“It is for parents to raise their children, and not the platforms.”
Those were the words of European Commission President Ursula von der Leyen on Wednesday as she announced the readiness of the EU’s online age verification, ahem, platform. As we’ve been warning since November 2024, these platforms are ultimately a Trojan Horse for digital identity systems, which are in turn intended to serve as the cornerstone for the digital gulags being quickly assembled around the world.
What gets rarely mentioned in the public debate, including in Von der Leyen’s 11-minute speech below, is the fact that online age verification inevitable traps everyone, not just minors, in its web. “Protecting the children”, however, is always a seductive pretext for launching otherwise socially unacceptable policies. And there are few more socially unacceptable policies than the controlled death of online privacy and anonymity.
It is for parents to raise their children. Not platforms.
The European Age Verification App is ready ↓ https://t.co/EumEPEJOI7
— Ursula von der Leyen (@vonderleyen) April 15, 2026
To save readers from having to stomach Von der Leyen’s sickly sweet presentation of the European Age Verification App, punctuated with beaming smiles, here is a summary of the main points:
The app, VdL says, is necessary to make the online world safer for children — safer from online bullying, highly addictive content, highly personalised advertising, harmful and illegal content, and grooming from online predators.
VdL claims to have herself “carefully listened to the parents, who do not have proper solutions to protect their children” whose concerns she shares. “It is”, she says, “for EU institutions parents to raise their kids and not for platforms.”
To protect children from the dangers of the online world, the EU needs a “harmonised approach” — in other words, a “Europe-wide technical solution for age verification.” And the good news is that the European Age Verification app is “technically ready” and will soon be “available for people to use.”
VdL likened providing proof of age to access online platforms to supermarkets asking young people for ID to purchase alcoholic beverages. What she doesn’t say is that people of all ages, even adults well into retirement age, will have to provide proof of age to access online platforms. That is a major distinction that doesn’t once get mentioned. Also, once this system is in place, users would not just momentarily display their ID like one does when buying alcohol. Instead, they’d have to submit their ID to third-party companies, raising major concerns over who receives, stores, and controls that data.
France, Denmark, Italy, Spain, Greece, Cyprus and Ireland are the so-called “frontrunners” in adopting the app. From the horse’s mouth: “They are planning to integrate the app into their national [digital ID] wallets and I hope more member states and private sector companies will follow, so that every citizen can use pretty soon this app.”
VdL likened the age verification system to the COVID pass, which is not exactly reassuring. With another of her bone-chilling smiles, she said: “this is not the first time the Commission has come forward with an innovative solution to a new problem” that would then go on to became a template not just for EU member countries to use but also “our global partners” around the world. Which brings us to the part that merits direct quotation:
“We all remember the COVID pandemic. Our world came to a complete standstill. But as we came out of the lockdowns and as vaccines were available, the Commission came up with the COVID app in record time — it was three months — to help bring us back to normal life in a safe way. With a scan of our COVID certificate — you will remember, we could go to a concert, board a plane to travel, etc, etc — 78 countries in four continents were using this app.
So, it was a huge success. And now we are taking this success and applying it to the age verification app, following the same principles, following the same model. First, it was user friendly. You download the app, you set it up with your passport or ID card, you then prove your age when accessing online services. Second, it respects the highest privacy standards in the world… Third, it works on any device — phone, tablet computer, you name it. And finally, it is fully open source.”
What VdL describes as a “huge success” represented an unprecedented violation of basic rights, including personal privacy and bodily autonomy. It also further centralised power in the hands of the VdL Commission. Who can forget how VdL abused that power in her vaccine negotiations with Pfizer as well as the destruction of evidence that followed?
Naked Capitalism was among relatively few alternative media sites to flag the potential risks posed by the EU’s “Green Pass” on its launch in April 2021, as well as all the other digital health passes being developed by public private partnerships such as the Rockefeller Foundation’s Common Pass and ID2020’s Good Health Pass Collaborative.
As we warned in our April 13, 2021 post, “7 Reasons Why a Vaccine Passport (Pass, Certificate or Whatever They Want to Call It) Should Give Us Pause“, mission creep was arguably the biggest risk of all, especially with state-controlled digital IDs and programmable central bank digital currencies already on the horizon:
The framework is unlikely to be limited to health-care information. The use of the term “digital wallet”, both by the Vaccine Collective Initiative and IBM, to refer to their different digital health passes suggests that economic activity could become an integral part of the frameworks’ functions. The developer of the Vaccine Collective Initiative’s SMART Health Cards framework at Microsoft Health, Josh C. Mandel, hinted in a recent YouTube presentation that SMART Health Cards could soon be used as IDs for commercial activity, such as renting a car.
That this is all happening as central banks around the world are busily laying the foundations for central bank digital currencies, or CBDCs as they’ve come to be known, raises the specter of digital vaccine passports being used as a vehicle for the creation of a purely digital currency system to replace physical coins and notes. That’s not to say this will happen but it is a distinct possibility. If the vaccine passport does give way to a broader digital ID system, which in turn serves as the pass key for a CBDC, and cash is then eliminated, opting out will be much harder. And opting in will leave us subject to levels of surveillance and control that were heretofore unthinkable.
Now, VdL is herself openly admitting that the Commission is following the exact same principles and model behind the Green Pass to create the European Age Verification App. Coordination is already ramping up at the highest levels of the EU bureaucracy to ensure that the age verification platform is rolled out as quickly and as seamlessly as possible. From Reuters:
French President Emmanuel Macron will host a video call with other EU leaders and European Commission President Ursula von der Leyen to push for a coordinated approach on banning social media for minors, Macron’s office said Tuesday.
Spanish Prime Minister Pedro Sanchez and representatives of Italy, the Netherlands and Ireland will attend the conference call, among others, on Thursday, Macron’s office said, adding that the final list of attendees will be announced later.
“The main goal is to act in a coordinated manner and push the European Commission, in the positive sense of the term, to move ahead at the same pace as member states,” a presidential aide told reporters.
Thank you @emmanuelmacron for organising this discussion on the safety of our children online.
With the DSA, we have EU-wide rules.
And now we have an EU-wide app.
It’s piloted in 🇫🇷 🇩🇰 🇬🇷 🇮🇹 🇪🇸 🇨🇾 🇮🇪
And soon available to all.
Online platforms are held accountable.
Parents… https://t.co/PQQgZisvPP
— Ursula von der Leyen (@vonderleyen) April 16, 2026
A Totally Voluntary System, Apparently
The Commission has been at pains to stress that the EU Digital Identity Wallet that forms the backbone of the age verification app will be voluntary as well as safe and secure, even producing the following infographic to supposedly debunk the claim.
Similar claims, of course, were made by Narenda Modi’s government before launching Aadhaar, India’s now de facto mandatory digital identity system. Since its launch over a decade and a half ago, the Indian authorities have struggled, and failed, to make Aadhaar fraud-proof. The world’s largest digital identity has suffered innumerable breaches, including one that potentially exposed the sensitive personal data of around 815 million Indian citizens.
As readers may recall, the EU’s digital vaccine certificate was also marketed as “voluntary” before becoming necessary for citizens to perform even the most basic of functions in many EU member states, from travelling to working to accessing basic public services. Some countries, including Germany and Austria, even used the vaccine passport system to impose lockdowns of the unvaccinated.
In its article, “EU Says EUDI Wallet Is Voluntary; Germany’s SPD Plan Says Otherwise“, Reclaim the Net outlines how the EU’s “voluntary” digital identity system can quickly become de facto mandatory through the online age verification requirements:
The EU’s digital identity wallet is voluntary. That’s the official position, repeated often enough that the European Commission felt the need to label the opposite claim a “myth.”
Under the eIDAS 2.0 regulation, use of the wallet is voluntary and free of charge for citizens. Nobody will be forced to download the app. Nobody will be compelled to link their government ID to a smartphone.
The EU has been very clear about this.
Germany is now showing everyone what “voluntary” actually means.
The country’s Social Democratic Party (SPD) has proposed making the EUDI Wallet the tool for accessing social media platforms, tying the proposal to an impulse paper circulated ahead of a CDU federal conference in Stuttgart.
The plan creates a three-tier system. Children under 14 would face a complete ban, with platforms required to “technically prevent access.” Users aged 14 to 15 would get youth-only platform versions with restricted algorithmic features, and everyone 16 and older would need mandatory EUDI Wallet verification.
That last category includes every adult in Germany. The wallet that nobody is forced to use becomes the only way to access Instagram, TikTok, or Facebook…
The broader EU framework around the wallet tells its own story about where “voluntary” is heading. Under the eIDAS 2.0 regulation, all Very Large Online Platforms and companies required by law to use strong customer authentication must accept the EUDI Wallet by late 2027.
The EU’s own Digital Decade target aims for 80% of citizens to use a digital ID solution by 2030, with the EUDI Wallet as the primary instrument for reaching that goal. You don’t set an 80% adoption target for something you genuinely intend to keep optional.
Open Source Claims
The German digital activist Michael Ballweg has described Von der Leyen’s claim that the EU’s age verification app is fully open source as “yet another typical Brussels half-truth that needs to be dissected”:
The truth is: The EU Commission, under the European Digital Identity Wallet (EUDI Wallet) project, is indeed making several key components of the Age Verification Solution available as open source on GitHub. The core – that is, the app building blocks, the protocols, and the zero-knowledge technology – is publicly accessible. Member states, developers, or even third countries can adopt and adapt it all. That’s the “blueprint,” the modular system.
But here’s the crucial catch, which they conveniently omit:
The finished app that you later download to your phone is not centrally provided by the EU. It comes from your national government or its service providers. It is integrated into the respective national digital wallet. And these national versions aren’t automatically 100% open source, even if they’re based on EU building blocks.
Some parts—especially the backend infrastructure, the servers, the connection to government databases, and specific national adaptations—can remain completely proprietary and opaque.
And that’s precisely what’s dangerous.
You’re presented with a nice, “privacy-friendly” frontend with zero-knowledge promises—but the real power, the control, the data flows in the background remain shrouded in mystery. Who’s really checking what’s happening with your ID cards, your devices, and your movement profiles when national authorities or their private partners operate the backend?
This isn’t an open system. It’s a modular system where the important drawers remain locked.
Then there’s the equally concerning question of security. Within literal minutes of the app’s launch, IT security consultants and hacktivists were already finding glaring flaws in the security architecture.
The “age verification app” the EU wants to impose on the world got hacked in 2 minutes.
Step 1: Present a “privacy-respecting” but hackable solution.
Step 2: Get hacked (you are here).
Step 3: Remove privacy to “fix” it.
Result: a surveillance tool sold as “privacy-respecting”.
— Pavel Durov (@durov) April 17, 2026
A tweet from International Cyber Digest:
The EU’s new Age Verification app was hacked with little to no effort. When you set it up, the app asks you to create a PIN. But that PIN isn’t actually tied to the identity data it’s supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user’s verified identity credentials as if nothing happened.
It gets worse. The app’s “too many attempts” lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.
Here is a demonstration video of how the ‘hack’ was performed. https://t.co/GA8oC9tRtn
— International Cyber Digest (@IntCyberDigest) April 16, 2026
Another major architectural flaw was flagged by a March 2026 security analysis of the app’s open-source code, reports Reclaim the Net in another article.
The system’s issuer component has no way to verify that passport verification actually happened on the user’s device.
The researchers who found the vulnerability noted an uncomfortable tradeoff at the heart of the design. Fixing the security gap would likely require sending full passport cryptographic data to the server, including the user’s name and document number, which would amount to a significant reduction in the privacy the system currently promises.
The Commission calls this a “mini wallet.” That nickname reveals more than the branding intends. The app is built on the same technical specifications as the European Digital Identity Wallets, ensuring compatibility and future integration.
A number of third party companies that manage digital age verification systems have already suffered serious data breaches, including AU10TIX, a major Israeli identity verification company, as well as one of the vendors used by leading gaming platform Discord.
Discord says a vendor breach exposed user data: names, emails, IP logs, billing info, and even some government IDs.
The attacker wanted ransom, but the real story is this: once platforms collect official IDs, the risk is permanent.
Governments keep pushing online ID mandates.… https://t.co/G0fKHcXVXS
— Reclaim The Net (@ReclaimTheNetHQ) October 4, 2025
That didn’t stop Discord from proceeding with plans to require a bio-metric face scan or ID verification for full access to the site.
A reminder that this is the same Discord that suffered a data-breach last October where some 70,000 images were exposed. https://t.co/3ACqfN8a2C
— STOPCOMMONPASS 🛑 (@org_scp) February 9, 2026
It’s not just alternative media that are warning of the risks:
Bank ID, Sweden’s de facto national digital ID system, was also hacked a couple of months ago.
🚨 BankID is Sweden’s defacto National Digital ID based system used across 7,500 services, including govt.
🤖 A severe data breach has been confirmed with hackers claiming they pulled source code, user data and other internal system data. https://t.co/JxmIItDSQo
— STOPCOMMONPASS 🛑 (@org_scp) March 18, 2026
As Electronic Frontier Foundation has repeatedly warned, “online age verification is incompatible with privacy“:
In the final analysis, age verification systems are surveillance systems. Mandating them forces websites to require visitors to submit information such as government-issued identification to companies like AU10TIX. Hacks and data breaches of this sensitive information are not a hypothetical concern; it is simply a matter of when the data will be exposed, as this breach shows.
But that doesn’t seem to matter. After Australia became the first Western country to roll out a full-fledged online age verification system in December, governments of all stripes are lining up to follow suit, including the UK, Turkey, Brazil, multiple states across the United States, and even the US federal government itself, where the idea appears to enjoy bipartisan support. No great surprise there.
The White House AI framework calls age verification “privacy protective.” There is no version of age verification that doesn’t require touching sensitive personal data. And there is no version of collecting sensitive personal data at scale that isn’t a breach waiting to happen… https://t.co/1v4GcNy84l
— Reclaim The Net (@ReclaimTheNetHQ) March 21, 2026
Turkey is about to tie every social media account to a national ID number. Miss the three-month window and the account gets shut down. Justice Minister Gürlek says social media is “definitely not a space for freedom.” The system he’s building proves it.https://t.co/egeXNZbefY
— Reclaim The Net (@ReclaimTheNetHQ) April 16, 2026
In Australia, meanwhile, VPN usage is surging as Internet users, presumably of all ages but one imagines that particularly the tech-savvy youth that are supposedly the target of all this legislation, seek workarounds to the age verification requirements. This in turn has prompted speculation that Canberra may choose the nuclear option of trying to ban VPNs, just as the UK, France and other European governments have threatened to do (as we discussed here).
None of this is happening in a vacuum. It is happening precisely at a time when governments across the so-called “liberal” West are resorting to increasingly intrusive and repressive measures to track and control their respective populaces. Online censorship is on the rise. In the UK, police arrest 30 people a day for online posts, notes Silkie Carlo, the director of Big Brother Watch: “Over the past decade alone, police have racked up almost 150,000 “non-crime” hate incidents – that is, lawful speech.”
The UK, like other European governments, is also making it harder to protest while prosecuting subjects/citizens for protesting against Israel’s genocide in Gaza. As Grayzone reported this week, “the British state is so desperate to crush these antiwar activists and preserve Israeli death factories on its soil that it is resorting to crude anti-democratic tactics and corrupting the entire jury system.”
EXCLUSIVE: UK seeks to jail Palestine Action for ‘terrorism’ amid UK media blackout
6 activists could be sentenced as terrorists, facing long prison terms
But the jury has not been notified about the ‘terror’ designation, and UK media can’t report on ithttps://t.co/pbwG5JvhCo
— The Grayzone (@TheGrayzoneNews) April 12, 2026
Meanwhile, Brussels and Washington are imposing what amounts to starvation blockades on prominent individuals that have dared to challenge Israel’s genocide or Gaza or question the wisdom of the EU’s actions in Ukraine. They include the UN rapporteur on the Palestinian territories, Francesca Albanese, four International Criminal Court judges, the geopolitical analyst and former Swiss army colonel, Jacques Baud, and the pro-Palestinian journalist Hüseyin Dogru.
Their experience now has a name: “civil death”. Their assets are frozen, access to banking services are blocked and the ability to participate in the official economy is almost completely paralyzed. The sanctions are imposed without prior judicial control and those affected are not given a legal hearing before they are listed. As in Kafka’s The Trial, once you get caught in the bureaucratic vice, there is no escape; it just keeps tightening.
On the one hand, governments and the corporations whose interests they serve want to digitise and tokenise everything, making us increasingly dependent on digital platforms. On the other hand, they want to, and are close to, setting up internet controls governed by digital ID checkpoints that will strip away the very last vestiges of digital privacy and anonymity. These checkpoints will also allow them to block online access to anyone who is deemed a threat.
This, it seems, was always the plan. In my 2022 book Scanned: Why Vaccine Passports and Digital IDs Will Mean the End of Privacy and Personal Freedom, I quoted from a 2018 World Economic Forum report that openly admitted that while verifiable identities “create new markets and business lines” for companies, they also (emphasis my own) “open up (or close off) the digital world for individuals”. Welcome to the digital gulag.
Roger Waters performing one of the most underrated songs of Pink Floyd, Mother, released within the band’s ground-breaking album The Wall in 1979.
However, Waters was not alone in this live performance. He was accompanied by Irish singer and song-writer Sinéad O’Connor.
— Rock’n Roll of All (@rocknrollofall) August 28, 2024
