April 7, 2026

Age Assurance is rapidly becoming table stakes around the world for all online sites and services that might be accessed by children. There are so many new rules to follow, and hardware platforms are increasingly starting to get involved in the space by collecting and sending age signals about their users.

At k-ID, one of our core design philosophies is to Distill and Delight. Rather than forcing our clients to juggle an exasperating and ever-evolving web of signals and rules, we distilled everything down to a simple API call:

You give us whatever signal you have, we apply our compliance logic and take it from there.

How We Got Here

Back in November of 2025, we published a blog discussing how k-ID’s Compliance Development Kit (CDK) handles age signals from third party platforms such as Apple iOS, Google Play, Xbox, Meta, and others. At the time, laws such as the Texas App Store Accountability Act were set to be effective at the beginning of 2026, and would require app stores to verify the ages of their users and pass those age signals on to developers.

Since then, the landscape around platform age signals has become even more complicated. A Texas court enjoined the App Store Accountability Act before it could go into effect, though that decision is still pending appeal. Some platforms paused their rollouts of age signal APIs, then relaunched, using the user’s self-declared age rather than a verified age signal in some countries while simultaneously experimenting with age assurance in other countries. These platform APIs all provide data in slightly different formats – some use an age range, others use an age classification like child/teen/adult. Meanwhile, in Brazil, Article 26 of a Presidential Decree released in tandem with the newly-effective ECA Digital clarified that even if a developer relies on an external age signal, they will not automatically be exempted from its obligation to do age assurance if that signal is unreliable. Platforms are arguing publicly over who should be responsible for doing age assurance, with billions of dollars being spent on lobbying efforts.

It is, bluntly speaking, a mess. Our mission then was to distill all of these signals and rules into a single, easy to use system.

What’s Going On Under The Hood 

We have updated k-ID’s Compliance Development Kit (CDK) to simplify the complex process of age verification by seamlessly ingesting the platform-provided age signals into our standard user flow. This allows developers to reduce friction for players and developers while maintaining strict regulatory compliance.

Above: A visual illustrating what’s happening at a high level. Don’t worry, we’ll break it all down.

The first step in this process is to call the APIs provided by whatever platform you are using (e.g., iOS, Google Play, Meta, Xbox, etc.). The platform will give you back some information about the user in whatever format they offer, assuming they have anything to share. 

The second step of the process is to take that platform-provided signal and input it into the k-ID age-gate/get-requirements endpoint along with the user’s jurisdiction. At this point, k-ID starts to apply some of our logic, based on the information we have so far. 

• For example, if the platform has provided an age signal that based on our logic is sufficient to identify that user as an adult (i.e., the signal shows that the user has undergone an acceptable method of age assurance in their country), then our API will indicate that you can skip the age gate entirely, significantly reducing user friction. 

• Meanwhile, if the signal is inconclusive, the next step of the process will be to collect the user’s age, typically through a traditional age entry mechanism.

Where We’re Going 

As you might imagine, this is just the tip of the iceberg. Once you have a better idea of the user’s age from their platform signal, that opens up a host of other questions, including whether additional age assurance needs to be triggered, and if so, at what point in the user journey. We will cover what happens next in future blogs. 

In the meantime, k-ID’s role is to act as the compliance layer to keep you compliant no matter how the landscape evolves. We take on the heavy lifting to separate (age) signal from noise, and allow you to focus on building great online experiences.