Part C of the Age Assurance Technology Trial focuses specifically on age verification – the process of determining an individual’s age by referencing a verified date of birth and calculating their age from that known data point. Age verification represents the most direct and high-assurance form of age assurance and is already in widespread use across many regulated industries.
Age Verification based on calculating age from a verified date of birth is technically and operationally feasible in Australia and can be implemented privately, securely and effectively in line with emerging international standards.
No substantial technological limitations were identified that would prevent age verification systems from meeting policy or regulatory requirements in the Australian context.
Providers' claims about age verification capabilities were independently assessed and found to be accurate and reflective of real-world system performance, including in lab and field testing.
There is no single solution to age verification; a range of valid implementation models exist, shaped by sector-specific needs, risk profiles, data availability and privacy expectations.
The age verification sector in Australia is dynamic and innovative, with providers actively developing more efficient and user-centric ways to retrieve, bind and communicate verified age information.
Most providers implemented robust, privacy-focused data handling practices, securely binding DOB to individuals, minimising retention and returning binary age signals (e.g., "Over18") - though some configurations retained more data than strictly necessary.
Age verification systems performed broadly consistently across demographic groups, including First Nations and Torres Strait Islander Peoples. Some providers took proactive steps to include users without conventional identity documents.
Opportunities exist to enhance risk management and system capability, especially regarding real-time detection of lost or stolen documents and improved access to authoritative government data through privacy-preserving APIs.
Cybersecurity practices were strong across the sector, with many providers addressing threats such as biometric spoofing, AI-generated forgeries and injection attacks. However, continuous monitoring and resilience updates remain essential.
Yoti provides low-friction, high-trust verification with one-time & reusable tokens. A standout example of minimising user friction while maintaining assurance comes from Yoti, whose platform consistently prioritised privacy, simplicity and user control throughout the Trial.
One Click Group delivers decentralised, mobile-first identity with encrypted device-bound tokens. Uses facial recognition and liveness detection to securely bind age to the user without server-side data storage.
PRIVO provides privacy-focused, parental consent-based AV services using facial estimation, document checks and guardian approval workflows. COPPA-certified and focused on protecting children in online services and educational contexts.
Erratum: The published report suggests the solution is “US-Centric” – while it has been designed specifically to cater to the US market, and the COPPA legislation in particular. We acknowledge that PRIVO’s solution can be configured for other jurisdictions, including Australia
DigiChek is an age verification provider that uses document-based and data driven techniques to assess user age, ensuring compliance and safety across digital platforms while aligning with international verification standards.
Erratum: The TRL5 was the assessment at the time of the evaluation, but we understand this is now deployed and can be regarded as TRL9
A parent or child links existing accounts—like a school login, health record, or student email—to prove age without loss of privacy. This shifts responsibility from business platforms back to the individual, removing risks tied to storing private data, enforcing biometrics and evolving legal compliance requirements.
Verifymy provides flexible AV solutions integrated with digital wallets, document verification and cross-jurisdictional datasets. It supports selective disclosure and privacy-first age checks, delivering binary outcomes (e.g., “Over 18: Yes”) via APIs and reusable credentials for platforms such as gambling, e-commerce and education.
Sedicii uses document scanning with biometric selfie matching or zero-knowledge proofs if no ID available. Issues single-use, unlinkable binary credentials (e.g. Over 18) without identity exposure.
IDVerse uses advanced AI for real-time age verification via biometric face matching, liveness detection and OCR. Offers strong spoof protection and compliance with global standards for diverse user groups.
