Spain recently planned to ban social media for children under the age of 16. “We will protect them from the digital Wild West”, Prime Minister Pedro Sánchez said at the World Governments Summit in Dubai on Tuesday, 3rd of February.
This is a regulatory front gaining momentum not only in Spain but across Europe (France, Denmark, Austria, and, most recenty, Germany have also announced similar measures).
Why Age Verification matters
Governments are increasingly demanding assurance, not just declarative “I am over 18” tick boxes. Without meaningful checks, rules become symbolic: easy to bypass, hard to enforce, and irrelevant to the policy goal they were meant to serve.
Experience from jurisdictions that acted earlier shows that poor implementations encourage circumvention. When platforms simply block access without strong verification, users quickly adopt VPNs and other workarounds that render blocks ineffective and strip users of privacy protections. These are technical and behavioural realities, not abstract concerns.
At the same time, solutions like uploading a passport scan into every website, dramatically increase privacy risk, create data retention liabilities, and can erode user trust. A modern approach must be effective, secure, privacy-first, and standards-based.
EUDI Wallet and age attributes
The European Union’s digital identity strategy, anchored in eIDAS 2.0, is providing a foundational shift in how identity attributes, including age, are managed and shared online. Rather than relying on bespoke or siloed checks, the emerging European Digital Identity Wallet (EUDI Wallet) framework allows citizens to store verified attributes once and present them where needed.
A core design principle of the EUDI Wallet framework is non-traceability (unlinkability). Each presentation of an attribute is cryptographically protected so that different transactions cannot be correlated with one another. This prevents the creation of usage profiles by websites and platforms, and ensures that age verification does not become a mechanism for tracking individuals across services.
Within this architecture:
- age claims can be issued by trusted issuers (government, QTSPs);
- users control what they share, presenting only what’s necessary (e.g., a “>18” or “>16” attestation);
- verifiers receive high-assurance proofs while learning no more about the user than is strictly necessary.
This minimal disclosure principle is central to privacy by design and aligns with GDPR, and it’s exactly what jurisdictions like Spain should embrace if they want age checks that at the same time are difficult to bypass, and respectful of individuals’ privacy and digital rights.
Namirial Wallet: a privacy-first answer to effective Age Verification
Namirial Wallet is designed to integrate with the EUDI Wallet ecosystem and to manage use cases such as age verification.
Namirial’s leadership on this topic is demonstrated by its active involvement in EUDI Wallet regulatory sandboxes and pilot initiatives in France, Germany and Italy, where privacy-preserving digital identity solutions are already being tested and deployed in real-world scenarios.
In the Spanish context, Namirial already supports active wallet-based identity management use cases, demonstrating the practical applicability of digital identity wallets beyond experimentation. These implementations confirm the maturity of the technology and its readiness for real-world operational environments.
Namirial is therefore already prepared to support platforms and partners in the rollout of age verification and other identity-based services, should Spain enable the participation of qualified private actors within the EUDI Wallet ecosystem. This readiness positions Namirial as a natural enabler of Spain’s transition from regulatory intent to effective, privacy-preserving digital identity adoption.
At a glance, Namirial Wallet:
- Supports credential issuance and verification across sectors
- Complies with eIDAS 2.0 standards for security, privacy, and interoperability
- Gives users full control over their identity attributes and how they’re shared
1. High assurance without over-collection of data
Age verification is not identity verification. Period.
Therefore, if the genuine objective is the protection of minors, and more generally the user privacy, governments should prioritize unlinkability and avoid alternatives that could potentially become instruments of control.
In this context, the European Commission is developing a harmonised EU-wide approach to age verification, supported by the Blueprint for an Age Verification Solution (made available on 14 July 2025). The blueprint is designed to be fully interoperable with future EUDI Wallets and aligned with the objectives of Article 28 of the Digital Services Act. Furthermore, within the POTENTIAL and EWC Large Scale Pilots, co-funded by the European Commission, relevant use cases and validations were carried out.
For these reasons, age verification represents a concrete application scope to demonstrate the foundational pillars of the ID Wallet.
From a technological perspective, Namirial Wallet enables age verification without requiring the disclosure of a full set of identity data, while preserving anonymity and unlinkability.
Namirial Wallet enables platforms to request a proof of age (e.g., “over 16” / “over 18”), not a full ID document. The wallet uses cryptographic proofs that confirm the claim without revealing unnecessary personal details, a privacy-first approach that aligns with regulatory best practices. The outcome is effective age verification that avoids surveillance risks.
2. Interoperable across platforms
Instead of custom age checks (depending on service or jurisdiction), Namirial Wallet allows reuse of the same age credential across platforms. This reduces friction for end users and operational cost for service providers, while ensuring consistent compliance. From a user experience perspective, verification can be as simple as scanning a QR code (comparable to accessing a restaurant menu) proving that strong privacy and ease of use are not mutually exclusive.
3. Resilient against bypass
Because credentials are issued by trusted sources and presented using cryptographic mechanisms, they’re significantly harder to spoof than ad-hoc checks. On the other side, they ensure a way higher security respect of statistical methods like “age estimation”. This reduces the risk of trivial circumvention, without resorting to invasive tracking. Age restrictions become technically enforceable, not merely aspirational.
4. Built for GDPR and digital trust
Namirial Wallet’s architecture prioritises:
- Data minimisation
- User consent and control
- Separation of knowledge between issuers, holders, and verifiers
To further strengthen anonymity and unlinkability, it is essential to limit centralised issuance models. A public-private collaboration, where qualified and accredited private actors such as QTSPs can issue age attestations, ensure scalability, resilience and trust, while preventing the concentration of sensitive data in a single authority.
This helps organisations meet both regulatory requirements and user expectations around privacy, a critical trust factor in Europe’s digital ecosystem.
Conclusion
Finally, policy statements and declarations of intent around age verification inevitably place digital identity at the center of the debate. To turn these intentions into effective and trustworthy solutions, strong public–private collaboration will be essential, supported by pilot projects and regulatory sandboxes to test approaches in real-world conditions. In this context, Europe has a unique opportunity to reinforce its digital sovereignty by promoting solutions that are privacy-preserving, interoperable and scalable by design, while enabling a new generation of digital services that are seamlessly usable by citizens.
With the Namirial Wallet, these requirements have been addressed, providing a solution
- technically robust and hard to bypass
- secure and privacy-preserving
- built on scalable, open standards
- interoperable across users and services
and can deliver on the promise of safer, more trusted digital experiences.
