Which countries implemented mandatory age-verification for adult websites by 2025 and what systems do they use?
Executive summary
By mid‑2025 several Western jurisdictions had active mandatory age‑verification rules for adult websites: the UK’s Online Safety Act began enforcing “strong age checks” on July 25, 2025 [1], France enacted a law in June 2025 requiring privacy‑aware ID or biometric layers [2], and many U.S. states—reported as 19 by January 2025 and 25 by mid‑2025 in industry tallies—had passed laws forcing sites to verify visitors’ ages using government ID, transactional data or third‑party services [3] [4]. Regulators across Europe and elsewhere favoured systems that attempt “double anonymity” or zero‑knowledge proofs; U.S. state laws typically accept government IDs, credit‑card or bank/transaction checks and third‑party age‑verification providers [5] [6].
1. US states: a patchwork of mandatory checks and multiple accepted methods
Since Louisiana’s 2022 law, dozens of U.S. states enacted statutes requiring adult sites to implement age verification; Axios counted 19 states as of Jan. 16, 2025 and industry trackers reported 25 by June 30, 2025 [3] [4]. Those laws generally require “reasonable” or “strong” verification and list acceptable mechanisms such as government‑issued ID checks, digital identity tokens, or commercial verification that uses government ID or transactional data (credit card/banking) operated by third parties [7] [6]. Enforcement and penalties vary by state; some include private‑right‑of‑action exposure and fines per violation [8].
2. UK: Ofcom’s “strong” checks and an enforced start date
The UK’s Online Safety Act placed a duty of care on services hosting pornographic material and Ofcom required “strong age checks,” which were enforced beginning July 25, 2025 [1] [9]. Ofcom’s guidance lists approved methods ranging from open banking checks to document and facial verification and digital identity services. British coverage and watchdog reporting emphasise the regulator’s demand for privacy‑preserving technical designs, but independent testing and hacking reports showed many implementations were immediately susceptible to bypass or inconsistent deployment [1] [10].
3. France and continental Europe: certified third parties and “double anonymity”
France implemented a law in June 2025 that requires certified independent verifiers and mandates technical guards to separate identity from browsing habits — often described as “double anonymity” so neither the verifier nor the site knows both who the user is and which site they visited [2] [5]. EU regulators and national bodies have been steering member states toward privacy‑centred mechanisms (age tokens, zero‑knowledge proofs) even while demanding robust proof‑of‑age such as ID matching or secure digital wallets [1] [11].
4. Australia, Germany and other markets: staged rollouts and device‑level signals
Australia moved from pilots to a staged enforcement plan in 2025, testing age‑assurance technology and planning broader checks tied to search engines and ISPs before extending to websites [5] [2]. Germany’s longstanding framework under the KJM requires mandatory age verification for pornographic sites and has accepted a mix of identity document checks and other technical measures [12]. Reporting shows regulators differ on whether device signals or central identity systems are acceptable versus per‑session cryptographic tokens [12] [11].
5. How systems work in practice: IDs, transactional checks, biometrics and privacy engineering
Accepted verification methods in the sources include government ID scanning and matching, credit‑card/open‑banking transactional checks, facial age‑estimation, and digital identity wallets that issue one‑time age tokens or cryptographic attestations [7] [1] [13]. European guidance increasingly favours zero‑knowledge or token‑based approaches that prove “18+” without revealing underlying identity, while many U.S. laws still anticipate direct ID or transactional verification through commercial providers [1] [8].
6. Limitations, circumvention and political fault lines
Multiple sources report immediate pushback: privacy advocates warn about data collection risks and identity theft if sites retain ID images; vendors and operators warn traffic will migrate to non‑compliant or offshore sites; ethical hackers demonstrated bypasses to some UK checks soon after enforcement began [10] [8] [1]. The Supreme Court decision upholding Texas’s law (reported June 2025) removed a major constitutional barrier in the U.S., increasing the likelihood other states press forward—but also sharpening free‑speech and privacy disputes [6].
7. What reporting does not say or remains unsettled
Available sources do not list a definitive, globally exhaustive roster of every country that had implemented mandatory age verification by the start of 2025; they instead offer snapshots (U.S. states count, UK, France, Germany, Italy testing, Australia pilots) and policy summaries [3] [1] [2]. Precise technical supplier lists for each law, the granular timelines for every national rollout, and comprehensive enforcement statistics through late‑2025 are not fully enumerated in these sources (not found in current reporting).
Sources cited: Axios and AVPA for U.S. state counts [3] [4], AP/US News for method descriptions and Supreme Court context [6] [8], Ofcom/TechRadar and reporting on UK enforcement [1], French and EU guidance and “double anonymity” [5] [2], ethical‑hacker testing from Sky News [10], and policy surveys of international approaches [12] [7].