The European Commission has released an updated version of its age verification app blueprint, expanding technical capabilities and strengthening privacy standards as European Union member states continue to debate new restrictions on children’s access to social media.

The revised document, published October 10, introduces support for passports and national identity cards in addition to existing electronic IDs (eIDs) as onboarding methods for users seeking to generate proof of age. The update also incorporates the Digital Credentials API, designed to simplify interactions between users, service providers, and credential issuers across operating systems and browsers.

According to the Commission, the blueprint supports the enforcement of the Digital Services Act (DSA), which requires platforms to implement measures that protect minors online. The system is intended to allow users to verify they are over 18 without disclosing personal information such as name, address, or birthdate, a privacy-preserving alternative to traditional ID uploads.

“This new version allows for the use of passports and identity cards as onboarding methods, in addition to eIDs, in order to generate a proof of age,” the Commission said in its statement. “Furthermore, it introduces support for a more user-friendly proof presentation method, the Digital Credentials API.”

The blueprint was developed by the T-Scy consortium, led by Scytales AB (Sweden) and T-Systems International GmbH (Germany), and is already undergoing testing across several EU member states, including Denmark, France, Greece, Italy, and Spain. These countries plan to release their national versions of the app in the coming months.

By the end of the year, the Commission expects the framework to integrate zero-knowledge proof (ZKP) technology, allowing for age verification without disclosing any underlying personal data — a move hailed by privacy advocates as a major step forward for digital safety compliance under the DSA.

Despite the progress, EU countries remain divided over how far new digital protections for minors should go.

The Jutland Declaration, a ministerial agreement drafted under Denmark’s current EU Council presidency, calls for the introduction of privacy-respecting age verification across online services and social media to reduce children’s exposure to harmful or manipulative content. The declaration also invites discussion on establishing a “digital legal age” across the bloc.

While 25 member states have signed on, Estonia and Belgium declined.

Estonia’s Justice Minister Liisa-Ly Pakosta told Politico that her country favors enforcing existing data protection rules, such as the GDPR’s ban on processing personal data from children under 13, rather than creating new digital age thresholds.

Belgium’s Flemish Media Minister Cieltje Van Achter described the proposed measures as “disproportionate,” warning that minors should not be required to use identification apps like Itsme merely to access platforms such as YouTube or Instagram.

Other countries, including the Netherlands, have expressed reservations despite signing the declaration.

Denmark’s Digital Minister Carolin Stage Olsen said her government will continue pushing for EU-wide standards to prevent fragmented national rules. However, she emphasized that the EU should leave room for member states to determine their own digital age limits.

“If we make European regulation, we should also give some room for national differences,” Stage Olsen said. “It would be wisest if we don’t have one set majority age.”

Denmark recently followed Australia’s example by announcing a ban on social media access for children under 15, further highlighting the growing momentum behind stricter youth protection measures.

As the updated EU age verification blueprint gains traction, the debate now centers on how and how quickly European governments should balance privacy, national autonomy, and child safety in the digital age.