Australia’s Online Safety Act is setting new global benchmarks for digital child protection, with robust safeguards designed to keep children safe from harmful content and interactions online.

Much of the recent attention has centred on the Social Media Minimum Age (SMMA) obligation, which requires age-restricted social media platforms to take reasonable steps to prevent users under 16 from holding accounts — a mandate coming into force on December 10, 2025. However, this social media delay is just one piece of a much broader, integrated framework under the Online Safety Act, administered by the eSafety Commissioner’s office. Beyond social media, the Act’s industry codes extend to platforms hosting adult content, interactive apps, games, and high-risk digital services, all of which must implement proportionate and privacy-preserving age assurance measures to control access.

In this article, we explain these age assurance requirements and introduce how k-ID’s AgeKit Plus Verification Stack empowers businesses to comply confidently while safeguarding user privacy and experience.

Age Assurance Requirements

The eSafety regulator adopts a principles-based approach to assessing compliance rather than prescribing specific technical solutions. According to the SMMA Regulatory Guidance, providers should take steps that are:

• Reliable, accurate, robust and effective

• Privacy-preserving and data-minimising

• Accessible, inclusive and fair

• Transparent

• Proportionate

• Evidence-based and responsive to emerging technology and risk

Introducing AgeKit+

Accessibility, inclusivity, fairness and proportionality are core to k-ID’s AgeKit Plus Verification Stack. AgeKit Plus enables you to customise and combine multiple verification methods tailored to the type of service and your assessed risk profile.

An Age Assurance Waterfall Built for Australia

For end users in Australia, it is critical that the age assurance options are:

• Privacy-preserving

• Low friction

• Secure

• Highly accurate

This is why we created a special age assurance waterfall customised for Australian audiences. It includes a variety of unique technologies that all work to deliver a rapid, secure, and private age assurance check:

• More than 70% of Australia’s population can instantly use their banking app to confirm they are over the age of 16 with ConnectID

• On supported platforms, users can choose an instant facial age estimation check where the selfie never leaves their device

• Once verified, users in Australia can choose to save that verification as a passkey to their device — enabling them to re-use that verification over and over again without needing to scan or share any data

These are explained in more detail below.

🏦 ConnectID

ConnectID is Australia’s digital identity exchanged operated by Australian Payments Plus (AP+). The service enables age verification by connecting users with identity providers they already have relationships with, such as their banks.

🧑‍🦱✨ Facial Age Estimation

k-ID provides world-class, on-device and server-side facial age estimation (FAE) technology, complete with a variety of anti-spoofing measures — including active liveness checks, screen and device edge monitoring, face swap detection, and detection of a virtual camera. This technology holds the Age Check Certification Scheme (ACCS) EAL3 certification level.

The unique feature of the technology is that it conducts FAE entirely on-device, meaning no biometric data ever leaves the user’s device. It’s privacy-preserving by design, and avoids sharing sensitive personal data with external servers.

🔑 Users can verify once and re-use it across different platforms

AgeKey is an anonymous age credential bound to a FIDO passkey on the user’s device. While traditional systems asks the user to prove their age every time they want to access restricted content or services, AgeKey is created once and stored locally on the user’s device, where it can be reused anywhere that supports it.

👉 Experience our AgeKit Plus - Verification Stack in the interactive demo below.

Notice in the interactive demo how we’ve included plain-language explanations that clearly communicate when age assurance is needed, outline the available age assurance options, and detail what personal information will be collected, used, what/how it will be stored etc. This transparency is crucial to building user trust.

Fully Ready for Deployment

In January 2025, the Australian Government commissioned an independent evaluation of age assurance and online safety technologies against criteria including interoperability, reliability, usability, privacy protection, bias mitigation, and human-rights compliance.

Key finding:

k-ID achieved the maximum Technology Readiness Level (TRL 9), confirming its deployment readiness in Australia.

• Passed every testing scenario

• Demonstrated privacy-by-design, data minimisation, and industry-leading security controls

• Adapts to the evolving capacities of children with automatic age progression and the use of age-appropriate interfaces and language

• k-ID’s integrated age assurance partners also scored TRL 9

See full report here.

Case Studies

k-ID is trusted by leading platforms to deliver scalable age verification that meets global compliance needs, including:

• Discord

• Twitch

• Quora

• NexusMods

• and more…

Responding to Emerging Risks

k-ID maintains structured routine testing and rapid response when new vulnerabilities are identified. This includes swift development and deployment of patches, followed by thorough validation to ensure robust security and accuracy standards.

Get Started Today!

👉 Ready to implement robust, privacy-preserving age assurance solutions? 

Contact us or explore our Developer Docs to get started.