I’m looking at several standards for verifying ages, including the IEEE Standard for Online Age Verification
I asked my resident AI to determine the most onerous burden faced by ISPs when implementing these proposed standards.
The most onerous consideration for Internet Service Providers (ISPs) in reviewing the IEEE standards for online age verification (IEEE Std 2089.1-2024) lies in ensuring compliance with privacy and data security requirements. This includes:
Protecting user privacy by design: ISPs must guarantee that age assurance systems collect the minimum necessary data and comply with stringent data protection laws like GDPR or equivalent legislation.
Data security obligations: ISPs must implement robust measures to secure sensitive personal data, as specified under the data security phase of the standard, to prevent breaches, unauthorized access, or misuse.
Balancing proportionality: Age verification methods must be proportionate to the risk level and not unnecessarily restrict children’s access to age-appropriate content while still safeguarding against harm.
Third-party scrutiny and transparency: ISPs must allow their age assurance processes to be independently audited to ensure compliance and avoid perceived or actual conflicts of interest.
This balance of privacy, security, and proportionality while aligning with diverse and evolving regulatory frameworks poses a significant operational and technical burden for ISPs.