Back in May, we hosted a Demo Day focused on how a few early adopters were approaching age estimation and age verification. At the time, most of the conversation lived in pockets. Some regulators were experimenting with frameworks. A handful of platforms were testing new signals. Age assurance felt like a problem that mattered, but not yet a global priority.
Six months later, everything has changed. Age assurance has moved from a developing trend to a global mandate, and the broader world of age verification has shifted with it. More than 45 countries now require platforms to verify age through methods like device-based age verification, on-device estimation, reusable credentials, or structured checks tied to new age verification laws. Regulators expect measurable accuracy, and platforms are adopting modern age verification systems to prove compliance without storing sensitive data, all while protecting user experience at scale.
This Demo Day showed what that shift looks like in practice. Eight vendors demonstrated how they verify age across streaming, social platforms, gaming, in-person experiences, and new regulatory environments. Each had 15 minutes to present, followed by a live Q&A with trust and safety leaders, product teams, compliance professionals, and policy experts.
What stood out was not just the technology. It was the direction of the market. Privacy-first design is becoming a requirement, on-device processing is becoming the expectation, reusable identity is becoming real, and age assurance has officially gone global.
What age assurance is really solving now
Age assurance covers two essential needs. First, preventing minors from accessing adult content, gambling, and other restricted digital experiences. Second, preventing adults from entering minor-only spaces such as youth communities, education platforms, and social channels designed for children.
These needs sit alongside more traditional age verification online methods that protect minors from adult content and adults from entering youth environments. Youth access laws are expanding, enforcement is tightening, and deepfakes, AI based impersonation, and synthetic content are creating new risks on both sides. Minors now have more tools to appear older, and adults have more ways to appear younger, which makes the protection problem harder for platforms and regulators that are trying to keep everyone in the right place.
This tension shaped the entire event and pushed every vendor to show how they minimize exposure, reduce friction, and still create defensible assurances.
Privacy-first design is branching beyond biometrics
Across the demos, privacy was not an add-on. It was the foundation. Vendors were focused on verifying age without collecting or storing sensitive data, and several demonstrated pathways that move far beyond traditional face or document checks.
Deepak Tiwari, CEO of Privately, set the tone early:
“Our technology is privacy by design. We download the machine learning model into the device, and the entire age estimation happens on-device.”
He emphasized the minimal output:
“All facial processing stays on the device. The only thing that leaves is the signal that the person is above a certain age.”
Other vendors pushed this principle even further. One of the clearest examples came from Jean-Michel Polit, Chief Business Officer of NeedDemand, whose company verifies age using only hand movements. There is no face capture, no document upload, and no voice sample. The model analyzes motion patterns that naturally differ between adolescence and adulthood.
Jean-Michel explained:
“A seventeen-year-old does not know how the hand of an eighteen-year-old moves. These differences are minute and impossible to fake.”
Because the system immediately stops scanning if a face enters the frame, it also reduces the risk of unintended biometric capture, which is one of the biggest compliance concerns in global youth safety laws.
Together, these approaches show that privacy-first design is no longer limited to minimizing what data is stored. It is expanding toward methods that avoid personal data entirely, giving platforms new ways to meet global regulatory requirements without friction or biometric exposure.
Reusable identity is becoming practical
Reusable identity has been a theoretical ideal for years, but most systems struggled with adoption or required centralized storage. FaceTec demonstrated a version that felt practical, portable, and privacy-preserving.
Alberto Lima, SVP Business Development at Facetec, introduced the UR code, a digitally signed QR format that stores an irreversible biometric vector.
“This is not just a QR code. It is a minified, irreversible face vector that still delivers extremely high accuracy.”
Verification can happen offline, identity does not need to be reissued, and there are no centralized databases. The user holds their proof, and platforms can verify it without re-running heavy identity flows.
Alberto summarized the shift:
“Everyone can be an identity issuer. The UR code becomes the interface for verification.”
This model serves alcohol delivery, ticketing, retail age checks, gaming, and other in-person flows where connectivity is inconsistent, and users expect a quick pass, not a multi-step verification process.
ECG-based age estimation shows how fast the science is moving
One of the most forward-looking sessions came from Azfar Adib, Graduate Researcher at TECH-NEST, where teams are exploring how smartwatch ECG signals can estimate age with high accuracy. It builds on the idea that physiological signals are difficult to fake and inherently tied to liveness.
Azfar shared a line that captured the concept clearly:
“ECG is a real-time sign of liveness. The moment I die, you cannot get an ECG signal anymore.”
The study showed:
“Age classification reaches up to 97 percent accuracy using only a smartwatch ECG.”
These findings are early but demonstrate how multimodal verification will evolve as platforms look for signals that are resistant to spoofing and do not require collecting images or documents.
Email age checks are becoming a high-volume default
Biometrics are not appropriate for every platform or flow. That is where Verifymy offered one of the most immediately deployable solutions.
Steve Ball, Chief Executive Officer of Verifymy, explained:
“Email is consistently the most preferred method users are willing to share, and we can verify age with just that.”
The method relies on digital footprint analysis tied to email addresses, not inbox content or personal messages, which keeps privacy intact while enabling large-scale adoption.
Regulators are acknowledging the method:
“Regulators around the world now explicitly reference email age checks as a highly effective method.”
For high-volume platforms, this offers a low-friction way to layer age checks without compromising onboarding speed.
Location has become a compliance requirement
In many markets, age gates depend entirely on where a user is physically located, so platforms must know whether the user is in a jurisdiction with specific restrictions. GeoComply framed this challenge with clarity.
Chris Purvis, Director of Business Development at GeoComply, explained:
“The law does not say you must check age unless they are using a VPN. It says you must prevent minors from accessing restricted content. Full stop.”
He added:
“Location complacency is not location compliance.”
Reliance on IP is no longer enough. VPN use spikes whenever new safety rules are introduced, so location assurance is now a required part of the age assurance stack.
State-level policies such as Florida’s age verification law and the wave of states requiring age verification are further accelerating vendor adoption, especially in markets focused on age verification for adult content and social media.
Standards will reshape the market
The final presentation came from Tony Allen, Chief Executive of ACCS, who is leading the upcoming ISO 27566 standard for age assurance. His guidance was direct and will likely influence procurement decisions next year.
“Every age assurance system must prove five core characteristics: functionality, performance, privacy, security, and acceptability.”
He also noted:
“Expect procurement teams to start saying that if you do not have ISO certification, you will not even qualify.”
Certification will separate providers with measurable accuracy and defensible privacy controls from those relying on promises alone.
Where the market is moving next
This Demo Day made one thing clear. The next generation of age assurance will be built on the principles of privacy preservation, zero data retention, multimodal analysis, and portable proofs that function across various contexts. These capabilities will sit alongside scalable age verification systems that can adapt to global rules and emerging compliance requirements.
The old model relied on document uploads and selfie flows. The emerging model relies on lightweight signals that minimize exposure and scale more easily across jurisdictions. Platforms need methods that work across global regulations, including high-pressure markets such as age verification for adult content, while users want verification to feel invisible and regulators want outcomes that withstand scrutiny.
These demands are aligning rather than conflicting. The vendors on stage showed how fast this space is evolving and what the next decade of online trust will require.
Watch the Recording
Did you miss our Age Assurance Demo Day? You can still catch the full replay of vendor demos, product walk-throughs, and expert insights:
Watch the Age Assurance Demo Day recording here
