On Friday, French regulator Arcom announced that pornographic websites with French users will be required to implement age verification systems by January 11th, 2025. This requirement also extends to other user-to-user platforms that allow access to adult content, as outlined in the newly released technical reference guide for verification.
Arcom was tasked with creating a benchmark that specifies the “minimum technical requirements applicable to age verification systems set up to access services broadcasting pornographic content.” The guidelines, titled “Technical Reference on Age Verification for the Protection of Minors from Online Pornography“, were developed under the authority of the Law aiming to Secure and Regulate the Digital Space (SREN), which came into force in May of 2024. The law grants Arcom the power to “sanction and administratively block pornographic sites that do not comply with their criminal obligation to prevent minors from accessing their content”. In other words, it mandates that websites implement effective age verification systems.
The technical guidelines highlight the gravity of the issue, citing research showing that “2.3 million minors in France visit pornographic sites every month” and that “the share of minors visiting ‘adult’ sites has increased by 9 points in 5 years, from 19 percent at the end of 2017 to 28 percent at the end of 2022.”
When does this come into effect?
These measures will take effect in January 2025, with a three-month transition period, which means all relevant sites must implement robust age verification by April 2025.
What are the details?
Arcom’s document outlines a detailed framework for implementing age verification, including a process for auditing and assessing these systems. It has been highlighted that these requirements are intended to be technology-neutral and emphasises the importance of both reliability and privacy, noting that “its requirements concern both the reliability of user age control and respect for their privacy.”.
The guidelines also allow for temporary measures that adult websites can adopt during a transitional period.
“Arcom invites pornographic sites to implement the most protective solutions without delay,” the regulator stated in the release. “However, during a transitional period of three months, intended to allow them to identify and implement an age verification solution that meets all of these requirements, services will be able to implement solutions using bank cards, in order to protect the youngest users without delay.”.
The guidelines require verification for each website visit or after an inactivity period of at least one hour. Given this strict requirement, it’s crucial the age verification methods deployed are as seamless and low-friction as possible.
Additionally, Arcom holds the authority to enforce compliance. Failure to meet the requirements could result in fines of up to 4% of the site’s annual global revenue and potential blocking of access to the adult website.
Arcom’s advice on what makes up an appropriate age verification solution?
Reliability: The system must be designed to prevent false positives, fraud, and malicious activities such as deepfakes while also ensuring it does not result in any form of discrimination.
Privacy: At a minimum, the solution must be provided by an independent third-party vendor. It should prioritise data minimisation, incorporate privacy by design, and ensure no retention of user data. Additionally, the third-party provider must offer an appeal process for users.
Double-blind: To offer a higher “degree of protection,” platforms should implement at least one “double anonymity” solution. This ensures that the platform does not receive any information about the user’s identity, and the age verification provider is unaware of the websites the user is accessing.
Conclusion
In conclusion, by January 2025, all relevant sites must implement robust, reliable and privacy-preserving age verification.
Cutting-edge, innovative age assurance methods already exist that are particularly well-suited to meet the stringent requirements outlined by Arcom. Privacy-focused, zero-knowledge proof solutions work to verify ages without retaining identifiable information. One example of this is email address age estimation, which uses just an email address to determine the age of a user with a very high degree of accuracy. The method is certified by the Age Check Certification Scheme to EAL level 3, the highest possible level for age estimation, frictionless and works entirely free from bias.
A common misconception surrounding age verification is the fear of exposing the user’s identity. However, the real focus here should not be on who the user is, but on how old they are. Using a trusted third-party age assurance provider, as outlined by Arcom, prevents direct transmission of PII to the application, preserving trust among stakeholders while ensuring data protection. Instead of sharing personal data or identities, these systems provide only a yes/no response to determine whether they meet a minimum age threshold, such as 18, or a minimum estimated age – ensuring their identity remains completely anonymous while meeting the legal requirement to protect minors.
