Business July 28, 2023

Asking the FTC to approve facial age estimation for verifiable parental consent

profile picture Yoti 3 min read
Father and son using devices together

Together with the Privacy Certified program of the Entertainment Software Rating Board (ESRB) and Kids Web Services Ltd, a wholly owned Epic Games subsidiary, we are asking the Federal Trade Commission (FTC) for approval to implement facial age estimation as an authorised method for verifiable parental consent (VPC). The Children’s Online Privacy Protection Act (COPPA) requires companies to ensure they are not collecting personal data from children under the age of 13 without a parent’s consent. Currently, the COPPA Rule enumerates seven, non-exhaustive methods that enable parents to verify their consent. These include verification by government ID, credit card transaction, and a method that involves facial recognition, which is different from what we propose in our application.

We’d like the FTC to authorise facial age estimation as another VPC method to give parents and operators more choice in how parents can prove their age and grant consent. We are not seeking approval to implement this technology to check if children are old enough to purchase, download, and/or play a video game. Children are not involved in the age estimation process at all, which is designed to confirm that parents are adults, as required under COPPA.

We’d like to explain how the FTC application seeks to implement the technology in a way that is consistent with COPPA’s requirements for data minimisation, confidentiality and security.

  • Facial age estimation provides an accurate, reliable, accessible, fast, simple and privacy-preserving method to ensure that the person providing consent is an adult.
  • Facial age estimation is not facial recognition; it estimates a parent’s age without identifying them. It does so by converting the pixels of a facial image into numbers and comparing the pattern of numbers to patterns associated with known ages.
  • Facial age estimation does not create a database of faces. It doesn’t learn the user’s name, identity or anything about them. It does not scan their face against a database.
  • The technology is inclusive; it requires no collection of identity or payment card information.
  • It is accurate and does not show material bias among people of different skin tones. We have done extensive testing based on millions of facial scans and publish the accuracy levels transparently.
  • In our proposed application, facial age estimation is always presented as an option to parents alongside other approved methods of verification, providing the parent with a choice of methods.

If you have any questions about our FTC application, please get in touch.

Keep reading

One phone scanning the qr code on the screen of another
Articles February 26, 2026

Digital ID for proof of age is coming. Here’s how to check it properly.

Millions of people are already using digital IDs to prove their age and identity, share their verified details with others or take more control over their personal data, all without needing a physical document.  Soon, they’ll also be able to use them as proof of age when buying alcohol in licensed premises in the UK (once the mandatory licensing conditions are updated). This includes pubs, bars, restaurants, nightclubs and supermarkets. That’s a big shift in how age-restricted sales work and it’s why having a fast, reliable and low-friction way to check IDs matters for your business.    How businesses

#digital id #business
Amba Karsondas Amba Karsondas
8 min read
person using phone
Articles February 26, 2026

Updates to the UK MLRs have just changed the game for digital identity

For years, the UK has talked about digital identity as the key to faster onboarding, reduced fraud, better customer experiences, and stronger compliance. And yet, in much of regulated industry, the day-to-day reality has barely shifted. Why? Because compliance culture doesn’t move on optimism. It moves on defensible certainty. Until now, most compliance officers have been understandably risk-averse. Not because they dislike digital identity, but because they know what happens when a control fails: remediation programmes, supervisory challenge, awkward audit findings and reputational consequences.  Even when the Joint Money Laundering Steering Group (JMLSG) referenced digital identity in June 2020,

#digital id #business
Julie Dawson Julie Dawson
8 min read
An image showing that Yoti is certified as an Identity Service Provider (IDSP), Attribute Service Provider (ASP), Orchestration Service Provider (OSP) and Holding Service Provider (HSP).
Articles February 23, 2026

More ways to use and accept Digital IDs in the UK

We’ve hit an important milestone in our journey to make our trusted and accessible digital IDs easier to use in the UK.  Yoti has achieved Gamma (v0.4) certification under the UK Digital Identity and Attributes Trust Framework (UKDIATF). In practice, that means we’re now certified across four key roles: Identity Service Provider (IDSP) Attribute Service Provider (ASP) Holding Service Provider (HSP) Orchestration Service Provider (OSP) It confirms that Yoti meets the UK Government’s highest standards for secure, trusted digital identity services. It also means that we’re ready to support everyday use cases, like accessing age-restricted services and buying alcohol,

#digital id #business
Yoti Yoti
6 min read