On 29 April 2026 the European Commission issued a clear signal: it urged Member States to make an age-verification solution available to their citizens by the end of 2026. Headlines compressed that into "EU sets age-verification deadline." That compression is wrong in a way that matters for anyone planning a relying-party integration.
The 29 April act is a Recommendation. In EU law that word is load-bearing: a Recommendation is non-binding. It carries no penalty for a Member State that misses the date and creates no direct obligation on a private business. Understanding precisely what it does — and does not — compel is the difference between planning around real obligations and planning around a press release.
What the Recommendation actually says
Stripped to its core, the 29 April Recommendation does three things:
- It urges availability by 31 December 2026. Member States are encouraged — not ordered — to put an age-verification capability in citizens' hands within the year.
- It points to the blueprint as the means. Rather than asking each state to invent its own approach, the Commission directs them to the EU age-verification "mini wallet" blueprint, which became feature-ready on 15 April 2026.
- It asks for plans and scrutiny. Member States are encouraged to draw up implementation plans and to ensure their solutions are open to independent, third-party scrutiny.
That is the whole shape of it: here is a target, here is the recommended tool, show your work. No fines, no hard cut-off, no private-sector mandate. Say "urges" or "recommends" when you describe it — never "mandates."
So why does a non-binding act matter at all?
Because it does not sit alone. The Recommendation is the soft-law accelerant on top of two hard-law engines that do bind:
- The Digital Services Act (DSA), Article 28. Providers of online platforms accessible to minors must put in place appropriate and proportionate measures to ensure a high level of privacy, safety, and security for minors. This is enforceable. Age assurance is one of the most direct ways to satisfy it.
- The eIDAS 2.0 framework. The proof-of-age attestation is built as an Article 3(44) electronic attestation of attributes, aligned to the ARF, and interoperable with the EUDI Wallets that Member States must roll out.
Read together, the picture is this: the binding pressure on platforms to verify age comes from the DSA. The binding infrastructure to do it interoperably comes from eIDAS 2.0. The 29 April Recommendation is the Commission saying, in effect, "the tool is ready, the legal pressure already exists — now ship it." A non-binding date sitting on top of a binding obligation is still a date you should plan around.
The official phrasing trap (and how to stay accurate)
There is a subtle accuracy point that catches a lot of coverage. The blueprint is described as built to comply with — or, more precisely, in line with — DSA Article 28. That is not the same as a hard guarantee that deploying it discharges your Article 28 duty in every jurisdiction and for every service.
Article 28 demands measures that are appropriate and proportionate to your specific service. The EU age-verification solution is a strong, privacy-preserving building block toward that — but the legal assessment of proportionality remains yours (and your regulator's). When you write your compliance documentation, mirror the official framing: the solution is designed in line with Article 28; it is part of your answer, not the entirety of it.
What this means by audience
For online platforms and merchants accessible to minors. Your binding obligation is the DSA, not the Recommendation. But the Recommendation tells you the EU's preferred, interoperable answer will be broadly available across Member States within the year. Building toward the standardised proof-of-age attestation now means you are not betting on a proprietary age-check vendor that the EUDI Wallet ecosystem may route around. This is the same strategic logic we applied to commerce integrations in Age Verification for WooCommerce and online gaming.
For Member State implementers. The Recommendation is your nudge to publish an implementation plan and to open your solution to third-party scrutiny. The seven front-runners — France, Denmark, Greece, Italy, Spain, Cyprus, and Ireland — are already moving, integrating the solution into their national wallets. The fragmentation risk we flagged in May is exactly what the Recommendation's "use the blueprint" steer is meant to contain: one interoperable solution rather than twenty-seven divergent ones.
For developers. The end-2026 target sets your integration horizon. The reference issuer and verifier are available now in a test capacity, so there is no reason to wait — see our developer companion on integrating the EU proof-of-age attestation and on the request flow itself.
A realistic timeline
| Date | Event | Binding? |
|---|---|---|
| 14 Jul 2025 | Age-verification blueprint published | n/a |
| 10 Oct 2025 | Blueprint v2 (passport/ID onboarding, DC API) | n/a |
| 15 Apr 2026 | Blueprint declared feature-ready | n/a |
| 29 Apr 2026 | Recommendation: make it available by end-2026 | No (soft law) |
| 31 Dec 2026 | Recommended availability target | No |
| 24 Dec 2026 | WRPAC registration act (IR 2025/848) applies | Yes |
| 2027 | DSA Article 28 enforcement maturing; eIDAS acceptance obligations | Yes |
Notice how the non-binding end-2026 target sits right beside the binding 24 December 2026 application date for relying party registration. The Commission did not choose that proximity by accident. The soft deadline for the app and the hard deadline for the registration that underpins it land in the same week.
The bottom line
The 29 April Recommendation does not create a law you can breach. It creates expectation — backed by the genuinely binding pressure of DSA Article 28 and the genuinely binding infrastructure timeline of eIDAS 2.0. For a relying party, the correct reading is not "I have no obligation until someone passes a Regulation." It is "the interoperable answer will exist across the EU within the year, the legal pressure to use age assurance already exists, and the registration deadline that lets me use it is real and dated."
Plan to the binding obligations. Use the Recommendation as your calendar.
This post reflects the regulatory position as of June 2026. The 29 April 2026 act is a non-binding Recommendation; obligations referenced (DSA Article 28, IR 2025/848) are binding on their own timelines. Verify against the official Commission source before relying on specifics.
Share this article
Help others learn about eIDAS verification