EU's Age Verification App Has Glaring Privacy and Security Flaws — Officials Admit It's "Still a Demo"

Cybersecurity experts have identified serious privacy and security vulnerabilities in the European Union's age verification application — a tool designed to verify users' ages for access to age-restricted online content. The criticism is particularly damaging because EU officials had previously signaled the app was ready for deployment, only to now acknowledge it is "still a demo" after the flaws were exposed.

What the App Is Meant to Do

The EU's age verification app is part of a broader regulatory push to restrict minors' access to pornography, online gambling, and other age-gated content across member states. The tool was designed to verify users' ages without requiring platforms to collect and store extensive personal data — a privacy-preserving approach that, in principle, balances child protection with data minimization. The execution, however, appears to have fallen far short of those goals.

What Experts Found

Security researchers examining the app identified multiple categories of problems: weak authentication mechanisms that could allow age spoofing, insufficient data minimization that creates new privacy risks even as the app claims to eliminate them, and implementation flaws that could expose user identity information in ways that undermine the tool's core privacy promises. The combination of security and privacy failures in a government identity tool is particularly concerning given the sensitive nature of the data involved.

The "Still a Demo" Admission

EU officials' admission that the app is "still a demo" after publicly positioning it as ready for deployment is a significant credibility blow. Government digital infrastructure projects have a poor track record globally, but the EU has staked significant reputational capital on its ability to regulate technology thoughtfully. Releasing a security-flawed identity verification tool — then walking back its readiness claims — undermines that narrative at a critical moment.

Policy Implications

The setback doesn't just affect this app — it raises questions about the EU's overall approach to mandating age verification at scale. If a centralized government tool can't be built securely, the alternative is to push verification responsibilities onto platforms, which creates its own set of data collection and privacy problems. The EU is caught between two imperfect approaches, with critics on both sides watching closely.

The Bottom Line

A government age verification app with glaring security flaws isn't just a technical failure — it's a policy failure that could set back legitimate efforts to protect minors online. The EU now faces the harder task of rebuilding trust in the tool while addressing the underlying design problems that security experts have exposed.

Related Articles

• EU Awards €180M Sovereign Cloud Contract to European Providers
• Bluesky Hit by Sophisticated DDoS Attack Causing Major App Outages
• Sam Altman's World Partners With Tinder and Zoom for Human Verification

Sources

• Techmeme