Access Control for Minors on Social Media: The Global Agreement

Who is he to do so? A shrewd politician, a determined regulator, a captain of industry, a seasoned activist? None of the above. Ask him, and he will tell you he is a “Subject Matter Expert.” But an expert in what? In “Age assurance.” An expert in age assurance? “Age assurance” is yet another of those false friends between our two cousin languages, where a “library” is a bibliothèque, where being “comprehensive” does not mean being benevolent but exhaustive, where an issue is not an exit but a problem, perhaps one without a way out. Age assurance is neither an insurance matter nor an issue of self-confidence; it is a discipline that encompasses all the means of verifying an individual’s age (through a reliable document such as an identity card), or estimating their age (through biometric analysis), or inferring their age (if an individual has a bank card in France, then they are at least 12 years old). In French, “age assurance” is translated as “contrôle de l’âge,” but the notion of “control” is too restrictive.

The Banning of Minors from Social Media: A Failure That Opens Up Possibilities

Let us recall the stakes: a political wind is rising from Australia to Europe, with France at the forefront, to block access for minors under 15 to social media. Not to limit, not to restrict, but indeed: to block access. We recently explained in these columns that this political determination to block, there as here, is as clear as its implementation is complex. Now that the legislative machine has been set in motion and is pushing toward a ban, more and more voices are being raised — for example that of the Anglo-European NGO 5Rights — to warn of the dangers of a poorly calibrated blocking of minors’ access to social media. For these experts, a ban would above all leave children and young people even more vulnerable and exposed. Their reasoning is compelling: if children are officially banned from social media, platforms will no longer need to invest in complex systems to control algorithms and gather information about the experience of their young users. What is not measured does not exist, and what does not exist costs nothing.

And what do we already observe in Australia, where banning measures are already in place? Testimonies such as that of researcher Naomi Lott are unequivocal: on their way to school, Australian teenagers are still glued to their screens; nothing has really changed. The ban is circumvented, so we will have to embrace complexity and nuance to enable age-appropriate use of social media by minors. Sooner or later, public authorities will have to decide which platforms, or which functionalities within those platforms, will be accessible to a 15-year-old or a 13-year-old minor. All stakeholders around children are condemned to nuance.

But where should we begin, concretely? Well, with the simplest — or rather the least unrealistic — step: verifying that the child in front of their smartphone is indeed of the required age. “Ensuring age”: the term imposes itself, as if the French debate had already adopted the Anglo-Saxon grammar of age assurance.

The (Only?) Global Consensus You Missed in 2025

And how are we going to ensure that the child is indeed of the required age? Which technology for assuring the age of a minor is the most reliable, the safest, the most respectful of rights, the most practical? If the publications of the Australian eSafety Commissioner are authoritative on the subject, no one truly knows for the moment: innovation is in command, and the sector remains in a phase of development. The room for growth and development in this sector is prodigious. Eighty-five countries have already adopted or are in the process of adopting age verification measures, here referring to services exclusively reserved for adults.

It is within our complex and chaotic global environment, where two superpowers are confronting each other, that a major event took place on October 31, 2025. On that day, indeed, exactly 66 countries all agreed on the means of assuring the age of an individual wishing to access content or services. Sixty-six countries. All of them. Without exception.

France, the United Kingdom and Germany signed, but also China, and even the United States. Incredible, isn’t it? Where did it happen? At ISO, the International Organization for Standardization, well known in cybersecurity for its 27001 standard. On October 31, ISO standard 27566 on “Age assurance systems” was adopted unanimously, without a single dissenting vote.

And who held the keyboard and mouse for this standard 27566, which moreover follows the model of 27001? Tony Allen, of course! He served as its technical editor. Listening to him, he merely compiled the contributions of the various parties. If he admits having made proposals to national committees (AFNOR for France), it is only to immediately clarify that he was not always listened to. Let us not rule out false modesty, since real influence is not always measured by the number of clicks. Mr. Allen is proud, in any case, that the standard was adopted unanimously. And it is free of charge, at the request of the European Commission, the International Telecommunication Union and the Age Verification Providers Association. All of this is unusual at ISO, and it makes it “very powerful,” he says.

Powerful and Inevitable Like a Stick Planted in the Sand

About thirty pages long, the standard is clearly written, in language that is more precise than jargon-filled, almost pleasant in its structured reasoning, its measured tone (this is ISO, after all), and the coherence of this age assurance ecosystem. It indeed describes all the actors: those who carry out age verification and estimation, the platforms that implement them to grant access to their services, the individual users, and of course the regulators who lay down the rules to be followed, whom it calls “policy makers.” The standard is careful not to say how to evaluate the age of a 15-year-old minor, nor what margin of error is socially or legally acceptable. It is technologically neutral. It is a vast checklist of actions to be carried out and criteria to be followed, which does not say “such biometric analysis solution allows the dating of an individual’s age to the day,” but which makes it possible to have a good level of confidence in the seriousness of the certified service. Because yes, as the checklist is long, there will be certifiers, as with 27001. And among these certifiers, there will be Tony Allen. He is also the organizer of an annual event in Manchester, the… “Global Age Assurance Standards Summit.” By a fortunate coincidence, the first certifications will arrive in April, when this event takes place. Solutions currently undergoing certification are already emerging in the United States, Singapore, the United Kingdom, France and Spain.

From now on — and this is what is new — all the elements are in place for the control of minors’ access to be implemented worldwide. We know that a simple stick planted in the sand is enough, with the force of wind and time, to create a dune. ISO 27566 is that stick, political awareness is that wind, and the implementation of this political will is that time. In an uncertain and divided world, for a socially burning and technically complex issue, all actors will necessarily anchor themselves to the only point of global consensus. To protect children, no doubt; to protect themselves, surely. And this is how regulators will advise age evaluation solutions to be certified, the certified will highlight their certification, platforms will protect themselves by using certified solutions, and users will inexorably, inevitably choose the solutions that are the most practical and the most protective of their privacy.