Age assurance has moved from being a compliance checkbox to a strategic necessity in 2025. With the UK’s Online Safety Act (OSA), France’s ARCOM decree, and the EU Digital Services Act (DSA) now in force, platforms have entered a new regulatory landscape, one where minor access is not just discouraged but prohibited by law. Inaction isn’t an option. And UI-based workarounds don’t cut it.
The challenge is no longer whether to implement age checks, but it’s about how to do so without sacrificing trust, privacy, or consumer conversion. That central dilemma was the focus of Shufti’s recent webinar, Age Assurance 2.0. Smarter, Safer, and Seamless.
Moderated by Roger Redfearn-Tyrzyk , Shufti’s CCO, and joined by industry experts, Stephen Crystal (Founder & CEO – SCCG Management), and Ivan Kurochkin (Partner – 4H Agency), the discussion unpacked regulatory shifts, regional differences, and the role of technology in shaping the next era of digital trust.
The Global Tug of War: Regulation vs. Reality
Ivan kicked things off with a candid observation: regulators are piling on more compliance demands, but offshore operators often escape scrutiny. Licensed operators end up carrying the burden of stricter checks, while unregulated markets lure frustrated users.
Meanwhile, Stephen contrasted this with the US approach: historically more self-regulatory, with businesses taking frontline responsibility and lawyers stepping in only after the fact. Instead of blanket rules, U.S. companies aim for balance, keeping minors out while creating frictionless, privacy-first user experiences.
Both agreed that regulation without flexibility leads to poor outcomes, especially when cultural differences are ignored. Roger highlighted this point with a striking example:
This contrast underscored a key theme of the session: while regulation sets the framework, it is ultimately technology that determines whether compliance feels like a burden or a seamless part of the user journey.
Technology as the Bridge
A recurring theme was that technology must lead the way forward.
- Ivan highlighted Ukraine’s “DIA” app, where identity verification is fast, seamless, and state-backed, boosting conversion rates while staying compliant.
- Stephen stressed “funnel thinking,” using AI and behavioral signals to instantly greenlight low-risk users, while only escalating friction for the few who actually need it.
- Both pointed out that age verification service providers are uniquely positioned to offer hybrid solutions, from cloud deployments to on-premise installations for markets with sovereignty requirements (e.g., tribal gaming in the U.S. or CIS nations).
Today, most businesses aren’t just looking for a product provider; they’re seeking a true partner. One that understands their evolving needs, requirements, and challenges, and adapts the product accordingly. It’s not just about delivering a solution, but about building an adaptable platform and a lasting partnership that grows with the business.
The message? Smart tech can reconcile compliance, conversion, and privacy, but it has to adapt to local realities.
Enter the Waterfall- Context Intelligence and a Layered Approach
One of the session’s most discussed concepts was Shufti’s Waterfall Approach™, a multi-layered architecture of checks that begins with lightweight signals and escalates only as required.
Behavioral cues, device intelligence, AI age estimation, document checks, each adds a layer of assurance while preserving UX.
What makes it different? Flexibility.
Instead of throwing heavy checks at every user, the Waterfall adjusts based on risk, making it seamless for most, rigorous when needed. It’s adaptive compliance, not one-size-fits-all enforcement.
Roger described it as a system where “not every user gets the same flow — only the ones who trigger risk do.” This means seamless access for the vast majority of legitimate users, with deeper scrutiny applied only to edge cases or manipulative behavior.
Trust: The New Currency
Roger brought forward some sobering stats: only 30% of UK citizens trust their government, and over 90% of Europeans worry about how financial services use their data. Add to that the high rate of application drop-offs due to clunky ID verification, and the picture is clear: trust is fragile, and friction kills business.
For Stephen, the path forward is simple: “Technology creates problems, but it can also solve them.” For Ivan, awareness and education matter most: responsible gambling and responsible verification should be framed not as regulation, but as protecting families and communities.
One audience comment summed it up perfectly: “Age assurance must be built on transparency and user-first design. These are the foundations of trust.”
Where We’re Headed
Looking ahead, Ivan predicts more regulation, sometimes excessive, and with it, the growth of offshore markets. Stephen, on the other hand, sees opportunity: the U.S. setting smarter, common-sense standards that other regions might eventually adopt.
Both agreed that dialogue between regulators, operators, and technology providers is essential. Only then can we strike the balance between compliance and conversion, safety and convenience, innovation and trust.
This session made one truth undeniable: the future of age assurance is not just about checking boxes, it’s about building trust, reducing friction, and adapting globally without losing sight of local realities. Technology is ready. The question is, are regulators and businesses ready to collaborate?
Keep the Conversation Going
If this conversation sparked your curiosity, you’ll want to join our upcoming AVPA webinar, where we’ll continue the dialogue on how identity verification is evolving, with an even deeper dive into practical solutions and industry collaboration.
