Italy

[IT] AGCOM Approves Age Verification Regulation for Online Platforms

IRIS 2025-5:1/22

Francesco Di Giorgi

Autorità per le garanzie nelle comunicazioni (AGCOM)

AGCOM, the Italian Communications Authority and Digital Services Coordinator, has officially approved the regulation on age verification for access to online platforms providing adult content. The measure aims to ensure minors are effectively protected from the dangers of the internet.

The new regulation, annexed to Resolution No. 96/25/CONS, sets out the compulsory procedures for video-sharing platforms and websites offering adult content in Italy to verify users’ age (so-called age assurance or age verification). This initiative enforces Article 13-bis of Legislative Decree No. 123 of September 15, 2023, converted, following amendments, into Law No. 159 of November 13, 2023 (known as the "Caivano Decree").

The regulation was developed following a public consultation that involved 13 stakeholders, including institutions, industry, consumer associations, and major video-sharing platforms. It also received the favourable opinion of the Italian Data Protection Authority (see IRIS 2024-4:1/6 and 2024-9:1/10).

Since the regulation qualifies as a technical rule under Directive (EU) 2015/1535, it was notified to the European Commission in October. The Commission provided a detailed opinion, which AGCOM considered in finalising the regulation.

All video-sharing platforms and websites disseminating pornographic content in Italy are now required to comply with these provisions. In cases of non-compliance, AGCOM is authorised to adopt all necessary measures, including blocking access to the website or platform until compliance is ensured.

The regulation defines an age verification system that involves certified independent third parties responsible for providing proof of age. The process is structured around two logically distinct stages—identification and authentication of the individual—for each session of access to regulated services (e.g., adult content websites or platforms).

For age verification systems that rely on apps installed on the user's device, an application is made available to generate and certify the “proof of age” (e.g., a digital identity wallet app or identity management app). This proof can be used for any purpose requiring identification. Users can complete the identification process and provide the certified proof of age directly through the installed app when visiting a website or platform.

This system ensures a level of security proportional to the risk involved and adheres to the principle of data minimisation. A “double anonymisation” mechanism prevents the age verification provider from knowing which service the proof is being used for, and ensures that the proof submitted to the website or platform contains no identifiable user data.

AGCOM has adopted a technologically neutral approach in designing the age assurance framework, while establishing key principles and requirements that all systems must meet. Furthermore, the age verification systems must comply with upcoming guidelines to be issued by the European Commission under the Digital Services Act (DSA), particularly Article 28. As such, the regulation may be updated or revised to align with future EU requirements.