Last Thursday morning I woke up to find I no longer had access to my messages on social network Bluesky. «You must complete age assurance in order to access this screen,» a pop-up notification told me.

It went on to say the local laws where I live mean that I need to verify I’m an adult to view mature content or send direct messages. I’m based in the UK, and the law Bluesky was referring to is the Online Safety Act, which came into force on Friday.

This piece of legislation requires web companies to ensure that people under the age of 18 don’t have access to harmful content, including porn and material relating to self-harm, suicide and eating disorders. If sites choose to allow this content, they must verify the ages of people using their platforms to confirm that they’re adults. Failure to do so could result in fines of £18 million or 10% of annual revenue, whichever is greater.

«Prioritising clicks and engagement over children’s online safety will no longer be tolerated in the UK,» Melanie Dawes, chief executive of regulator Ofcom, said in a statement. «Our message to tech firms is clear — comply with age-checks and other protection measures set out in our Codes, or face the consequences.»

Over the past few days, free VPNs shot to the top of the UK App Store charts as people have looked for ways to bypass the requirement to verify their ages. It should be noted that using free VPNs comes with it own set of risks, and isn’t recommended by online security experts.

The Online Safety Act might be a UK-specific law, but it affects companies based in the US and around the world, including Bluesky, Reddit, Discord, X, Porn Hub and Grindr — all of which have committed to «age-gating» features to protect young people from stumbling across harmful content.

It’s also emblematic of a bigger shift in internet culture, which is seeing age verification become a mainstream concern across the world. Increasingly, adults who want to keep accessing internet services, from mainstream social networks to porn sites, will have to prove their age. In other words, expect my Bluesky experience to be coming to the internet near you soon.

Earlier this month, the European Commission published an age verification app prototype that will help keep young people safe online in accordance with the EU’s Digital Services Act. We’re also starting to see the ripple effect in the US of the legislation the UK and EU have enacted, says Vaishnavi J, founder of online child safety consultancy Vys. Just last month, the US Supreme Court upheld a Texas law requiring porn sites to verify the age of all visitors. 

«State laws, advocacy campaigns, and growing parental demand in the US are all converging around the need for age assurance,» said J, who previously worked in the policy teams at Meta and Twitter. «Combine that with rapid advances in the tech ecosystem, and it’s no longer a question of if the US adopts age verification, but how and when.»

Safety vs. privacy

The Wild West nature of the internet and the ability to be largely anonymous often blurs the lines between spaces occupied by children and adults in a way that doesn’t happen in the offline world. This means children are often exposed to content many would consider inappropriate or harmful. According to Ofcom’s own research, around 1 in 10 children in the UK between the ages of 8 and 14 have watched online pornography — an activity the new age verification rules are designed to prevent.

Making the internet safer for children might be necessary and admirable, but age verification policies have also come under fire from digital rights and privacy groups.

I’ve been covering the UK’s attempts to bring in age verification since 2016. The government at the time decided it was too difficult and ultimately decided not to push ahead with plans aimed at age-gating porn sites in 2019.

The main objection to the legislation was the same then as it is now. Asking people to share their government-issued identification with private companies poses a threat to their privacy.

«The British public is being forced to hand over sensitive personal data to unregulated age assurance providers if they want to have full access to platforms such as Reddit and Bluesky or to use dating apps such as Grindr,» said James Baker, head of programming at Open Rights Group, in a statement ahead of the Online Safety Act coming into force.

«The threats and harms of phishing and hacking are very real, and will cause people online harms,» he added.

Open Rights Group also criticized the fact that people aren’t being given the right to choose how they verify their age. A number of verification methods exist, including age estimation via video selfie (a method gaming platform Roblox announced it was introducing last week), banking or credit card checks, third-party digital ID services, mobile carrier checks or photo ID matching. It’s up to the individual service which method they want to adopt, which could leave people vulnerable to problematic privacy policies.

As with many internet rules, there’s always some level of tradeoff involved when making the online world safe. In many ways, the idea of age verification is «common sense,» Mariana Olaizola Rosenblat, tech policy adviser at NYU’s Stern Business School, wrote in a blog post this week. At the same time, she added, depending on regulations and methods chosen, age verification can introduce serious privacy, security and access risks.

«In some cases, the systems employed are so flawed that they fail to protect minors while also excluding adults who should have lawful access,» said Rosenblat. «Policymakers must understand and carefully weigh these tradeoffs before mandating age verification at scale.»

Many critics of age verification have also argued that verification will be ineffective due to the wide availability of VPNs and teens’ ability to circumvent any rules attempting to limit their internet use.

Whether age verification is truly effective at keeping kids safe online is a question that can only be answered as the Online Safety Act and similar legislation comes into force. In the meantime, I — and possibly you — will need to be prepared to prove our identities and our ages if we’re to continue using the internet in the way we’ve become accustomed to using it.