persona-logo
Industry
Published April 10, 2025
Last updated April 10, 2025

How does the Age Check Certification Scheme help businesses assess age estimation solutions?

Learn how third-party certification programs like the Age Check Certification Scheme (ACCS) make it easier to compare age assurance solutions.
Kerwell Liao
Kerwell Liao
10 min
Key takeaways
The Age Check Certification Scheme (ACCS) is a third-party certification program that evaluates the accuracy, performance, and effectiveness of age estimation solutions. 
Third-party certification programs make it easier for businesses to compare the age estimation solutions they are considering in a head-to-head, apples-to-apples way.
Organizations should look for certified solutions that offer comprehensive capabilities beyond just establishing someone’s age, including privacy controls, fraud prevention, and the flexibility to adapt to changing requirements.

If you were to purchase a new car today, efficiency might be one of your top criteria. In the US, the EPA standardizes the methods used to test and calculate the fuel economy estimates that dealerships post on the window stickers of new cars. As a result, consumers can compare fuel economy across manufacturers and models. (Here, fuel economy covers both gasoline-powered and electric vehicles.)

But imagine a world devoid of such standards. How much would manufacturers share about their fuel economy testing and calculation methods? Without enough context, how would car buyers be able to trust manufacturers’ claimed numbers and compare them against each other? 

Sure, sophisticated consumers choosing between a Toyota Camry and Honda Accord might be tempted to run their own controlled tests, but that would require significant time and money. Less sophisticated consumers might not think twice about the possibility that manufacturers could measure efficiency in different ways — and if they did, they may not know how to go about testing those claims themselves. 

These same challenges apply to the world of age estimation technology. The good news? The Age Check Certification Scheme (ACCS) audits and certifies age estimation technology (and other related technologies) to ensure that they’re safe and effective

Below, we briefly review the regulatory context making age estimation a possible solution for many of today’s businesses. We then take a closer look at the challenges associated with evaluating age estimation solutions, explain what the ACCS is, and discuss the role of independent certification. Finally, we provide a number of best practices you should keep in mind when selecting an age estimation solution for your business. 

Age estimation: understanding the regulatory context

In recent years, we’ve seen a significant shift in how governments approach online safety. This has led to regulations requiring age estimation or verification in a variety of industries and in countries around the world

The UK's Online Safety Act, the EU's Digital Services Act, Australia’s social media ban, and a number of state-specific laws (and proposals) in the United States all emphasize the obligation of digital service providers to implement age assurance measures that are proportionate to the risk of harming minors. These regulations share a common goal: foster age-appropriate digital experiences while protecting younger users from potentially harmful content.

What makes these regulations particularly noteworthy is their emphasis not just on having age assurance in place, but also ensuring these systems are demonstrably reliable and trustworthy. This is where certification becomes indispensable.

The challenge of evaluating an age estimation solution

When evaluating an age estimation solution, it’s natural to think that it begins and ends by considering how accurate each solution is. But while accuracy is an important metric to consider, it isn’t the only one that matters. For example, the ability to easily configure the solution to suit per-region requirements is also key, since age thresholds, allowed assurance methods, and data safeguards (e.g. managing consent and minimizing collection of unnecessary data and redacting collected data that doesn’t need to be kept) differ from one region to another. The ethical provenance of training data and a smooth end-user experience are also important factors to consider.

That said, accuracy is still an important factor to take into consideration. However, accuracy claims are difficult to interpret — and can even be misleading — without context around how they were attained. A solution might, for example, claim high accuracy based on limited testing with an unrepresentative sample or different (i.e., more lax) evaluation criteria than other solutions.

Some key challenges in evaluating age assurance solutions include:

  • Demographic variability: Solutions may perform differently across various demographic groups due to inherent biases in training data

  • Adverse scenarios: Performance can significantly deteriorate in the face of challenging conditions like poor lighting or complex fraud attempts

  • Risk profiles: Different user segments may require different levels of verification stringency

Before certifications like those offered by the ACCS, any age estimation vendor could claim that their estimation product was the most accurate on the market, and their test results might have supported that claim. However, no vendor was using the exact same testing sample and procedures, making it difficult to perform apples-to-apples comparisons.

What is the Age Check Certification Scheme (ACCS)?

The Age Check Certification Scheme (ACCS or sometimes ACC-Scheme) is an independent assessment body that independently tests and certifies age and identity verification systems. In addition to age verification software — the focus of this article — the ACCS also tests passport scanners, biometric technologies, and other solutions. 

The ACCS is accredited with the United Kingdom Accreditation Service (UKAS) and consists of data protection experts, certification specialists, and auditors. Because the ACCS has been approved by the UK government as a certification body, businesses looking for compliant solutions can feel confident in their choice when selecting an ACCS-certified solution.

The role of independent certification

Independent certification by third-party organizations like the Age Check Certification Scheme plays a crucial role in helping businesses compare and evaluate age verification and estimation solutions. 

Similar to the EPA for fuel efficiency in the US, the ACCS provides a way to compare age assurance solutions using standard processes so businesses can perform apples-to-apples comparisons. Specifically, the ACCS is designed to provide assurance that age estimation and verification solutions meet established standards for accuracy, security, and privacy. In an era where regulators, like those behind the UK’s Online Safety Act, demand greater online protections and higher accountability, this certification serves as an independent validation of a vendor’s technical capability and commitment to compliance.

The scheme evaluates the full life cycle of age verification solutions — from the underlying algorithms that power the solution to its data handling and privacy safeguards. This certification is a valuable indicator that a vendor has both the technical depth and operational maturity necessary for high-stakes deployments.

1. Standardized evaluation

One of the primary benefits offered by independent certification bodies like the ACCS is the fact that they evaluate all solution providers against consistent datasets that:

  • Represent diverse demographics and use cases

  • Include sufficient sample sizes for statistical significance

  • Test performance under various real-world conditions

This consistency makes it possible to directly compare multiple age estimation solutions by their accuracy metrics, including Mean Absolute Error, false negative rates, false positive rates, and more. 

2. Comprehensive assessment

Because accuracy isn’t the only metric that matters, most independent certification programs also evaluate other crucial factors that are likely to be important to businesses, including:

  • Data privacy and security practices

  • Data minimization processes to minimize risk

  • Bias detection and mitigation in the software

  • Fraud prevention capabilities

  • Accessibility and user experience

In the same way a standardized evaluation of accuracy allows businesses to make more direct comparisons between solutions, so too does the standardization of these additional factors — which can be just as important to your goals as accuracy metrics. 

3. Regular re-evaluation

The age assurance landscape is constantly evolving. As new technologies (such as the emergence of AI-generated selfies and images) become available, fraudsters increasingly incorporate them into their toolkits — forcing solution providers to adapt. 

With this in mind, many certification programs require a periodic re-evaluation of solutions to ensure that it has maintained its effectiveness despite changing fraud trends and techniques. This makes it easier for businesses to decide whether they need to change providers once they already have one in place. It also gives businesses insight into the long-term trajectory and quality of a solution, which may be an important consideration. 

Best practices for age assurance implementation

As you build your age assurance and verification program, third-party certifications like the one offered by the ACCS are an important consideration. But it’s important to recognize that it’s just one part of a broader, effective strategy. Other factors you should consider include:

Multiple verification methods

No single verification method is perfect for all organizations in all scenarios. Which methods you deploy should be informed by the regulations you are subject to, the jurisdictions you operate in, the expectations of your customers or users, and your organization’s unique risk tolerance. 

Ultimately, in most circumstances, businesses should consider implementing multiple age assurance methods and dynamically applying them depending on the risk level and context of each user interaction. Contextual factors include:

  • The geographic region a user is in — and the allowed methods for that region

  • The type of content or service in question

  • The target age group of the user and likelihood that children may access the content or service

  • Your risk tolerance and business objectives

Privacy by design

Depending on the types of age assurance technology you use, you may be collecting (or at least processing) a significant amount of sensitive information from your users. This may include names and dates of birth, government-issued IDs (like driver’s licenses and passports), selfies, and more. 

With this in mind, whatever age assurance solution you ultimately deploy should be built upon robust privacy principles. This may include:

  • Data minimization, so you’re only collecting the minimum amount of data necessary to achieve the assurance level you need

  • Purpose limitation, so you’re only using the data you collect for a specific and lawful purpose

  • User consent management, so you’re able to collect and update user consent for the collection and use of their data, as required by many consumer privacy laws, including the GDPR in Europe

  • Automatic PII redaction, to ensure sensitive information isn’t inappropriately accessed by others in your organization with no need to access it

Fraud prevention

Just as is the case with identity verification, as age assurance becomes more common, so too will attempts to skirt it. Any solution you are considering should have robust fraud prevention measures, including:

  • Liveness detection and spoof detection, to ensure you’re dealing with a real person or ID — not AI-generated assets

  • Behavioral analysis, including hesitation detection and other features that can help you gauge the risk associated with each individual session

  • Link analysis, which can help you understand how accounts on your platform are linked to one another — including whether or not suspicious links exist, which might point to coordination (such as a single fraudster opening multiple accounts for fraudulent purposes)

Looking ahead

Your age assurance program shouldn’t be a set-it-and-forget-it strategy. As the industry and technology continues to rapidly shift, you should be looking for a solution that:

  • Maintains certifications according to the latest standards

  • Adapts to new and evolving global regulatory requirements

  • Provides flexible configuration options that give you the freedom to adapt age assurance as necessary for your business

  • Offers robust privacy controls and fraud prevention capabilities 

One piece of your age assurance strategy

Certification provides a valuable framework for organizations to evaluate age assurance solutions. That said, certification alone isn't sufficient for an effective age assurance approach. To build effective age assurance programs that protect minors, maintain user privacy, and meet regulatory requirements, organizations should look for solutions that also offer comprehensive capabilities beyond establishing someone’s age, including privacy controls, fraud prevention, and the flexibility to adapt to changing requirements.

At Persona, we’ve built a flexible age assurance solution capable of balancing your compliance, conversion, and privacy needs. From government ID verification to age estimation, database verification, and Reusable Personas, Persona empowers you to customize the methods to each user’s context and gives you the controls necessary to automate consent and data collection and retention.

Given the constantly shifting regulatory and technology landscape, Persona’s age assurance teams:

  • Monitor the latest regulations and standards (Ofcom, ISO/IEC DIS 27566-1, etc.)

  • Participates in government evaluations (such as Australia’s Age Assurance Technology trial)

  • Participates in evaluations and certification programs such as those offered by ACCS, Germany’s KJM, iBeta, NIST, and more

Ready to learn more about how Persona can help you get age assurance right? Take a closer look at our age assurance capabilities, and talk to a Persona expert today.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Kerwell Liao
Kerwell Liao
Kerwell is a product marketing manager focused on Persona’s identity verification solutions. He enjoys watching basketball and exploring the world with his German Shepherd.
Continue reading
  • How to add the right age verification system to your business
    15 mins

    How to add the right age verification system to your business

    Adding the right digital age verification system that works across regions and use cases can be complex. Learn what to...

  • How to implement an age verification system for your businesses
    17 mins

    How to implement an age verification system for your businesses

    Any business that sells age-restricted products, provides access to age-gated activities, or delivers services that require adult consent must verify...

  • Building your age verification strategy: how to navigate global regulations
    5 min

    Building your age verification strategy: how to navigate global regulations

    Age verification and privacy regulations can be complicated. Learn more about how to deconstruct what the regulations mean for you,...