Biometric Update

U.S. bill would mandate operating system-level age verification

Anthony Kimery — Fri, 17 Apr 2026 09:44:58 +0000

A bipartisan House bill introduced this week, HR 8250, would require operating system providers to verify the age of every user who sets up an account or uses an operating system, shifting age-checking obligations away from individual apps and onto platform owners such as mobile and computer operating system companies. The Parents Decide Act was introduced by Rep. Josh Gottheimer and Rep. Elise Stefanik. “With each passing day, the Internet is becoming more and more treacherous for our kids,” Gottheimer said. “We’re not just talking about social media anymore — we’re talking about artificial intelligence and platforms that are shaping how our kids think, feel, and act, often without any real guardrails.” “Right now, we expect children to self-police their safety online,” Gottheimer continued. “That’s not realistic - and it’s not responsible. Parents should decide what apps their kids can download, what content they can see, and how they interact online - not algorithms or tech companies.” The bill would require users to provide their date of birth to create an account and use an operating system. If the user is under 18, a parent or legal guardian would have to verify the minor’s age. Companies would be required to create a system through which app developers can access the information necessary to verify a user’s age, shifting age-verification infrastructure to the operating-system level. “This approach creates a trusted, consistent standard across platforms,” Gottheimer said. “The phone - the operating system that controls it - will tell the apps and the AI platforms the limits you set for your kid. It gives parents real control, not buried deep in some settings menu, but right in front of them, where it should be.” Gottheimer said the legislation works alongside broader bipartisan efforts to improve online safety, including Sammy’s Law, the Kids Online Safety Act, and the Children and Teens’ Online Privacy Protection Act. The bill also would direct operating system providers to build a system allowing app developers to access information needed to verify a user’s age, subject to Federal Trade Commission (FTC) rules on privacy and data protection. Enforcement would fall to the FTC, which would be required to issue regulations within 180 days of enactment for shared devices, parent verification, and data protection standards to ensure birth-date information is collected securely and not breached. The FTC would be required to brief Congress on its rulemaking process, and within 18 months it would have to submit a report on how providers are complying with the new law and whether Congress should update the requirements. The bill also provides a safe harbor for compliant providers, which might not be held liable under the act if they followed the statute’s requirements and FTC rules. The law would take effect one year after enactment.

NADRA Technologies Limited partners on biometric onboarding, IDV platform

Ayang Macdonald — Fri, 17 Apr 2026 09:29:09 +0000

NADRA Technologies Limited (NTL), the commercial arm of Pakistan’s National Database and Registration Authority (NADRA), has signed a memorandum of understanding with Identity360 Global, a company of EPL Private Lt, to collaborate on the development of a new biometric ID verification system.

A news release announcing the partnership says that the AI-powered tool to be developed is aimed at facilitating identity verification for businesses and other entities in Pakistan and beyond.

Per the release, both parties will "explore opportunities to deploy solutions such as AI-based touchless biometric verification, facial recognition, optical character recognition (OCR – conversion of images into editable digital data), and digital onboarding systems."

Under the agreement, NADRA will combine its well-established national digital ID database, infrastructure, and experience in large-scale identity projects with Identity 360 Global's cutting-edge AI touchless biometrics and liveness detection capabilities.

The AI-based digital ID system, they say, is intended to help prevent fraud, boost regulatory compliance, and facilitate digital know your customer (eKYC) for access to services in different sectors including finance, healthcare, government, and telecommunications.

The expectation is that the new digital ID solution will make a substantial contribution to Pakistan's ongoing financial inclusion and wider digital transformation efforts. It is also expected to strengthen ongoing efforts in digital ID trust.

"Identity360 Global is focused on delivering next-generation AI-based identity solutions. This collaboration with NTL enables us to bring innovative, scalable, and compliant technologies to the market, supporting organizations in building secure digital ecosystems," the CEO of Identity360 Global, Ghazanfar Ali Khan, said of the partnership. He added that the company's work conforms to several international standards and certificates in the area of scalable digital identity.

This partnership agreement with Identity 360 Global adds to a series of moves by NADRA to streamline digital identity management. Last month, the body officially launched the Nishan Pakistan, a unified platform designed to modernize and standardize identity verification services.

Recently, the ID authority also announced an upgrade to the Pak ID mobile app with the addition of easy visa application and facial verification features.

The app has been credited with revolutionizing how Pakistanis access services in the public and private sectors.

AI voice fraud draws new congressional scrutiny

Anthony Kimery — Fri, 17 Apr 2026 09:07:22 +0000

U.S. Sen. Maggie Hassan is escalating congressional scrutiny of the fast-growing AI voice-cloning industry, pressing four major companies to explain what they are doing to stop scammers from turning synthetic speech tools into engines of fraud. In letters dated April 16 to ElevenLabs, LOVO, Speechify, and VEED, the New Hampshire Democrat and ranking member of the Congressional Joint Economic Committee demanded detailed answers about what they are doing to prevent bad actors from using their services. Hassan wants to know whether the companies monitor for scam-related uses, verify that a person has consented before their voice is cloned, detect attempts to imitate public figures and minors, watermark AI-generated audio, preserve provenance information, and report bad actors to law enforcement. The letters amount to more than another general warning about the harms of AI. They reflect a more specific congressional concern that voice models have become highly usable, widely accessible, and increasingly difficult for ordinary people to detect. “In recent years, global criminal networks have used deepfake voice programs, along with other new AI tools, to target more people with increasingly personalized and believable digital scams, fueling a booming scam industry that surpasses the global drug trade as an illicit industry,” Hassan told the companies. “Protecting Americans from these financial losses will require collaboration between the public and private sectors, and AI companies [including yours] are on the frontlines of this effort,” Hassan added. Hassan repeatedly frames the problem in operational terms. She is not only asking whether companies prohibit fraud in their terms of service, but whether they enforce those policies, how often they update scam phrase lists, how many violators they have caught, when they ban users, whether those users can return under new accounts, and whether law enforcement receives information that the public does not. That focus matters because the threat is no longer hypothetical. Hassan pointed out that the Federal Bureau of Investigation’s (FBI) 2025 Internet Crime Report, released this month, shows victims lost $893 million to AI-related scams in 2025, a figure that underscores how quickly synthetic media is being absorbed into familiar fraud schemes. Cryptocurrency and AI-related scams were among the costliest, the FBI said. The FBI also said the Internet Crime Complaint Center received 1,008,597 total complaints, an increase from 859,532 in 2024. Phishing/spoofing, extortion, and investment schemes were the most frequently reported complaints. Americans over 60 reported approximately $7.7 billion in losses, up 37 percent from 2024. Industry and consumer advocates have been warning about the same trend. Consumer Reports said in its March 2025 assessment of AI voice-cloning products from Descript, ElevenLabs, Lovo, PlayHT, Resemble AI, and Speechify that it “found a majority of the products assessed did not have meaningful safeguards to stop fraud or misuse of their product.” Consumer Reports said the platforms should automatically flag and prohibit audio containing phrases commonly used in scams and other fraud, a recommendation that closely tracks the questions Hassan posed in her letters to some of the same companies. Those letters lay out why lawmakers are alarmed. Hassan cited research finding that people are poorly equipped to identify AI-generated voice clones and notes that these systems can create convincing synthetic voices from only a brief audio sample. Hassan highlighted how easy it has become to pick from prebuilt voice libraries or generate synthetic voices in many languages. ElevenLabs, for example, is described as offering thousands of voices in dozens of languages; LOVO more than 500 voices in 100 languages; Speechify more than 1,000 voices in over 60 languages; and VEED more than 35 voices capable of speaking dozens of languages. Hassan said romance scams, impersonation scams, and so-called grandparent scams have manipulated victims into believing a loved one is in danger. She noted a 2025 case involving New Hampshire families who were allegedly tricked by an AI-generated imitation of a relative’s voice, as well as 2024 reports from Merrimack County, New Hampshire, where residents received scam calls from voices made to sound like family members or law enforcement. Voice cloning has also been used against businesses to bypass voice-based authentication or impersonating executives to authorize transfers of large sums of money. Another striking element of Hassan’s inquiry is how directly it targets platform design choices. Several of her questions ask whether the companies require real-time audio for verification, whether they demand authentic non-public recordings before allowing a clone, and what mechanisms they use to determine whether submitted audio is genuine. She also wants to know whether the companies detect when users try to create “no-go” voices, such as politicians and celebrities, and whether they can tell when a user succeeds in bypassing those safeguards anyway. Her letters also probe whether the companies permit the cloning of minors’ voices or the creation of synthetic child-like voices, and if so, what protections they have in place against exploitative misuse. Hassan’s line of questioning dovetails with one of the central critiques of the sector: many voice-cloning products historically relied more on user promises than on meaningful technical guardrails. Consumer Reports said most leading products it examined lacked strong technical mechanisms to stop nonconsensual voice cloning and recommended both identity-focused controls and automatic scam phrase detection. Hassan is asking the companies whether they have gone beyond self-attestation and basic policy language to adopt the kind of systems critics say are necessary. Hassan’s oversight push comes as Congress considers a more formal legislative answer. Senate bill S.3982, the AI Fraud Accountability Act of 2026, would establish a federal framework aimed squarely at digital impersonation fraud. Introduced last month by Republican Sen. Tim Sheehy and Democrat Lisa Blunt Rochester and referred to the Senate Committee on Commerce, Science and Transportation, the bill would amend the Communications Act of 1934 as amended to create a criminal prohibition on using a “digital impersonation” in interstate or foreign communications with intent to defraud someone of money, documents, or anything of value. A companion bill was introduced in the House by Republican Vern Buchanan, vice chairman of the House Committee on Ways and Means and chairman of the House Democracy Partnership, and Democratic Rep. Darren Soto. Both bills define digital impersonation broadly to cover convincingly fabricated or altered audio or visual depictions of either an identifiable real person or even an imaginary person presented as genuine. The bill would authorize penalties of up to three years in prison, include forfeiture provisions and establish extraterritorial federal jurisdiction, a notable provision given that many scam operations originate abroad. “We are seeing a disturbing rise in AI-generated voice clones and deepfake videos that convincingly impersonate loved ones, business executives, government officials, and trusted institutions to steal money,” Buchanan said. “Congress must act to stay ahead of these threats by modernizing federal law to keep up with emerging technology. The AI Fraud Accountability Act makes clear that if you use AI to defraud Americans, you will be prosecuted,” Buchanan added. The AI Fraud Accountability Act would create a civil and regulatory enforcement route through the Federal Trade Commission (FTC). A violation would be treated as an unfair or deceptive act or practice enforceable by the FTC. The bill is structured not only to punish fraudsters after the fact, but also to make digital impersonation fraud a matter of consumer protection enforcement. The bill also contains a standards and governance component. It would require the Secretary of Commerce, acting through the National Institute of Standards and Technology (NIST), to convene a working group within 30 days of enactment to develop best practices for recognition, detection, prevention, and tracing of digital impersonations used in fraud. The working group would include representatives from the Department of Justice, FTC, federal, state, and local law enforcement, private sector industries such as financial services, telecommunications, health care, retail, and digital platforms, as well as scientists and engineers with expertise in digital forensics and AI. NIST would then be required to publish best practices and update them annually. That structure is revealing. Hassan’s letters seek data from the companies about what safeguards exist, how effective they are, and where the gaps remain. The bill, by contrast, tries to build the enforcement and technical architecture that would follow from such findings. In that sense, Hassan’s letters and the AI Fraud Accountability Act are complementary. Hassan is gathering the kind of information Congress would need to judge whether voluntary industry practices are working. The AI Fraud Accountability Act, if law, would supply the beginnings of a statutory answer if lawmakers conclude those practices are not working.

Nearly 40% of Gen Z report fraud losses as scams shift online: TransUnion

Masha Borak — Fri, 17 Apr 2026 08:50:45 +0000

Gen Z is increasingly being targeted by online scammers: Nearly 40 percent of Gen Z consumers reported losing money to digital fraud in the past year. The reason behind this is that members of this generation are more likely to use gambling and betting platforms, social platforms such as forums and dating apps and video games – all of which are experiencing a rise in fraud attempts, according to a new report from TransUnion. The solution to the spread of fraud is increasing identity defenses, the consumer credit agency notes in its H1 2026 Top Fraud Trends Update. Although digital fraud rates are declining overall, more sophisticated fraud schemes, driven by the rise of generative AI and synthetic identities, are causing greater losses for consumers, according to Naureen Ali, U.S. head of fraud at TransUnion. “Addressing this requires a new generation of identity-centric defenses that combine advanced analytics, adaptive authentication and multilayered fraud detection,” says Ali. “Organizations must match fraudsters’ technological innovation to stay ahead of rapidly changing schemes.” The firm found that about one in six U.S. consumers lost money to scams conducted via email, phone calls, texts, or online channels in 2025, with median losses reaching US$2,307. Credit card or fraudulent charges were the leading cause of digital fraud losses, accounting for a third of cases. Identity theft followed closely at 29 percent, while account takeover (ATO) affected one in four (27 percent) victims. TransUnion also published global fraud data, surveying a total of 24 countries. The company found that account creation has become a growing target for fraudsters across the world. Globally in 2025, more than eight percent of account creation attempts were flagged as suspected digital fraud, an 18 percent jump from the year prior. “Instead of bypassing controls during account use, they increasingly exploit vulnerabilities at account creation, concealing identity manipulation until losses mount,” says Ali. The solution is to detect sophisticated identity risks at onboarding, she adds. Over a quarter of global consumers said they lost money to digital fraud, reporting a median loss of $1,671. Money mules and third-party seller scams on legitimate ecommerce sites were the leading causes of loss (24 percent), followed by voice phishing or vishing (23 percent). The report also offers data on other types of fraud, including phishing, smishing, unemployment fraud and social engineering.

Vietnam mandates face biometrics for mobile device registration

Ayang Macdonald — Fri, 17 Apr 2026 07:58:19 +0000

A facial recognition process is now required for new mobile device registrations in Vietnam. The policy took effect April 15 under a circular issued March 31, following a draft released in January, and is intended to combat identity fraud and other illegal activities related to SIM card and mobile device ownership. The registration process entails submitting one's name and date of birth, as well as their national ID number and face biometrics. Authorities say the measure, which is in line with a circular of the Ministry of Science and Technology, will be particularly useful to curb identity theft in situations where individuals lose their devices or where ownership changes without a deactivation of the previous registration. Per the new regulation, telecoms companies have up to two hours to identify activities involving a device change and block outbound services until the owner of the new gadget completes a facial recognition-based registration process. Once there is a block, the affected individual has up to 30 days to undertake the biometric verification to prevent a suspension of both inbound and outbound services. If the situation is not sorted out five days after the full service suspension, the telco is required to put an end to the subscription. The new policy requires not only new SIM cards to be registered using facial recognition, but also identities linked to newly registered devices to be verified against the national population register and the resident database. With the new measure, authorities say it is possible to conduct SIM card registration using the VNeID national digital ID application, and users can also verify the number of SIM cards linked to their ID using the platform. Meanwhile, they can complete the process either in physical offices or through other mobile applications made available by telcos. The new measure is part of the Vietnamese government's efforts towards combating identity theft, something which is also common with social media use. In February, measures aiming to mandate digital ID verification for social media use were announced.

UK social engineering scams jump 62% as fraud tactics shift: BioCatch

Masha Borak — Fri, 17 Apr 2026 06:41:14 +0000

While the United States is battling with credit card fraud and identity theft, UK consumers are being targeted by increased attempts at social engineering attacks, behavioral biometrics company BioCatch warns. According to data from nine UK financial institutions serving more than 100 million accounts, in 2025, social engineering scams increased 62 percent year-on-year. The result is unsurprising, according to BioCatch. Banks have been boosting their technological protections against fraud, leaving scammers with options such as social engineering attacks, which rely on psychological manipulation and deception rather than technical prowess. Remote-access and malware-related fraud attempts both declined, while purchase scams (63 percent), investment scams (34 percent), and romance scams (47 percent) saw upticks, according to the 2026 Digital Banking Fraud Trends in the UK report. Phishing attacks in the UK skyrocketed by 140 percent in 2025, while fraud tied to stolen devices wasn't far behind, climbing by 112 percent. In London alone, more than 70,000 phones were reported stolen in 2025, according to police data. “Stolen devices undermine strong customer authentication,” says Jonathan Frost, BioCatch global advisory director. “To address this, financial institutions should continuously assess behavioral intent, because once a bad actor has control of a trusted device, they can often commit fraud with relatively little friction.” The company concludes that winning the battle against fraud will rely on sharing intelligence and using technologies and tools that identify behaviors, patterns, and signals during transactions and interactions.

AI agent delegation via MCP has gaps a Murderbot could walk through

Chris Burt — Thu, 16 Apr 2026 20:25:33 +0000

The introduction of Model Context Protocol (MCP) open standard developed by Anthropic has advanced the data-sharing capabilities of AI agents and the systems they interact with, but the question of how to secure these interactions from rogue agents and a host of other threats remains open. Gluu Founder and CEO Michael Schwartz presented his vision for secure AI agent authorization in a talk titled “Golem to Murderbot: Challenges with Agentic Security Delegation via MCP” at the MCP Dev Summit 2026 in New York City. The Hebrew story of the Golem from late antiquity raises the question of how an automated actor can be relied on to carry out the intent of the person who automates it. In the story, the Golem becomes unruly as it carries out its task. The “truth” – the equivalent for an AI agent of its mission – becomes more unstable with each change in its network context. Fortunately, a “kill switch” is built into the Golem. In Murderbot, a series of books by Martha Wells adapted into an Apple TV series, the “Corporation” which controls “SecuBots” like Murderbot uses a “Governor Module,” a software module which monitors and “punishes” them for policy violations. The title character has gone rogue and hacked its Governor Module, but must fool a second oversight mechanism, the “Hub System,” that everything is in order by feeding data back to it. Murderbot’s presence is necessary as a security agent to reduce the risk in the scenario the story depicts to the point where it is insurable.

Automation and risk reduction

Schwartz argues that while some people tend to see zero trust in a typical agentic AI flow as a matter of enforcing security at an MCP Gateway, because it is a chokepoint, “we should be good. “But this would imply that all the traffic is trusted beyond the gateway, which is sort of the definition of what zero trust seeks to avoid in the first place,” Schwartz says. Instead, “each service needs a Governor Module,” in the form of a policy engine embedded with each service. Each would then produce decision logs, scaling security data and requiring “more operational leverage” for humans to make use of it to take security actions. Schwartz then explained that human authentication is pretty much solved with mechanisms like passkeys and digital wallets, and even software authentication is for the most part functionally solved. Authorization is another matter. From an enterprise perspective, the question is: “under what conditions is access allowed?” The answer may depend on things that have nothing to do with the properties of an AI agent requesting data on behalf of a human. Schwartz gives the example of data governed by agreements between different organizations. Authorization therefore needs to move beyond role-based access control to policies that include context and complexity. This leads to his case for using Cedar as “a policy syntax that is analyzable.” Schwartz concluded his talk by presenting the concept of GovOps, an operating model for enterprise governance through risk management, accountability and transparency. “Identity is the key for accountability,” Schwartz says, “not authorization.” The presentation is posted to Schwartz Identerati Office Hours channel.

Yoti, Luciditi demo interoperable age check at 2026 GAASS

Joel R. McConvey — Thu, 16 Apr 2026 20:01:10 +0000

At the 2026 Global Age Assurance Summit in Manchester, UK providers Yoti and Luciditi have successfully demonstrated how interoperable digital identity solutions equipped with biometrics can enable secure, privacy-preserving proof of age for alcohol sales across the UK market. A release says the collaboration demonstrates how different providers can support one another in collaboration, “giving businesses flexibility and consumers more choice.” In a live demonstration, Yoti’s Digital ID Connect ID Checker successfully verified a proof of age credential issued by Luciditi, showcasing real-world interoperability between independent UK providers. Both companies are certified under the UK Digital Verification Services Trust Framework (and are, as such, among those feeling pressed by the government’s GOV.UK plans). Yoti and Luciditi’s system allows customers to present their proof of age on their smartphone via a QR code. It works offline, performing facial liveness detection and selfie matching on-device to protect privacy – meaning no biometric special category data leaves the buyer’s phone. Per the release, “the buyer’s facial image is not sent to the ID Checker app (and consequently the business), as the age credential’s biometric binding is performed on the device.” Ian Moody, CEO and co-founder at Luciditi says that “with age checks a daily requirement for retailers and hospitality venues, today’s demonstration shows how interoperable digital IDs can streamline operations while building consumer trust. ID Checker is available now in major app stores, enabling immediate adoption across the UK.” Yoti CEO Robin Tombs, fresh off winning the first-ever Age Assurance Industry Award for lifetime achievement, explains that “with businesses only receiving a simple confirmation of age, staff are no longer required to visually match a customer’s face to an ID image – keeping customer details such as date of birth and address private and secure. It also helps to reduce friction at the point of purchase, minimising the potential for confrontation.”

UK to deploy biometric ID in prisons after 179 released in error

Masha Borak — Thu, 16 Apr 2026 19:33:01 +0000

The UK government has announced the digitalization of the prison system, with a new biometric ID system aimed at preventing errors such as mistaken releases. Fingerprints and facial scans will be used to verify the identities of prisoners at key points, including upon release from custody, the Home Office announced on Wednesday. Trials of the Justice ID system will begin within six months, with a full rollout expected before the end of this parliament, according to Justice Minister David Lammy. “We are rolling out biometrics, a new Justice ID and up to £82 million (US$110.9 million) to bear down on these errors and keep the public safe after years of chaos,” the Minister said in a statement. The announcement comes after 179 prisoners were found to have been released in error in England and Wales between April 2025 and March 2026. Another 262 prisoners were mistakenly released in 2024, making it a record year. Among them was the high-profile case of sex offender Hadush Kebatu, who was released from Chelmsford prison in October last year, resulting in a manhunt that cost the police £152,738 (US$206,576). Kebatu was jailed for sexually assaulting a 14-year-old girl and a woman. Minister Lammy has blamed the incidents on a “broken system caused by 14 years of underinvestment and overcrowding” in prisons and courts. The new digital ID system will allow staff to access information on individuals, eliminating duplicate entries and fragmented paper-based processes. Aside from digitizing the outdated paper-based prison system, authorities plan to expand the use of body-worn cameras to all uniformed personnel working with prisoners. The plan, however, may not be that simple to execute. The UK criminal justice system is a “cumbersome arrangement of disconnected legacy apparatus,” says Fraser Sampson, former UK biometrics and surveillance camera commissioner. A systemic solution would require all data from courts, probation service, police and prisons to be joined in one place. “An integrated system across the criminal justice sector will need serious groundwork, converting records into a comprehensive, accessible database,” Fraser wrote for Biometric Update last year. “It will need compatible infrastructure across the estate to allow for basic biometric verification so that decision makers are equipped with all the detail. But it could work.”

Alcohol retailers awaiting digital age checks lay out what they want from a solution

Joel R. McConvey — Thu, 16 Apr 2026 19:27:42 +0000

It’s clear how age assurance providers feel about age check technology. But what are UK retailers looking for from biometric and digital-ID based age assurance tools. A session at the 2026 Global Age Assurance Standards Summit, hosted by the Retail of Alcohol Standards Group (RASG), sees representatives from four UK retailers explain what they’re looking for from digital ID. A sense of simmering frustration sits over the discussion. The big-ticket promise that Brits would be able to buy a pint using digital ID to prove their age by Christmas 2025, thanks to updates to the mandatory licensing conditions, is now a laughable memory. Ewen McGregor, a licensing lawyer at TLT LLP tasked with chairing the panel, begins with the sincere wish that he doesn’t end up in the same seat, making the same case at next year’s summit. In other words, a path to implementation is long past due. But for retailers – especially grocers and department stores, where alcohol is not the main product – change must serve their customers, and their business.

Key digital ID asks for retailers include interoperability, offline function

Andrew Leaper, retail safety manager for Co-op, says a key requirement is that it can’t complicate the checkout process. “It needs to be really easy,” he says, especially for older people who may not be as comfortable with digital devices as younger generations. “People don’t want to feel embarrassed” because they can’t sort out how to present digital ID for a transaction. Moreover, if someone spends minutes fumbling at the cash, that’s time that, in bulk, translates to cost. Outside of speed and convenience at the till, a core benefit of digital ID for age checks at retail is how they reduce the possibility for conflict or aggression directed at employees. If it’s a computer saying no to a customer, rather than a person, the window for argument is much smaller. Johnathan Whytock, who works as operations development manager for major supermarket chain Tesco, points to regulatory compliance as a key driver. For this reason and more, he lists trust as a number one priority for a provider. He stands behind the UK trust framework model as a good way to vet and certify trusted companies in the space. Other key asks are for offline functionality (Leaper points out that, for festivals, “sometimes we’re setting up a shop in a field”) and interoperability across apps and devices. There is also a question of passability, so to speak. Sarah Gregory-Anderson, compliance manager for the iconic Marks & Spencer, says a digital ID “needs to look legit.” Quality, in other words, can promote trust. Ideally, functions will eventually converge, combining Challenge 25 (which RASG started), ID verification, loyalty cards and payments.

Shift to digital ID should feel invisible to consumers

Overall, the ask is for technology that improves business and the customer journey – but, as much as possible, without customers noticing. The responses shine a cold light on a hard truth: age assurance is cutting edge tech that applies to a wide range of use cases, and the debate over age checks for social media make headlines. But for many people in the UK, especially in older generations, an experience with age assurance will involve simply trying to buy a bottle of wine or ale at the grocer’s. Hence the need for a smooth transition that factors in a general suspicion toward change among older folks, while also serving younger customers who are asking for digital options for proof of age. Speed, compliance, reduced conflict, customer choice; trust, safety and interoperability: these are the qualities that alcohol retailers will be seeking when they go shopping for age assurance products. And when might that be? The broken promise of Peter Kyle, the UK tech secretary who promised digital age checks at pubs by Christmas, still needs legislative work. But even once age assurance with digital ID gets the green light, implementation will not be instant. Whytock estimates needing 12 to 20 months to get a system up and running functionally. (In that context, Kyle’s promise was only ever a fantasy; Leaper says that when the announcement was made in December 2024, “we all spat out coffee out at the time.”) Overall, there is hope that the government will move, but not especially fast. Given that, spare a moment in your thoughts for poor Ewen McGregor, who may very well find himself in the same chair at the 2027 summit.