The Problem with Traditional Age Verification
Most age verification systems today work by collecting personal data:
- Date of birth entry: Users type their birth date. No verification. Easy to lie.
- Document upload: Users photograph their ID. You now have a document image with name, address, photo, document number — far more data than needed to answer "is this person over 18?"
- Third-party age estimation: AI estimates age from a selfie. Biometric data processing with significant GDPR implications.
All of these approaches collect more data than necessary to answer a simple boolean question.
The Privacy-First Alternative
With EUDI Wallet verification, age checking works differently:
You ask: "Is this person 18 or older?"
The wallet responds: "Yes." (or "No.")
That's it. No birth date. No name. No document. No selfie. No biometric data. A cryptographically signed boolean from a government-trusted issuer.
Implementation with OpenEUDI
Step 1: Install and Configure
import { createVerifier } from '@openeudi/core';
const verifier = createVerifier({
mode: 'demo', // Switch to 'production' when EUDI Wallets launch
});
Step 2: Create an Age Verification Session
const session = await verifier.createSession({
attributes: ['age_over_18'],
// That's all. We don't request name, DOB, or any other attribute.
});
The key insight: age_over_18 is a derived attribute. The wallet checks the user's birth date internally and returns only the boolean result. The birth date never leaves the device.
Step 3: Handle the Result
session.onVerified((result) => {
if (result.ageOver18) {
// Allow access to age-restricted content/product
allowPurchase();
} else {
// Block access
showAgeRestrictionMessage();
}
});
Step 4: What You Store (Almost Nothing)
// Audit log — no PII
await db.verificationLogs.create({
sessionId: result.sessionId,
verificationType: 'age_over_18',
result: result.ageOver18, // true/false — not personal data
verifiedAt: result.verifiedAt,
// No name. No DOB. No document number. No PII.
});
WooCommerce Integration
For WordPress/WooCommerce stores selling age-restricted products:
// The OpenEUDI WooCommerce plugin handles this automatically.
// In your WordPress admin:
// 1. Install the OpenEUDI Age Verification plugin
// 2. Go to WooCommerce → Settings → Age Verification
// 3. Select which product categories require verification
// 4. Choose verification threshold (18+, 21+)
// 5. Done.
The plugin adds a verification step before checkout for tagged products. The customer scans a QR code, approves in their wallet, and the order proceeds. No personal data is collected or stored by the plugin.
GDPR Analysis
Data Minimization (Article 5(1)(c))
Traditional age verification collects:
- Full name, date of birth, document number, document images, selfie
OpenEUDI age verification collects:
- A boolean:
trueorfalse
The GDPR requires that personal data be "adequate, relevant and limited to what is necessary." A boolean is the absolute minimum needed to verify age.
Storage Limitation (Article 5(1)(e))
With traditional verification, you must:
- Define retention periods for identity documents
- Implement secure deletion procedures
- Respond to data subject access and erasure requests
With OpenEUDI:
- The verification result (
true/false) is not personal data under most interpretations - The session ID is a random identifier with no link to the individual
- No retention policy for PII is needed because no PII is collected
Data Protection Impact Assessment
A DPIA may not be required for OpenEUDI age verification because:
- No systematic monitoring of individuals
- No processing of special categories of data
- No large-scale processing of personal data
- The data processed (a boolean) poses minimal risk to individuals
Compare this with traditional KYC-based age verification, which almost certainly requires a DPIA due to document image processing and biometric data handling.
Available Age Attributes
The EUDI Wallet supports multiple age-related attributes:
| Attribute | Returns | Use Case |
|---|---|---|
age_over_18 | Boolean | Alcohol, tobacco, adult content |
age_over_21 | Boolean | Gambling (some jurisdictions) |
age_over_16 | Boolean | Some digital services, lighter restrictions |
age_over_14 | Boolean | Social media age gates |
eIDAS Pro does not support requesting raw personal data like birth_date, family_name, or nationality. Our privacy-first architecture ensures you only receive boolean results — never the underlying personal data. Country compliance is handled by your merchant whitelist/blacklist configuration, not by requesting data from users. |
Country-Specific Considerations
Age verification thresholds vary by country and product:
| Country | Alcohol | Tobacco | Gambling |
|---|---|---|---|
| Most EU | 18+ | 18+ | 18+ |
| Germany | 16+ (beer/wine), 18+ (spirits) | 18+ | 18+ |
| Belgium | 16+ (beer/wine), 18+ (spirits) | 18+ | 21+ |
| Austria | 16+ (beer/wine), 18+ (spirits) | 18+ | 18+ |
The OpenEUDI SDK includes a machine-readable compliance mapping (JSON) covering all 27 member states, so you can request the correct attribute based on the user's country and your product category.
The OpenEUDI SDK is MIT-licensed and free. For production age verification with managed WRPAC certificates, see eIDAS Pro's managed plans.
Related Articles
Implementing Age Verification in WooCommerce with eIDAS
Complete guide to adding eIDAS-based age verification to your WooCommerce store. Learn how to implement compliant, frictionless verification for alcohol, tobacco, and age-restricted products.
11 min read
GDPR Compliance Made Easy: How eIDAS Minimizes Data Collection
Learn how eIDAS-based identity verification achieves perfect GDPR compliance through data minimization, privacy-by-design architecture, and user control. Reduce your data liability while improving security.
11 min read
Share this article
Help others learn about eIDAS verification