Italy’s communications regulator AGCOM will begin enforcing double anonymity age checks on major porn sites on November 12, 2025, marking a new phase in Europe’s push to keep minors off adult platforms.
Moreover, The regime covers an initial list of about 50 services, including Pornhub, XHamster, and OnlyFans. Users must verify through certified third parties each time they visit affected sites. The verifier sees the identity, while the site receives only a yes/no age token. AGCOM can fine noncompliant services up to €250,000, according to the announcement and contemporaneous reporting from Engadget. Engadget’s summary also notes that traffic declines have followed similar moves abroad.
Double anonymity age checks explained
Furthermore, The model splits identity and access. A bank, mobile operator, or other approved verifier confirms legal age. The verifier then issues a time-limited code or token for the destination site. Therefore, the site does not see the person’s identity, and the verifier does not see the site name.
Therefore, In practice, this design aims to reduce privacy risk. It limits what any single actor can learn. Additionally, it reduces the incentive to hoard sensitive data, which can lower breach exposure. The approach mirrors privacy-by-design principles used in digital ID systems.
Consequently, Italy’s framework ties to a broader regulatory push. AGCOM has framed the policy as child protection rather than surveillance. AGCOM’s site outlines its enforcement remit across media and online services. Consequently, platforms now face both technical and legal deadlines. Companies adopt double anonymity age checks to improve efficiency.
privacy-preserving age verification AGCOM enforcement and penalties
As a result, AGCOM’s rule requires per-visit verification. That design may increase friction for users and operators. However, it also creates a high bar against circumvention through cached sessions.
In addition, Penalties can reach €250,000 for sites that ignore the order. This sum is meaningful but not existential for the largest platforms. Even so, the threat of blocking or reputational harm can carry weight. Therefore, most large services are likely to implement compliant flows quickly.
Additionally, Certification of verifiers will matter. Strong accreditation reduces fraud and identity leakage risks. Moreover, clear audit trails help regulators assess whether systems meet expectations. Transparent criteria should also guide how tokens are issued, stored, and revoked.
anonymous age proof How it compares: UK and France age assurance
For example, Italy follows France and the UK with its own model. France has explored third-party verification that minimizes data sharing, under guidance from the data protection authority CNIL. CNIL’s age-verification resources stress proportionality and privacy. Experts track double anonymity age checks trends closely.
For instance, The UK’s Online Safety regime allows several mechanisms, including government ID and selfie-based checks. Ofcom is standing up enforcement for adult sites and related services. Guidance highlights accuracy, user choice, and transparency. For context, see Ofcom’s online safety hub for evolving standards and timelines.
Meanwhile, Approaches differ on user experience and risk. ID upload offers precision, yet it concentrates sensitive data. By contrast, facial analysis promises convenience, but it raises accuracy and bias questions. Therefore, a privacy-preserving age verification method, like Italy’s, seeks a middle path.
Privacy, AI bias, and proportionality
In contrast, Age assurance sits at the crossroads of safety and rights. Policymakers aim to protect minors from explicit content. At the same time, they must minimize surveillance and data over-collection. The Italian design adopts data minimization by design, which privacy advocates often favor.
On the other hand, Some markets permit AI-based facial age estimation. These systems estimate age from a selfie without storing a faceprint, in theory. Even then, concerns persist about training data, demographic bias, and error rates. Consequently, regulators encourage comprehensive testing, clear accuracy disclosures, and fallback options. double anonymity age checks transforms operations.
Notably, Child-focused privacy frameworks also shape these choices. The UK Information Commissioner’s Office promotes high privacy defaults for minors in the Children’s Code. Therefore, services must justify each data element they collect. Italy’s double-blind model aligns with that logic, since it keeps identity and site visit separate.
Proportionality remains crucial. Not every risk demands the same verification strength. Low-risk communities might use lighter checks, while adult sites face strict gates. Additionally, services should offer user-friendly redress when errors occur. Transparent appeals processes help avoid unjust denials of access to legitimate adults.
Market impact and early signals
Traffic patterns can shift sharply when age checks go live. Engadget reports that Pornhub saw a 77 percent drop in the UK after stricter checks. That figure underscores how friction changes behavior. It also suggests that some users will avoid verification regardless of privacy protections.
Compliance costs will rise for operators and verifiers. Yet standardized tokens and APIs can limit integration burden. Moreover, common certification schemes may lower audit costs across borders. Interoperability could emerge as a practical goal for EU markets. Industry leaders leverage double anonymity age checks.
Fraud risk will attract attention. Bad actors may attempt to sell or share access tokens. Therefore, verifiers will need rate limits, device checks, and anomaly detection. Sites may pair tokens with minimal device signals to reduce misuse. Still, systems should avoid building covert tracking profiles.
Implementation details and user experience
Per-visit checks pose UX questions. Users may seek session persistence, but policy currently requires fresh proof. Consequently, designers must streamline flows to keep time-to-access short. Clear status messaging can limit confusion and churn.
Accessibility must stay front and center. People without bank accounts or certain IDs need alternatives. Additionally, travelers and cross-border workers may hold credentials from other jurisdictions. Acceptance of eID, telecom attributes, and bank-based proof should support diverse users.
Data security is non-negotiable. Verifiers should store the minimum necessary data for the shortest time. Strong encryption, key rotation, and third-party audits belong in the baseline. Furthermore, public transparency reports can build trust in the scheme. Companies adopt double anonymity age checks to improve efficiency.
What comes next for platforms and users
Sites will now weigh compliance timelines, UX, and legal risk. Many will implement third-party age gateways quickly. Others may restrict access in Italy while they evaluate options. Therefore, Italian users should expect new prompts and redirects in the coming days.
Regulators across Europe will watch the rollout. If the system reduces youth exposure without privacy incidents, it could spread. Conversely, high error rates or workarounds could trigger revisions. Meanwhile, civil society groups will continue to test and scrutinize designs.
For now, Italy’s move defines a notable benchmark. Double anonymity age checks attempt to reconcile safety with privacy. The balance will hinge on technical execution, oversight, and user choice. In short, the next few months will reveal whether this model can scale responsibly.
Editor’s note: This article references public regulator resources and reporting by Engadget to summarize policy scope and likely impacts. It will be updated as AGCOM clarifies certifications and implementation guidance. More details at AGCOM age verification. More details at age assurance privacy. Experts track double anonymity age checks trends closely.
Related reading: AI Copyright • Deepfake • AI Ethics & Regulation