Practice Statement

Participants who submit an expression of interest and are then notified that they have been selected for the trial will be asked to complete a Practice Statement.  This is the foundation for the trial process.  The format is defined in ISO 27566-1. 

We will provide advice on how to draft a good practice statement at our engagement event on 6th February but you are welcome to complete it before then if you wish.  In any case, we will review your submission and provide feedback. 

You will be able to save drafts and return to previously submitted statements to make changes.  This system has a basic level of security but is not designed to protect confidential information, which we would not expect to be required in a Practice Statement.  Please contact us separately to discuss further if you believe it is necessary to share sensitive information in addition to what you include in the statement. 

Once submitted, you will receive a copy of the Statement by email. 

What the ISO 27566-1 standard requires of a practice statement

A practice statement should document the practices, procedures and controls employed by an entity to fulfil its service.  

It should also include a description of how your system and practice statement will be kept under continuous and regular review, including by the top management of the entity. 

  • An age assurance provider should document the operational practices and procedures utilized to provide age assurance results and indicators of confidence (if applicable). 
  • A relying party should document the acceptable approaches to age assurance that it adopts to comply with age-related eligibility decisions that it takes.  
  • An intermediary that has a direct and independent impact on the achievement of the characteristics described in this document, should prepare their own practice statement. 

Each entity requiring an age-related eligibility decision and each entity contributing to its age assurance system should indicate whether the providers in its supply chain also have compatible practice statements. 

An informative summary of practice statements should be made publicly available by the relevant entity. Though parts of the practice statement should be communicated to the public, other parts should only be communicated to auditors 

Practice statements should not contain information about the approaches used to detect and prevent attack vectors (as this may aid bad actors). 

To begin, please select whether you are: 

  1. Age Assurance Provider 
  1. Relying Party 
  1. Intermediary 

 

Funded by
Project by
SUBSCRIBE TO GET UPDATES
We will publish regular newsletters with updates on our progress, and links to published documentation.
© 2025
 Age Assurance Technology Trial
Created with Heartburst