Germany

[DE] KJM approves age verification systems based on biometric age checks for the first time

IRIS 2022-8:1/21

Christina Etteldorf

Institute of European Media Law

The Kommission für Jugendmedienschutz (Commission for the Protection of Minors in the Media – KJM), the central organ of the 14 German Landesmedienanstalten (state media authorities) responsible for the protection of young people in the media, has, for the first time, approved three age verification systems that do not rely on identity documents but use biometric age estimation software based on machine learning. The three systems can therefore be used in the future because they meet the requirements of the German Jugendmedienschutz-Staatsvertrag (State Treaty on the Protection of Minors in the Media - JMStV). Under the treaty, providers of content that is likely to impair the development of children and adolescents must take measures to prevent minors watching harmful content.

According to the JMStV, certain telemedia content that is likely to impair the development of young people may only be distributed if the provider creates closed user groups to ensure that it is only accessible for adults. Technical systems that are designed to prevent children and adolescents in a specific age category from accessing such content, which includes pornographic material, can be submitted to the KJM, which will check whether they meet the legal requirements. Until now, all approved systems have essentially involved a face-to-face identification process such as Postident, in which a real person compares the viewer’s face with an official identity document (ID card or passport). Simple ID card number checks (e.g. Perso-Check), the presentation or submission of a copy of an identity document, or webcam-based identification are not, on their own, considered sufficient by the KJM. However, according to the KJM’s latest decision, a face-to-face check is not required when software is used to compare the biometric data from an identity document with an image of the person concerned, and the data from the identity document is automatically captured. The same applies to systems in which software determines the person’s likely age using biometric characteristics from a live camera image and generates a reliability score for the age verification result.

On the basis of these principles, the KJM has approved the “facial age estimation” concept submitted by KYC AVC UK Ltd., “Age Verification” by Ondato and “Yoti” by Yoti Ltd. These systems are all trained, through machine learning, to estimate a person’s age based on biometric features. They often also use a ‘life recognition’ test to prevent under-age website visitors using a photo of an older person to access harmful content. In order to mitigate the fact that some young people look older than they really are, which can lead to errors, the KJM requires such systems to operate a five-year buffer. They therefore need to estimate a person’s age to be at least 23 in order to grant them access to content suitable for adults only (18+). The KJM also considers the ‘life recognition’ test as a mandatory technical requirement in order to comply with legal provisions.

On this basis, the KJM, after examining the aforementioned systems, concluded that the versions submitted, when used as a partial solution, were suitable identification mechanisms under its criteria for guaranteeing a closed user group. The Freiwillige Selbstkontrolle Multimedia-Diensteanbieter (voluntary self-monitoring body for multimedia service providers – FSM) had already given its seal of approval to one of the systems.