Information society services involved in the dissemination and/or publication in Italy of pornographic imagesand videos via websites and video-sharing platform providers subject to age verification
Technical and procedural arrangements for ascertaining the age of majority of users pursuant to Article 13aof Decree-Law No 123 of 5 September 2023, converted with amendments into Law No 159 of 13 November2023
Decree-Law No 123/2023 provides that website operators and video-sharing platform providers whodisseminate pornographic images and videos in Italy are required to verify the age of majority of users, in orderto prevent access to pornographic content by minors under the age of eighteen, and that the CommunicationsRegulatory Authority establishes, with its own measure and after consulting the Data Protection Commissioner,the technical and procedural arrangements that the aforementioned entities are required to adopt to ascertainthe age of majority of users, ensuring a level of
security appropriate to the risk and compliance with the minimization of personal data collected for thepurpose.
With the measure, the Authority has adopted a technologically neutral approach, which leaves the subjectslegally required to carry out age verification processes a reasonable level of freedom of assessment andchoice, while establishing the principles and requirements that must be met by the systems introduced (AnnexA, Article 2).
The proposed system provides for the intervention of certified independent third parties for the provision ofproof of age, through an age verification process that involves two logically separate steps: identification andauthentication of the identified person, for each session of use of the regulated service.
The draft regulation defines the process to be implemented by the regulated entities and provides for theprovision of ‘proof of age’ (e.g. by means of an app and/or a web-based service) by an independent third party(Annex A, Article 2(2)).
The Authority’s specifications provide for an age verification system using the ‘double anonymity’ model, whereproviders of proof of age must not be allowed to know for which service the age verification is being performed,that two proofs of age come from the same source of proof of age, or that a user has already used theverification system.