Breaking down the European Commission’s white label age verification app

The European Commission’s white label age verification app is technically ready  – but what does it do? Day two of the 2026 Global Age Assurance Standards Summit sees representatives from Scytáles and T-Systems, which together won the contract to develop the app, try and answer the question in a deep dive presentation.

Just hours after European Commission President Ursula von der Leyden announced the white label AV app’s public debut, representatives from the two companies explained that the project is intended to provide a flexible privacy-preserving age verification option for nations, operating within a harmonized EU framework. “A uniform AV solution ensures that age proofs are issued, verified and used consistently across Europe while still allowing member states to adapt the implementation to their national needs.”

Four key principles underlie the age verification app. The need for strong user identification at issuance disqualifies age estimation; this is a true age verification tool. The app is meant to provide a single integration for online services, and is privacy preserving by design. And it exists within that single, shared EU trust framework.

Per Riitta Partala, senior project manager for Scytáles, the vision is “one integration for online services, where there is only one implementation needed by sharing the same specifications, sharing the same standards and not making it necessary to really implement a different solution for each member state.”

For deployment, nations can choose which age thresholds are supported, out of a selection of 15 and over, 16 and over or 18 and over. It can be delivered as a standalone app or integrated into an existing national app or wallet – meaning it will be compatible with the European Digital Identity (EUDI) wallet each EU member state is mandated to offer their citizens by the end of 2026 under the eIDAS 2.0 regulation.

A demo showcases how the app creates an age proof from a passport scan combined with biometric identity verification via a video selfie. The app completes matching on-device, and no data is sent to an external server. In addition to passports, age credentials can be derived from EU ID cards, a third-party application such as a banking app that has access to a date of birth, or created over the counter at a service point.

The app uses the W3C Digital Credentials API, which it selected for security and user experience, and has OID4VP as a fallback.

ZKPs for iOS still pending

While EC has deemed the app ready for prime time, it is still working toward implementing Zero Knowledge Proofs on the iOS version. ZKPs are ready to activate in Android, but for now, Apple users will be issued a batch of single-use age tokens – a measure intended to eliminate the possibility of tracking where a credential is used over time. Once the tokens are spent, users will have to re-verify. However, ZKPs allow the app to generate a single proof per instance, so once that’s implemented in iOS, the batch token option will likely be less attractive.

Because age credentials do not grow or change with an individual, users will need to verify at ages 15, 16 and 18 to generate accurate and up-to-date proofs.

Article Topics

Age Assurance Standards Summit (2026)  |  age verification  |  digital ID  |  EU age verification  |  Europe  |  Scytáles  |  T-Systems