What laws require real-name or ID verification for online platforms in the EU and member states?

1. EU‑level rules: the DSA, eID framework and a targeted age‑verification duty

The Digital Services Act (DSA) requires platforms to take special measures to protect minors and to apply “age‑appropriate” safeguards, which European Commission guidance has interpreted as encompassing technical age verification/assurance obligations for services accessible to minors — not a general real‑name duty for all users ^{[1] [4]}. Parallel to the DSA, the European Digital Identity (EUDI) regulation (eIDAS 2 / Regulation (EU) 2024/1183) mandates Member States to provide national EU Digital Identity Wallets by end‑2026, and the Commission has published a “mini‑wallet” blueprint that lets users prove age without disclosing identifying details, creating an EU‑level infrastructure that platforms will be expected to accept for age verification ^{[3] [2] [1]}.

2. Member states and regulators: pockets of ID verification requirements and pilots

Several Member States and regulators are already operationalising verification duties: Italy’s communications regulator AGCOM has defined an identification/authentication two‑step age‑verification model in Resolution No. 96/25/CONS and national debates in Italy, Spain and elsewhere have produced statutory or regulatory requirements for platforms to prevent minors’ exposure to harmful content — measures that often translate into practical ID/age checks ^[4]. The Commission’s mini‑wallet is being piloted in Denmark, France, Greece, Italy and Spain as a harmonised means to satisfy national obligations, with Member States expected to integrate the solution into national wallets ^{[2] [7] [8]}.

3. Limits, litigation and the country‑of‑origin tension

Legal challenges and CJEU‑level scrutiny are already testing national schemes: an Advocate General opinion in late 2025 concluded that a national SREN law’s obligation to require age verification by online service providers may be incompatible with EU law and the e‑Commerce Directive’s country‑of‑origin principle, and a CJEU ruling expected in 2026 could reshape the permissibility of national ID requirements for platforms ^[4]. Independent commenters warn that other case law may be interpreted to impose identity verification or intrusive monitoring obligations on platforms — a controversial reading debated by privacy and legal experts ^[9].

4. Pushback, privacy concerns and alternative technical models

Civil‑society groups and privacy advocates (EDRi, EFF among others) oppose broad ID‑for‑access regimes and caution that age‑verification systems can erode anonymity and disproportionately burden marginalized users; they promote privacy‑preserving age‑claims (the mini‑wallet model) or non‑ID safety measures instead ^{[5] [6]}. Industry responses vary: some newcomers position mandatory verification as a selling point (the “W” platform requires identity verification by design), while most large platforms are adapting to accept interoperable digital‑wallet credentials rather than adopt raw real‑name databases ^{[10] [11]}.

5. Practical picture today: targeted ID/age verification, not universal real‑name laws

The net effect is that EU law is creating categorical obligations to verify age for certain services and an interoperable EU identity infrastructure that will make ID‑linked checks feasible and widely accepted, but there is no single EU statute that imposes blanket real‑name verification for all online accounts across the board; instead, a patchwork of DSA duties, eID wallet rollout, national regulator rules and pending litigation determines when platforms must verify identity or age in practice ^{[1] [3] [4]}. Where Member States or regulators require age assurance, the Commission’s mini‑wallet and the EUDI framework are the intended harmonised technical routes to compliance, while court rulings and civil‑society scrutiny will continue to constrain how far verification can be tied to personal identity ^{[2] [4] [5]}.