Technology law

Federal Government releases report into age verification trials

by

reviewed by

Malcolm Burrows

Reading Time:

3–5 minutes

On 31 August 2025, the Australian Government published the Final Report (Report) on the Age Assurance Technology Trial (Trial).  Conducted by the independent Age Check Certification Scheme (ACCS), the Trial offers insights into the technical feasibility, privacy implications, and operational deployment capabilities of various age assurance technologies.  While the Report explicitly states it is neutral on policy matters and does not provide regulatory recommendations, its observations are intended to inform policymakers and industry stakeholders, particularly as new social media minimum age limit laws are set to come into effect by 10 December 2025.

Overview of the Trial

The Trial assessed more than sixty (60) technologies from forty-eight (48) age assurance vendors, and spanned a range of approaches, including:

  • age verification – matching users with provided documentation;
  • age estimation – including based on physical features and hand movements;
  • age inference – using existing information to infer the user’s age;
  • successive validation – combining two or more age assurance methods;
  • parental control – tools that allow parents to manage a child’s access to digital content; and
  • parental consent solutions – where a parent confirms a child’s access to age-restricted goods, services or content.

Overview of the Report findings

The Report evaluated age assurance technologies, assessing their performance against a wide range of internationally recognised criteria, including accuracy, interoperability, reliability, ease of use, minimisation of bias, protection of privacy and data security and readiness for deployment.

The 1,150-page Report provided twelve (12) key findings, as follows:

  • Age assurance can be done in Australia privately, efficiently, and effectively.
  • There are no substantial technological limitations preventing its implementation to meet policy goals.
  • Provider claims have been independently validated against the project’s evaluation criteria.
  • A wide range of approaches exist, but there is no one-size-fits-all solution for all contexts.
  • The age assurance service sector is dynamic, innovative, and evolving.
  • Robust, appropriate, and secure data handling practices were observed.
  • There is scope to enhance usability, risk management, and system interoperability.
  • Parental control tools can be effective but may constrain children’s digital participation and evolving autonomy.
  • Systems performed broadly consistently across demographic groups, including Indigenous populations.
  • Systems generally align with cybersecurity best practice, though vigilance is required.
  • Some unnecessary data retention may occur in apparent anticipation of future regulatory needs.
  • Providers are aligning with emerging international standards around age assurance.

Implications

The Report’s findings will influence what the eSafety Commissioner considers to be “reasonable steps” required by digital service providers to meet their impending legal obligations for age verification.  The findings offer guidance to online stakeholders such as hosting services, internet carriage services and search engine services such as Google who will be required to verify the age of users before allowing access to content deemed harmful or age inappropriate. 

On 10 December 2025, digital service providers will be required to implement age assurance mechanisms to prevent children under sixteen (16) accessing social media through accounts.[1]  On 9 March 2025, platforms that host restricted “adult” content, depicting violence, drugs, self-harm or pornographic material, will need to verify users’ ages to prevent access for children under eighteen (18).[2]  Despite these stricter obligations, service providers are still required to minimise handling of personal information and comply full with the Privacy Act 1988 (Cth).  For further information, see our article on the potential age verification mechanisms to be implemented in Australia.

The various age assurance methods assessed in the Report offer different levels of assurance and privacy, enabling platforms to choose appropriate and proportionate solutions.

Links and further references

Legislation

Privacy Act 1988 (Cth)

Age Assurance Technology Trial— Final Report

Age Assurance Technology Trial – Part A – Main report

Age Assurance Technology Trial – Part B – Methodology and ethics

Age Assurance Technology Trial – Part C – Age verification

Age Assurance Technology Trial – Part D – Age estimation

Age Assurance Technology Trial – Part E – Age inference

Age Assurance Technology Trial – Part F – Successive validation

Age Assurance Technology Trial – Part G – Parental control

Age Assurance Technology Trial – Part H – Parental consent

Age Assurance Technology Trial – Part J – Tech stack

Age Assurance Technology Trial – Part K – Glossary, bibliography and literature review

Further information about age verification compliance

If you need advice on ensuring your business can comply with the pending age verification requirements, contact us for a confidential and obligation-free discussion:

Doyles Recommended TMT Lawyer 2024

[1] eSafety Commissioner, ‘Social Media Age Restrictions’ (Web Page, 2025) https://www.esafety.gov.au/about-us/industry-regulation/social-media-age-restrictions.

[2] eSafety Commissioner, ‘New Industry Codes Seek to Take on AI Chatbots That Encourage Suicide and Engage in Sexually Explicit Conversations with Aussie Kids’ (Media Release, 11 September 2025) https://www.esafety.gov.au/newsroom/media-releases/new-industry-codes-seek-to-take-on-ai-chatbots-that-encourage-suicide-and-engage-in-sexually-explicit-conversations-with-aussie-kids.


Recent articles about technology law

  • Dundas Lawyers achieves SMB1001 gold level cyber security certification

    Dundas Lawyers achieves SMB1001 gold level cyber security certification

    On 14 November 2025 Dundas Lawyers achieved the Gold level of the SMB1001 cybersecurity standard.

    Read more …

  • Aust Clinical Labs fined $5.8mil for failing to report data breach

    Aust Clinical Labs fined $5.8mil for failing to report data breach

    On 8 October 2025, the Federal Court published the judgement of Justice Halley in the case of Australian Information Commissioner v Australian Clinical Labs Limited (No 2) [2025] FCA 1224 (AIC v ACL).  Australian Clinical Labs Limited (ACL) was ordered to pay $5.8 million in civil penalties in relation to a 2022 data breach.  This…

    Read more …

  • Australians soon facing age checks when viewing adult websites

    Australians soon facing age checks when viewing adult websites

    On 9 September 2025, the eSafety Commissioner, Mrs Julie Inman Grant (Commissioner), registered six (6) new codes (New Codes) under the Online Safety Act 2021(Cth) (Online Safety Act) aimed at protecting children from the “clear and present” dangers of harmful AI chatbots and other online adult content.  On 9 March 2026, these New Codes will…

    Read more …

  • Ransomware payment reporting obligations

    Ransomware payment reporting obligations

    A “Ransomware Attack” is a cyber security breach in which a malicious actor gains unauthorised access to a computer system or network and then encrypts, exfiltrates, or otherwise compromises data or functionality.[1]  Ransomware Attacks have become increasingly sophisticated, financially motivated, and disruptive across all sectors, prompting legislative intervention to regulate responses and improve national cyber…

    Read more …

  • Federal parliament enacts cyber security legislation

    Federal parliament enacts cyber security legislation

    On 25 November 2024, the Australian Parliament passed a suite of legislation, collectively referred to by the Australian Government as the Cyber Security Legislative Package 2024.  The purported impetus for this legislation was a series of high-profile data breaches in 2022 and 2023.

    Read more …

  • The Digital ID Bill 2023 (Cth) – key points

    The Digital ID Bill 2023 (Cth) – key points

    On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate.  Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain…

    Read more …

  • Misinformation and Disinformation Bill 2023 – draft insights

    Misinformation and Disinformation Bill 2023 – draft insights

    The Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2023 (Cth) (Misinformation Bill) was announced by the Department of Infrastructure, Transport, Regional Development, Communication and the Arts (DITRDCA) in January 2023.  The Misinformation Bill is aimed at restricting the flow of misinformation and disinformation by providing the Australian Communications and Media Authority (ACMA) with increased…

    Read more …

  • What are adequate cybersecurity measures?

    What are adequate cybersecurity measures?

    The adequacy of cyber security measures was considered in the case of Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 (ASIC v Ri Advice Group).  One of the issues raised was whether the respondent had adequate cyber security and cyber resilience in place across its network of financial advisors. …

    Read more …

  • Introduction of cryptocurrency and hacking offences to Parliament

    Introduction of cryptocurrency and hacking offences to Parliament

    The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 is set to revolutionize the way cybercrime is prosecuted. Learn more about the changes it brings and the implications they have.

    Read more …


Posted

in

, ,
Send this to a friend