In this blog series, our CEO Robin Tombs will be sharing his experience, whilst focusing on major themes, news and issues in the world of identity verification and age assurance.
This month, Robin chats about the UK’s new identity verification requirements for online knife sales and parental vouching for age assurance.
Stricter identity checks for online knife sales
The UK Government has published the National Police Chief Council’s (NPCC) review of online knife sales. There is much to digest over 81 pages, but one clear recommendation, repeated often in the ‘Clayman Report’, is that the online buyer should be identified through identity document checks. These checks should occur at both the point of sale and the point of delivery (or to a connected and identifiable adult who can disclose a unique PIN provided to the online buyer at the point of sale). The identity details of the online buyer may need to be shared with the police if the buyer has been involved, or the knife has been used, in a criminal case.
In many sectors, highly effective age checks can be completed without sharing the identity details of the person accessing age-restricted content. Yoti’s facial age estimation enables an adult to prove age without sharing their identity details. It has also been recognised as highly effective by Ofcom, the UK’s media regulator.
But in light of increasing knife violence in the UK and the Stockport killings, it looks like retailers will be required, from later this year, to verify the identity of the buyer, retain their identity details and use these identity document details to check if the buyer is over 18. So we may see a distinction in the law where adults can choose highly effective, privacy-preserving age checks such as facial age estimation for most digital proof of age cases. However, adults will still have to use identity document-based digital proof of age for knives (and perhaps other offensive weapons). This is because the government wants an audit trail to identify the shopper.
The easiest way for an adult knife buyer to prove their identity (and age) at the point of sale and the point of delivery is to create a UK Government-certified reusable digital ID, such as a Yoti ID, Post Office EasyID or Lloyds Bank Smart ID. These bind a shopper’s unique face with their unique NFC chip passport or unique driving licence.
Buyers can already use their Yoti to prove their identity for right to work checks, right to rent checks and criminal record checks. They can also use it to purchase all age-restricted products, except for alcohol in licensed premises. The UK Government also recently announced that UK adults will be able to use certified reusable digital IDs in pubs, clubs, supermarkets and convenience stores to prove their age when buying alcohol in licensed premises by December 2025.
The effectiveness of Apple’s new Declared Age Range API for age checks
The internet is changing. Apple will roll out the Declared Age Range API to help children share their parent-confirmed age range with app developers. But this will only be with the approval of their parents. Apple recognises that parental assertion is a form of age assurance, but that some apps and websites still require a higher level of certainty to confirm a user’s age or age range.
Yoti believes for many child-focused apps, the Declared Age Range API will be very helpful. But it’ll still be for lawmakers and regulators to decide which types of content, products and services are age-restricted and require effective or highly effective age assurance.
Parental vouching of a child’s age is a level of confidence up from child self-assertion but, understandably, it’s not deemed highly effective age assurance by Ofcom. This is because too many parents admit to helping their children enter false ages or dates of birth. This allows them to access content or services that some parents either think their children are old enough for or don’t realise the content that they’ll be able to access with a falsified age.
Parental vouching is unlikely to ever be deemed highly effective. This is because two years after a parent has falsely vouched that their 13-year-old child was over 16, a regulator is unlikely to allow a business to rely on that 15-year-old child’s parent-vouched age evidence to access age-restricted goods, content or services. This includes buying alcohol and vapes online, playing games for over 18s, watching online porn or signing up to dating sites.
The Australian and UK regulators are two regulators who will soon have to decide whether too many under-13s, who have been wrongly vouched for by their parents as being over 13 or over 16, can access certain age-restricted social media apps. They’ll need to decide if the vouched-for age is acceptable or undermines online child protection measures for all children (and not just children where parents abide by the age rules).
It will be interesting to see whether some country regulators allow gaming platforms, which offer content and chat functions for those over 18, to rely on parent-vouched age. This would be despite lots of evidence in classrooms, online forums and adult conversations that this approach could lead to many under-18s playing games designed for over-18s. Other country regulators make it clear that access to such games and related chat functions requires the adult to pass highly effective age checks.
