British Standards Institution

Source:: ISO/IEC
Committee:: IST/33/5 - Identity Management and Privacy Technologies
Categories:: Information management | Standardization. General rules

Scope

This document describes different technical approaches suitable in different ecosystems for age assurance systems and guidance for their implementation

Purpose

Governments throughout the world have implemented policies for the protection of children from harm
through access to age restricted goods, content or services. The growth of online services has enabled greater access to age restricted items and materials, but the development of protective mechanisms for age-related eligibility decisions still lags behind. There is a lack of internationally recognised standards for age assurance functionality and the ability to benchmark age assurance solutions. This proposed series of Age Assurance Systems standards aims to solve the problem of inadequately defined age assurance processes and associated lack of trust in the outputs of those processes by policy makers, regulators, relying parties and individuals.
The following gaps have been identified, and will be addressed by this series of standards:
— There are no internationally recognised benchmarks for benchmarking analysis against which age
assurance solutions can be assessed and scored.
— There is no internationally recognised methodology by which a policy maker or regulator can specify requirements and desired characteristics, e.g., “we require you to only supply service ‘x’ to an individual if your solution is able to meet the following characteristics in accordance with ‘z’ standard”.
— It is challenging for suppliers of products, content or services to specify the properties of a desired
age assurance solution; it is likewise challenging for an age assurance system provider to market the
characteristics of their solutions to such suppliers.
— Suppliers of products and providers of content and services must rely on bespoke and proprietary
age assurance systems developed for specific use cases..
— Interaction with multiple age assurance systems results in both risk and inconvenience to individuals who may need to submit their personal data more than once and in more than one place.

Comment on proposal

Required form fields are indicated by an asterisk (*) character.

How important do you think standardization is in this area? *

Do you agree that a standard on this subject is feasible?: *

Please give reasons for your selections above: *

Would you or your organization use the standard? *

Would you or your organization be prepared to participate in the development of the standard or to comment on the draft when it is available? *

Are you aware of any regulation, existing standards and other good practice information in this area in the UK (e.g. Industry codes of practice; company specifications, international or European Standards)? *

Would the development of a standard(s) in this area have a particular impact/relevance to SME, consumer, environmental or societal interests? *

Are you aware of any other organizations to which this proposal may be relevant? If so please provide details below. *

Additional comments on the scope or proposal:

Although BSI will not usually enter into correspondence regarding individual comments or suggestions we may wish to contact you to seek further clarification. Please indicate whether this will be acceptable: *

Discard

Please email further comments to: debbie.stead@bsigroup.com

Standard timeline

1. Proposal

Proposal start date:

12/07/2024

Proposal end date:

19/08/2024

2. Draft

3. Public Comments

4. Comment Resolution

5. Approval

6. Publication

Learn more about the standards development process

Standards Development

ISO/IEC NP 27566-2 Age assurance systems — Part 2: Technical approaches and guidance for implementation

Scope

Purpose

Comment on proposal

Discard changes?

Submit comment

Submit comment

Follow standard

Unfollow standard

Error