Part C of the Age Assurance Technology Trial focuses specifically on age verification – the process of determining an individual’s age by referencing a verified date of birth and calculating their age from that known data point. Age verification represents the most direct and high-assurance form of age assurance and is already in widespread use across many regulated industries.
Age Verification based on calculating age from a verified date of birth is technically and operationally feasible in Australia and can be implemented privately, securely and effectively in line with emerging international standards.
No substantial technological limitations were identified that would prevent age verification systems from meeting policy or regulatory requirements in the Australian context.
Providers' claims about age verification capabilities were independently assessed and found to be accurate and reflective of real-world system performance, including in lab and field testing.
There is no single solution to age verification; a range of valid implementation models exist, shaped by sector-specific needs, risk profiles, data availability and privacy expectations.
The age verification sector in Australia is dynamic and innovative, with providers actively developing more efficient and user-centric ways to retrieve, bind and communicate verified age information.
Most providers implemented robust, privacy-focused data handling practices, securely binding DOB to individuals, minimising retention and returning binary age signals (e.g., "Over18") - though some configurations retained more data than strictly necessary.
Age verification systems performed broadly consistently across demographic groups, including First Nations and Torres Strait Islander Peoples. Some providers took proactive steps to include users without conventional identity documents.
Opportunities exist to enhance risk management and system capability, especially regarding real-time detection of lost or stolen documents and improved access to authoritative government data through privacy-preserving APIs.
Cybersecurity practices were strong across the sector, with many providers addressing threats such as biometric spoofing, AI-generated forgeries and injection attacks. However, continuous monitoring and resilience updates remain essential.
Austroads manages the National Exchange of Vehicle and Driver Information System (NEVDIS) and is pioneering Mobile Driver Licence (mDL) standards. It enables verified credentials and selective age attestations via government-issued IDs and secure registries. Austroad’s ecosystem combines national-scale infrastructure with ISO-compliant design.
GBG offers a real-time, multi-layered age verification system combining document checks, facial biometrics, credit agency data and liveness detection. Their solution includes in-person verification options and supports facial age estimation for users aged 6+, without retaining personally identifiable information (PII), making it suitable across multiple regulated sectors.
Effective for physical access and security workflows. Not designed for online or consumer-based AV. Limited application to age assurance sectors. Best suited to enterprise environments with existing ID infrastructure.
Focuses on youth gaming environments. Performs manual ID checks at in-person events and plans to launch a privacy-sensitive tokenised ID system using gesture-based spoof resistance, minimal data retention and community trust principles for underage users.
EarthID provides decentralised, blockchain-based age verification solutions that prioritise user privacy, data security and consent-driven identity sharing, aligning with international standards for trustworthy digital age assurance systems.
Yoti provides low-friction, high-trust verification with one-time & reusable tokens. A standout example of minimising user friction while maintaining assurance comes from Yoti, whose platform consistently prioritised privacy, simplicity and user control throughout the Trial.
One Click Group delivers decentralised, mobile-first identity with encrypted device-bound tokens. Uses facial recognition and liveness detection to securely bind age to the user without server-side data storage.
PRIVO provides privacy-focused, parental consent-based AV services using facial estimation, document checks and guardian approval workflows. COPPA-certified and focused on protecting children in online services and educational contexts.
Erratum: The published report suggests the solution is “US-Centric” – while it has been designed specifically to cater to the US market, and the COPPA legislation in particular. We acknowledge that PRIVO’s solution can be configured for other jurisdictions, including Australia
