|
Work item:
|
X.aas
|
|
Subject/title:
|
Information security, cybersecurity and privacy protection — Age assurance systems — Part 1: Framework
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
ISO/IEC 27566-1 (Common)
|
|
Timing:
|
2025-09 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
Age-related eligibility decisions are required when a person should either be a certain age, older or younger than a given age or be within an age range, where ages are counted in years and where these criteria are dependent upon the type of goods, content, services, venues or spaces to be provided.
This document aims to solve the address issues associated with problem of inadequately defined age assurance processes and associated lack of trust in terms of functionality, performance, privacy, security and acceptability. This document describes characteristics of an age assurance system to help policy makers, implementers and individuals understand and address the issues associated with deployment of age assurance systems.
Although an individual’s age is an attribute of their identity, it is not necessarily the case that establishing the full identity of an individual in a global context is needed to gain age assurance. As such, the process of age assurance may in some instances be connected to identity verification but can also be performed in ways other than via identity verification.
The aim of this document is to enable policy makers (like such as governments, regulators or providers of age restricted goods, content, services, venues or spaces) to specify applicable types of age assurance systems and associated indicators of confidence in their policy requirements.
As an example, a policy maker may determine that, to authorize the sale of alcohol or tobacco or some other age restricted product, a relying party acting as a decision maker should use some particular type of age assurance system supporting specified characteristics to verify that an individual is an adult.
This document does not:
— determine which type of age assurance system nor which type of age assurance method is appropriate for each type of age-related eligibility decision – that is a matter for policy makers,
— establish or recommend age thresholds for different goods, content, services, venues or spaces – these are matters for policy makers,
— deal with financial or commercial models for age assurance systems – these are matters for economic operators in the age assurance process,
— address the requirements for data protection for age assurance systems – these are matters for data controllers,
— consider age-related eligibility decisions based on parental control,
— consider age-related eligibility decisions based on testimonies from a trusted third party or established through a consent mechanism (such as a parent or legal guardian), since the documents that need to beare required to be presented vary widely among different countries or even between different states regions within a federated country.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2025-04-17 16:17:40
|
|
Last update:
2025-04-23 18:25:33
|
|
