Our age assurance solutions are approved by German regulators KJM and FSM to protect young people online
We’re excited to announce that The Commission for the Protection of Minors in the Media (KJM) has approved our facial age estimation tool (formerly known as Yoti Age Scan) to be used in the German market to protect young people online. You can read the KJM press release here. This follows our approval from the German Association for Voluntary Self-Regulation of Digital Media service providers (FSM) in 2020, which allowed German people to use digital age estimation and age verification technology for the first time ever to access digital adult content. You can read the FSM seal text here. Positive approval by KJM for our age estimation technology It’s the first time KJM has approved an age assessment tool built using machine learning, heralding it as “an important sign for the future”. Using our age estimation technology, businesses can give customers secure access to age-restricted content without sharing personally identifiable information or an ID document. Dr. Marc Jan Eumann, chairman KJM: “Artificial intelligence is finding its way into almost all areas of our life. There is still great untapped potential here to protect children and young people online. “Yoti Facial Age Estimation” is the first AI age assessment approach that we have approved. We welcome that this tech can be used to protect children and young people.” Under the regulation, businesses must set an age range threshold with a five year buffer. This means that for services which require you to be 18 or over, our technology must recognise a user to be at least 23 years old. Regulatory approval from the FSM for adult content Our facial age estimation tool and Digital ID app have already been approved by the FSM as solutions for proving age on adult content sites in Germany. Citizens accessing adult content will be directed to a page where they can either scan a QR code with their Yoti app to privately share their age attribute, or give access to the camera on their device which will anonymously estimate their age in seconds. The age threshold will be set by the German regulator and will be reviewed periodically. More information on our solution for secure age assurance can be found here. We’ve had brilliant feedback from the FSM’s Martin Drechsler, who believes “the innovative mechanism that Yoti has developed opens up new paths for modern and effective protection of minors in Germany. The approach can also give positive impulses to content providers and open up new ways of cooperation – which we as FSM are happy to support”. In the words of our CEO Robin Tombs, “We have been extremely impressed by the rigorous, scientific review of the FSM and the expert team who have audited our age assurance offerings over the last months. We are delighted to be awarded the Seal of Approval from the FSM to offer our age estimation and age verification solutions for youth media protection in the German market place.” Yoti is delighted to be working with the FSM (The German Association for Voluntary Self-Regulation of Digital Media service providers (FSM e.V.) dedicates itself primarily to youth protection and combatting …). Within the German system of regulated self-regulation introduced by the Youth Media Protection State Treaty (JMStV) in 2003, the FSM is a recognised self -regulatory body for the area of telemedia in Germany. We’re keen to help other regulated markets where age assurance is needed. We look forward to serving adult content providers, wider organisations and consumers in the German market, keeping young people safe and preserving their privacy. In years to come, age estimation AI and digital ID age verification will become globally the most popular, private and trusted way of checking age. Age verification Age verification is a legal requirement for many businesses to ensure they are not selling age-restricted goods or services to minors. In face-to-face transactions, this often involves checking a passport or driving license. Online, it is much harder to carry out robust age checks in a way that doesn’t compromise privacy. Common methods range from asking users to tick a box, enter their date of birth or make a payment with a credit card. The need for robust, privacy-preserving age verification methods in the online space is no more clearly highlighted than in the recent calls to protect young people from accessing adult content sites. As world leaders of identity verification technology, Yoti has developed anonymous age estimation technology that enables people to be age checked without an ID document, and age verification technology through our Digital ID app. Age estimation technology – how it works Our facial age estimation technology allows anyone to be age checked by just looking into a camera on a device. Facial analysis technology creates a biometric template of the face, which it compares to thousands of previous photos it has studied through machine learning and gives an estimated age. We’ve built the solution to be anonymous. Users are not individually identifiable as there is no way to link an image to a person or an identity. We have developed our technology as ethically as possible and communicate openly about how we use biometric technology. We have also shared our approach to age estimation in roundtable sessions with civil bodies and have undertaken an Algorithm Impact Assessment with IEEE Expert Dr Alison Gardner, Keele University. Accuracy The age threshold can be configured by a business in the same way that a “Challenge 30” rule may be operated in a supermarket. The technology has been proven to be much more accurate than humans, estimating 13-19 year olds within circa 1.55 years of accuracy. For more accuracy rates, head to our regularly-updated white paper. Age verification with Yoti Digital ID Those who look under the age threshold will be asked to prove their age with the Yoti app, which enables citizens to create a verified Digital ID with a government-issued ID document and a biometric selfie video. The onboarding process takes up to five minutes and involves a series of checks that Yoti carries out with leading technology and expert security personnel to ensure the document is valid and belongs to the person uploading it. Once verified, users have a reusable digital ID that they can use to verify themselves with businesses and individuals. Thanks to a data minimisation approach, users can share just a verified age, such as “Over 18”, rather than their entire date of birth or ID document. This age token is shared with a site and is valid for up to two weeks. Both parties have an audit trail of exactly what data has been shared and the relying party will have access to anonymised metadata such as “18+ from driving license”. If you’re interested in our age solutions, please get in touch.
Last month, Yoti Guardian Gavin Starks chaired our third stakeholder roundtable on the next proposed stage of the development of our age estimation technology. We brought together fifty five guests from seven countries, including representatives from 5rights, Apps for Good, Be In Touch South Africa, Breck Foundation, Caribou Digital, CyberSafeIreland, Digital Policy Alliance, FSM Germany – Freiwillige Selbstkontrolle Multimedia-Diensteanbieter, GoBubble, IEEE, Interactive Software Federation of Europe, International Committee of the Red Cross, Internet Commission, Internet Watch Foundation, Irish Data Protection Commission, Keele University, KJM German Federal Agency for the Protection of Minors, London School of Economics, Marie Collins Foundation, Media Monitoring Africa, NSPCC, Obidos Consulting, OFCOM, PA Consulting, Parent Zone, Point de Contact France, Public.io, Sprite+, techUK, Thai Government, The Football Association, UK Government Cabinet Office, UK Government Department of Digital, Culture, Media & Sport, UK Information Commissioner’s Office, UKCCIS, UNESCO, War Child, WePROTECT. Roundtables on our age estimation technology We ran our first roundtable ahead of launching age estimation two years ago. The second roundtable introduced the concept of extending our age estimation to a younger demographic. That is now a reality with our age estimation accurate to within approximately ±1.5 years for the 13-25 age group, as you can read in our latest age estimation white paper. During the third roundtable we recapped the journey to date and outlined the current work on age estimation and in particular the two campaigns from our ICO Sandbox work that we launched on Safer Internet Day, 9th Feb, 2021. Safer Internet Day 2021 We’re currently working in the ICO Sandbox with partners including GoBubble child-content moderation SaaS (GoBubbleWrap) and British Esports to extend the range to be able to estimate ages under 13. As part of this work, we have launched two campaigns: 1. Education campaign and video competition Based on the Unicef policy guidance on AI for children, this competition seeks to help young people understand: How age estimation is built, including training, tagging, testing. The ethical considerations, including dataset consent, diversity, transparency, no recognition just analysing an image – when it estimates age) Where the technology can help keep young people safe. Education materials we have developed include: Education Videos explaining AI age estimation under the hood Interactive Game – pit yourself against the computer Video to show what anti-spoofing means Interactive demo – to try it out – have your age estimated Videos of age estimation in use 2. #Share2Protect In parallel via the #share2 protect campaign, we’re offering an opt-in way for parents and young people to support the development of the age estimation by sharing a photo to build a consented data set. The extended AI age estimation approach will support content platforms to meet regulatory requirements, such as the Age Appropriate Design Code, to protect children from unwanted intrusions, inappropriate content and minimise the risk of grooming. We give the final word to those who are supporting this vitally important work. Supported by Our campaign is supported by many key figures in the child online protection space. Lorin LaFave, Founder Breck Foundation: “Keeping children safer online is a collective priority for all of us, from the developing tech solutions to the education of children, parents and schools. By parents safely sharing their children’s photos today for Yoti to create better age verification techniques, children will have a safer and healthier online future.” Tink Palmer, MBE CEO Marie Collins Foundation: “The Marie Collins Foundation fully endorses the #share2protect campaign. We work with the victims of online abuse and know the harm caused to children and young people. This initiative by Yoti needs to receive the full support of parents wherever they live in the world.” John Carr, Online Safety Expert: “We need tech solutions which enable people of all ages to be able to prove their age safely, not just people with ID documents. This work through the ICO Sandbox could support many platforms to meet their obligations.” If you’d like to support the consented development of age estimation, please head to the support age estimation website for more information or get in touch to hear more.
Ahead of the Age Appropriate Design Code, many companies are looking at how to provide age-appropriate services, messaging, content and, crucially for parents, how to deter grooming. We are working in the ICO Sandbox with partners including child-content moderation SaaS GoBubble (GoBubbleWrap), to further develop our privacy-preserving age estimation technology so that it can accurately estimate the age of children under 13. This vital ICO Sandbox partnership will offer child-centric content moderation with global scalability on a Software as a Service (SaaS) basis. This will include privacy information and accessible parental consent mechanisms, including the option to use age estimation for parental consent. ‘Share to protect’ with Yoti’s privacy preserving age estimation Our age estimation technology can currently estimate the age of 13-25 year olds within 1.5 years of accuracy. But obtaining verified training data for under 13s is hard due to legal barriers, making it tricky to ensure solutions work for children. The ICO is working with Yoti to tackle this challenge and with your help, we can expand our technology to provide leading accuracy and protect 7-12 year olds. Parents can opt in to support the development of our age estimation by sharing a photo of their child to build a consented data set. We’re doing this to support content platforms in meeting regulatory requirements and protect children from unwanted intrusions, inappropriate content and minimise the risk of grooming. More about the tech Yoti age estimation was built to give everyone a secure and private way of proving their age, without revealing any other personal information. All a person needs to do is look into the camera, have their face scanned and their age will be estimated in seconds. The technology is based on a technique known as a neural network, which Yoti has trained to estimate ages using machine-learning AI. We input verified data, including an individual’s photo, month and year of birth, and the system keeps on learning and improving. Is this facial recognition? No, it does not match faces. The technology simply estimates an age from a face without personal details. There’s no image or data held after the check. Helping parents and children understand AI We know that AI technology can be hard to understand, which is why we’re launching our Education Campaign and video competition. Based on the Unicef policy guidance on AI for children, we hope our competition will teach young people about: How age estimation is built, including training, tagging, testing. The ethical considerations, including dataset consent, diversity, transparency and facial recognition versus just analysing an image. Where the technology can help keep young people safe. Lorin LaFave, Founder of the Breck Foundation, strives to educate the digital generation to keep safe online as they play virtual or in real life: “Keeping children safer online is a collective priority for all of us, from the developing tech solutions to the education of children, parents and schools. By parents safely sharing their children’s photos to create better age verification techniques, children will have a safer and healthier online future.” Tink Palmer, MBE CEO Marie Collins Foundation: “The Marie Collins Foundation fully endorses the Share to protect campaign. We work with the victims of online abuse and know the damage caused to children. This initiative by Yoti needs to receive the full support of parents wherever they may live in the world.” John Carr, Online Safety Expert, Secretary of the UK Children’s Charities’ Coalition on Internet Safety and member of the Executive Board of the UK Council for Child Internet Safety: “We need tech solutions which enable people of all ages to be able to prove their age safely, not just people with ID documents. This work through the ICO Sandbox could support many platforms to meet their obligations.” Julie Dawson, Director of Regulatory & Policy at Yoti: “People share photos of their children all the time; we’d encourage them to share a photo to help protect children online. We are delighted to be working with edtech and child safety organisations to provide education materials and we hope to inspire parents to share a photo to improve age estimation for the under 13 age group.”
As governments across the globe look to ease the restrictive measures placed on individuals during the COVID-19 pandemic, the need for a secure way to share personal health information has become clear. Individuals that present reasonable evidence that they pose a low risk of transmitting the COVID-19 (either they have recovered or have a recent test indicating they’re not currently infected), need a secure and trustworthy way of proving this information in order to return to work, board a flight or return to some specific, limited access venues and activities. We believe that abiding by a Code of Practice is the right approach to ensure that personal health information is shared in a secure, privacy-preserving way, and can be trusted as an accurate representation of an individual’s health status. Code of Practice As such, we have drafted a proposed Code of Practice, which serves as an initial framework for the secure sharing of health data for a range of purposes, including creating a Health Test Credential. The key organisations covered by these standards are those that: test and issue test results or certificates; provide the Health Test Credential; and require information on an individual’s health status. The pillars of the Code are; Trusted identity verification of individuals Trusted and transparent health testing of individuals by authorities Trusted storage of credentials or Health Data Trusted presentation and transfer of Health Test Credentials Privacy requirements Yoti’s COVID-19 Pledge Yoti is uniquely positioned to issue digital credentials to the public at scale through the free Yoti app. We are currently working with the NHS to remotely issue digital staff ID cards and have the system architecture in place to issue third-party credentials from a verified authority. The Yoti app has always been free for individuals and we are also offering as part of our COVID-19 pledge issuing COVID-19 test results to the Yoti app is free for both individuals and verified testing organisations (such as health laboratories, clinics and pharmacists) receiving COVID-19 test results is free for organisations; our API integrations are free for organisations. The Yoti app is currently in English, French and Spanish, and with more languages being added as we grow. Yoti can support the granularity of the specific test results, whether that is detection viral RNA, antigens or antibodies using a swab or blood test, the credential issuer, and the duration of the test result stored securely in the individual’s secure digital wallet. Call for collaboration Given the global nature of the coronavirus pandemic, it is clear that any framework governing the secure share of personal health information must be developed collaboratively. We have drafted what we believe to be the fundamental pillars to ensure that health data is handled securely, for the intended and declared purposes, and is valid, trustworthy and an accurate representation of an individual’s health status. We have shared this draft Code with experts and we welcome more feedback from health organisations and civil society bodies. You can read the full version of the Code of Practice here.
At the end of 2019, the GPG (Good Practice Guide) 45 was updated by the GDS (UK Government Digital Services). The guidance on how to check and verify someone’s identity now reflects new methods, such as reading the biochip in ID documents, such as an e-passport. The GPG 45 is also technology neutral as it is out-comes focused, rather than process-focused. As a digital identity provider, we help organisations meet low and medium levels of assurance when checking identity, and we can also support organisations that need to meet a high level. We’re looking forward to the imminent publication of the new GPG 44 standard. We have seen a draft and we think it’s an excellent guide for the authentication of users. How does the GPG 45 work? The revised GPG 45 is a very useful practice guide in terms of enabling identity providers to check identity. An identity is a combination of characteristics that identifies a person. A single characteristic is not usually enough to tell one person apart from another, but a combination of characteristics might be. The GPG 45 guidance can help you check the identity of a customer, employee, or someone acting on behalf of a business. By successfully checking someone’s identity, you can be confident that you’ll give the right people access to the right things. The number of synthetic (or made up) and stolen identities being used to commit identity fraud in the UK is growing every year. Some of the most common reasons people or criminal groups commit identity fraud are to access services or benefits they’re not entitled to, steal personal, medical or financial information from other identities, enable organised crime or avoid being detected by the police and other authorities. Checking identities in a consistent way will reduce the chance that one person or service does less effective identity checks than others. This helps protect against identity fraud. It also means that there will be fewer people or services with less effective identity checks that could be targeted by identity fraud. How to check someone’s identity We need to know the ‘claimed identity’ of the person we’re checking. This is a combination of information (such as someone’s name, date of birth and address) that represents the characteristics of whoever a person is claiming to be. When we have this, we can find out if the person is who they say they are. The ‘identity checking’ process under GPG45 is made up of 5 parts: get evidence of the claimed identity; check the evidence is genuine or valid; check the claimed identity has existed over time; check if the claimed identity is at high risk of identity fraud; check that the identity belongs to the person who’s claiming it. Building an identity profile Doing different parts of the identity checking process helps us build up confidence in an identity so we can be sure someone is who they say they are. There’s a score for each part of the identity checking process. How much confidence we have in an identity depends on how many pieces of evidence we can collect, which parts of the identity checking process we do and the scores for each part of the identity checking process. The different combinations of scores are known as ‘identity profiles’. Each identity profile relates to one of the following levels of confidence – low, medium, high or very high. We aim to get a higher level of confidence in someone’s identity if your service is at high risk of identity-related crime. Our confidence in a person’s identity can increase over time if we do extra checks or collect more evidence. Which profile to choose? At Yoti, we focus primarily on low and medium confidence levels, as these are the profiles that most organisations ask for. However, we’re also happy to support organisations looking for high confidence. 1) Low confidence in the person’s identity Compared to not doing any identity checks, having low confidence in the person’s identity will lower the risk of you accepting either synthetic identities or impostors who are not close friends or family of the identity they’re pretending to be. By meeting this identity profile, we know each piece of evidence appears to be genuine, are confident that the claimed identity exists in the real world, have made sure your service has reduced the risks of any known identity fraud associated with the claimed identity and have checked the person going through the identity checking process matches the photo or biometric information that’s shown on the evidence. 2) Medium confidence in the person’s identity Compared to low confidence, having medium confidence in the person’s identity will lower the risk of accepting synthetic identities or accepting impostors who are not close friends or family of the identity they’re pretending to be or who do not look like the identity they’re pretending to be. By meeting this identity profile, we know that very strong evidence of the claimed identity exists, know the evidence is genuine and valid, have checked the claimed identity exists in the real world, have made sure we have reduced the risks of any known identity fraud associated with the claimed identity, be confident the person going through the identity checking process matches either the photo or biometric information that’s shown on the evidence. The revised GPG 45 will accompany a new UK government-backed digital identity trust framework to be issued soon. Once published, we will engage a qualified auditor to assess our compliance.
We’re on a mission to become the world’s trusted identity platform and protect society from the growing threat of fraud. While building trust means ensuring our technology is robust and secure, it’s also about doing the right thing as a team of individuals and company. Yoti’s ethical framework and principles shape every area of Yoti, from our development practices right through to our approach to taxes, which is why we’re proud to be an accredited Fair Tax Mark business after passing our annual review. The Fair Tax Mark is an independent certification scheme, which recognises organisations that demonstrate they are paying the right amount of corporation tax in the right place, at the right time; have a transparent tax policy at the heart of their business; and are committed to following both the spirit and the letter of the law. Paul Monaghan, Chief Executive, Fair Tax Mark said: “Yoti is taking corporate responsibility around tax transparency seriously and has made a commitment to not use tax havens or shift profits for tax avoidance purposes, instead committing to paying the tax it owes at the right time, and in the right place.” Robin Tombs, CEO, Yoti said: “We believe paying corporate taxes is an important contribution to wider society rather than simply a cost to be minimised. Whilst many businesses pay the ‘right’ taxes, there is a concern, often fuelled by some high profile companies paying low corporate taxes, that businesses are not a force for good in society. At Yoti we have a set of principles and independent Guardians to help us to operate in the right way. This includes being honest and accountable, seeking to do the right thing and being transparent in what we are doing and why. He continued “We believe the Fair Tax Mark helps show anyone using Yoti, working for the team or doing business with us, that we are committed to transparent and fair tax practices, including paying the right amount of tax, at the right time and in the right place.” In becoming a Fair Tax Mark business, Yoti joins other accredited organisations including Lush, Timpson Group, SSE and the Co-operative Group. Paul Monaghan continues: “It is estimated that €600bn of corporate profits are shifted annually to tax havens, with corporate tax revenue losses globally of €200bn per year – which equates to approximately £7bn of missing revenues in the UK. “Paying the right amount of tax is about fairness and ensuring a level playing field for business.” You can read our fair tax commitment here.