Part F of the Age Assurance Technology Trial focuses on successive validation, the process of combining two or more age assurance methods (such as age inference, age estimation and age verification) to reach a more accurate, risk-appropriate or confidence boosted age-related decision. Defined in ISO/IEC FDIS 27566-1 successive validation supports the principle that age assurance should be proportionate to risk, enabling layered approaches where no single method alone is sufficient or contextually appropriate.
Successive validation is technically feasible and aligns with emerging international standards in Australia. When applied proportionately, layering methods such as inference, estimation and verification enables services to provide scalable and risk-based age assurance. ISO/IEC 27566-1 and IEEE 2089.1 recognise successive validation as a recommended practice for improving confidence in age assessment.
There are no substantial technological limitations to implementing successive validation approaches. The Trial demonstrated that age assurance providers could integrate layered methods into service workflows using current technologies, supported by secure APIs orchestration logic and modular architecture.
Successive validation systems demonstrated internal consistency and standards alignment. Providers articulated well-defined escalation logic, fallback triggers and confidence thresholds, supported by privacy-preserving data handling and compliance with clauses from ISO/IEC FDIS 27566-1.
There is no one-size-fits-all configuration, but flexible models exist across services and sectors. Approaches varied by risk context and use case - from estimation-first models with fallback to document checks, to real-time platform-based escalation triggered by behavioural contra-indicators.
An evolving and innovative sector is actively exploring layered age assurance models. Providers demonstrated dynamic user journey flows, including real-time prompts, device-based checks and reuse of validated identities, reflecting a maturing industry focused on inclusion, compliance and user experience.
Strong privacy-by-design principles were observed across successive validation stages. Early-stage signals were typically anonymised or ephemeral and higher-assurance steps included safeguards such as pseudonymised tokens, strict data separation and one-time use of biometric data.
Successive validation can enhance demographic inclusion and reduce bias. By combining methods, systems can support users without formal ID, including young people near threshold ages and underrepresented communities. Some providers began exploring culturally grounded or context-aware assurance.
Configuration and escalation logic would benefit from clearer standardisation and guidance. Some implementations lacked transparency on fallback thresholds or policy triggers. Better tooling and policy support would help relying parties consistently apply risk-based successive validation.
Security practices aligned with best practice and addressed emerging attack surfaces. Providers employed defences such as rate-limiting, liveness detection, cryptographic token binding and spoofing mitigation to protect validation chains against manipulation.
Verifymy provides flexible AV solutions integrated with digital wallets, document verification and cross-jurisdictional datasets. It supports selective disclosure and privacy-first age checks, delivering binary outcomes (e.g., “Over 18: Yes”) via APIs and reusable credentials for platforms such as gambling, e-commerce and education.
Luciditi provides facial age estimation, document verification via selfie-ID match, NFC passport reading and open banking or telco records, with fallback to a reusable digital ID app.
AgeChecked uses data matching, credit reference checks, electoral rolls, facial age estimation, document verification with liveness detection and adult-linked credit card checks in a cascading process.
Effective for physical access and security workflows. Not designed for online or consumer-based AV. Limited application to age assurance sectors. Best suited to enterprise environments with existing ID infrastructure.
Yoti provides low-friction, high-trust verification with one-time & reusable tokens. A standout example of minimising user friction while maintaining assurance comes from Yoti, whose platform consistently prioritised privacy, simplicity and user control throughout the Trial.
Facial age estimation with fallback to ID verification. Includes audit-backed fairness metrics and governed update process; privacy-preserving design with opt-out controls.
