollment now begins earlier, persists longer, and travels further than at any point in the past. Data collected during visa applications, asylum processing, airport screening, or street encounters can reappear years later in unrelated enforcement contexts.

International data-sharing arrangements extend this reach beyond U.S. borders, embedding American biometric systems within foreign law enforcement operations while largely escaping domestic transparency requirements.

What stood out in 2025 was how rarely these expansions were debated as expansions. Each step was justified as modernization or efficiency. Taken together, they amounted to a redefinition of immigration enforcement itself, one in which biometric identity becomes a permanent condition rather than a situational tool.

In such a system, error and bias are no longer isolated risks. A single flawed match can propagate across agencies and time, magnifying consequences while diffusing accountability. The through line of the year though was not technological inevitability, but governance lag.

Oversight mechanisms remained document-driven and siloed even as systems became integrated and real time.

Privacy reviews focused on whether a system existed, not on how it reshaped power relationships.

Courts encountered biometric evidence downstream, long after collection and matching decisions had already constrained outcomes.

And Congress received briefings framed in the language of modernization rather than structural transformation.

By the close of 2025, the cumulative effect was unmistakable. The biometric surveillance state did not arrive through a single law or a single database.

It emerged through accretion, through tools framed as administrative, through mobile apps authorized by procedural shortcuts, and through backend systems that quietly encoded enforcement priorities into software.

The unresolved question left by the year’s record is not whether this architecture exists, but whether democratic institutions will meaningfully confront it before it hardens beyond recall.

At stake is not simply privacy, but the ability to govern identity itself. Once biometric systems are fully integrated across borders, agencies, and time, they become extraordinarily difficult to unwind.

The work of 2025 made clear that the window for public reckoning is narrowing. Whether it closes quietly or under scrutiny remains an open question, but the architecture is already in place.

Author: Malhar Vora, Principal Security Engineer and People & Engineering Leader – Group Cyber Security at ANZ Bank https://medium.com/@malhar.vora We all talk about identity as “the new perimeter,” but that statement misses a critical truth. You can’t secure identity if you don’t understand the data behind it. Today, identity isn’t just a login or a […]

The post Why identity data lakes will power the next decade of security first appeared on Identity Week.