Framework for the design, specification, evaluation, and deployment of online age verification systems are established in this standard. This standard is the second in a family of standards focused on the 5Rights principles.

This standard establishes a framework for the design, specification, evaluation, and deployment of age verification systems. The term ‘age assurance’ includes ‘age verification’ and ‘age estimation’ methods unless otherwise stated, and where consistent with all applicable laws and regulations. It includes the following:--The key terms, definitions, and abbreviations, together with the roles and responsibilities of key actors in the age assurance process. Requirements for establishing different levels of confidence (asserted, standard, enhanced, and strict)associated with the types of age assurance systems.--Requirements for privacy protection, data security, and information systems management that are specific to the age assurance process. It does not specify--Detailed information about countermeasures (i.e., anti-spoofing techniques), methods to detect presentation attacks, algorithms, or sensors.--Methods to assess the overall system-level security or vulnerability.

This standard provides a set of processes for digital services to verify or estimate the age or age range of a user, to a proportionate degree of accuracy and certainty, when determining the age of a child to allow organizations to enable access to their products and services to suitable age-groups, with the rights and needs of children in mind. This is essential to creating a digital environment that supports, by design and delivery, children’s safety, privacy, autonomy, agency, and health, specifically providing a set of guidelines and best practices and thereby offering a level of validation for age assurance decisions that may be either required by law or voluntarily implemented for business or social reasons.