An open letter published in February 2026 and signed by more than 400 researchers and scientists warns that rushed or poorly designed age verification schemes could backfire on users and public safety.
The signatories say many governments are moving to require age assurance across major services. That push creates pressure to build cross-service trust systems. The letter notes that the European Union’s digital identity wallet is one example of a pan-EU effort that could act as a shared foundation for age assurance. It also warns that any trust infrastructure can be bypassed by acquiring valid certificates or by using VPNs when enforcement is not universal.
The scientists highlight three main groups of harms.
- Migration to marginal and risky sites. If mainstream platforms accept strict checks while others do not, users may shift to smaller or fringe sites that escape regulation. The letter explains this could defeat the policy aim and expose people to scams, malware, and unmoderated content. The UK’s initial Online Safety Act enforcement prompted an Ofcom investigation into porn sites that did not immediately apply age checks, and some services temporarily blocked UK users.
- Privacy and data risks. Age assurance often requires government documents or biometric data, which raises questions about who holds that information and how it is stored. The letter points to real-world incidents where third parties handling ID photos were compromised. A third-party breach tied to age-related appeals exposed about 70,000 government ID photos, as described in Discord’s security notice.
- Discrimination and exclusion. People without formal ID or with low digital literacy could be denied access. The letter warns that this will disproportionately affect some adults and could push vulnerable users into higher risk situations. It also raises the prospect that centralised controls could be abused by hostile actors or states to censor material, including LGBTQ+ information.
The letter calls out legal and technical developments that interact with these risks. It cites platforms that experimented with age assurance, including one company that later adjusted its global rollout. In addition, the gaming and platform space has seen age checks appear in multiple places, such as Microsoft’s UK guidance on age verification on Xbox support page. Console and platform rollouts have produced controversy and operational challenges, and some of those issues are discussed in recent coverage such as Discord delays global age checks and in security research like Persona verification claims.
The letter also references regulatory and legislative moves beyond the UK. It notes a proposed California bill that would require operating systems to include age verification at account setup. Public sentiment is mixed. A YouGov poll cited by commentators found many people support the idea of age checks but doubt current approaches are effective.
More than 400 academics signed the letter. Represented institutions include KU Leuven, University of Copenhagen, Fraunhofer AISEC, Trinity College Dublin, University of Luxembourg, Karlstad University, ETH Zurich, King’s College London, University of Cambridge, University of Oxford, UCL, Brown University, University of Maryland, UC Berkeley, and the World Wide Web Consortium.
The letter includes this warning about centralization and misuse of power. In the signatories’ words, “In the wrong hands, such as an authoritarian government, this influence could be used to censor information and prevent users from accessing services, for example, preventing access to LGBTQ+ content.”
The researchers suggest alternative technical approaches and safeguards, such as privacy-preserving proofs, but stress those options are not yet widely adopted. They urge policymakers to proceed carefully and to design schemes that reduce data collection, avoid single points of failure, and keep users from being pushed toward unsafe corners of the web.
