New Laws, Old Tech. What A Blockchain Like Concordium Can Do About Age Verification

Concordium
July 31, 2025
Governments want stricter online safeguards. Users want privacy. Traditional solutions force them into an impossible choice. Concordium shows it doesn’t have to be one or the other.

On July 25th, the UK ushered in a digital turning point: all adult content platforms must now deploy “robust” age verification measures or face multi-million-pound penalties. The move is part of the UK’s Online Safety Act, which is aimed at shielding children from explicit content. That’s all fine and good, but it’s also triggering an intense backlash–and rightly so.

Upload a face scan of your ID and passport? No thank you! As reported by the BBC and other tier-one news outlets, users are deeply uncomfortable with this. Some fear exposure. Others fear data leaks.

And this isn’t just a UK problem. France passed a similar law earlier this year, requiring adult websites to implement verified age assurance or face blocking by ISPs. In the U.S., over a dozen states, including Texas, Utah, and Louisiana, have passed or proposed legislation mandating digital age verification for adult content or social media. While enforcement models vary, the outcome is the same: governments are shifting regulatory responsibility to platforms. And platforms are passing the burden—and the privacy risk—on to users.

The Right To Be Worried

Clearly the real issue isn’t age checks. It’s the lack of trust.

What we’re witnessing is a collision between regulatory intent and technological limitations. Governments are right to want safeguards that protect children. But reality is that most of today’s verification solutions demand that users surrender personal data to centralized third parties, which are often obscure vendors few users have heard of, and even fewer would voluntarily trust them with something as sensitive as a passport, facial scan, or browsing behavior. Yet, compliance is being enforced at the expense of dignity, autonomy, and security.

People are right to be wary. According to IBM’s 2024 Cost of a Data Breach report, the average breach cost now stands at $4.45 million, the highest on record. Even more concerning, identity-related breaches account for over 53% of all incidents, often exposing highly sensitive personal data like government IDs, biometric scans, and account credentials. In 2023 alone, more than 353 million people had personal information compromised across major global breaches. So when regulators insist on age or ID checks, it’s a recipe for mass avoidance.

The Age of VPNs & Decentralized Tools

In the age of VPNs and decentralized tools, users shouldn’t have to comply if they don’t trust the system. VPNs can mask location, while anonymous blockchains allow people to transact without leaving a trace of who they are. These tools offer a kind of escape hatch from surveillance-heavy solutions. However, they come with serious drawbacks. VPNs verify nothing, which makes them useless for platforms that need to enforce age restrictions or legal compliance. Anonymous blockchains, while powerful for privacy, offer no accountability, making them a haven for abuse, fraud, and exploitation. The result is a growing gray zone, where regulators are blindfolded, businesses create systems with zero safeguards, and bad actors thrive off user vulnerability.

Concordium: Responsible Anonymity

It’s ludicrous to ask users to gamble with their privacy in order to prove their legality. The big question is: How do you allow anonymous interactions, yet still hold someone legally accountable if needed? There is a way.

Concordium, a layer-1 blockchain with an embedded identity layer, was designed for this precise challenge. It enables verified interactions and gated access without compromising user privacy. Its model is unique: before creating a wallet, users verify their real-world identity through a certified Identity Provider. That verified status is then cryptographically linked to their blockchain address—not their name, photo, or document number—via zero-knowledge proofs (ZKPs). And no personal information is stored on the blockchain.

This means users can prove they're over 18, within a certain jurisdiction, or meet any other attribute-based requirements without revealing their identity or location to the site they’re using. It’s privacy-preserving by default, yet compliantly aligned when legally required.

In fact, Concordium’s verification process goes further. Should law enforcement need to unmask a bad actor (via court order), a multi-party mechanism involving Privacy Guardians can map the blockchain account back to the verified identity, ensuring both privacy for the law-abiding and accountability for the malicious.

Toward a More Ethical Internet

If the current wave of regulation teaches us anything, it’s that digital anonymity and safety don’t have to contradict. But maintaining both will require rethinking how identity works online, namely not as a surveillance tool, but as a selective, user-controlled signal. Achieving a more ethical internet experience will require governments and businesses to move beyond checkbox compliance and start designing systems that reflect how people actually want to engage online: securely, privately, and with agency.

It’s time we stop acting like privacy and safety are mutually exclusive. Yes, the internet we build must protect children, but not punish everyone else in the process. For platforms struggling to navigate age verification without alienating users, Concordium is enhancing its platform with additional features such as Verify & Pay for seamless eligibility and payment transactions in one click. This is more than technical compliant-readiness, it’s a digital trust architecture fit for the age of data sovereignty and accountability.

Learn more about ID Verification on Concordium

Join the Concordium Community, follow us on X.