It's an interesting litmus test because regulators would not accept ZK age proofs unless the stated purpose of age verification laws (reduce harm to minors) is the _actual_ purpose of those laws.

Not some different unstated goal, such as ending online anonymity.

That is exactly what EU is doing with its age verification law. Basically the service provider just has to accept the certificate and check that it is valid and all the cert says is "is over X years old".

https://ageverification.dev/

And the fact that the companies have to implement the system themselves is just crazy. It is very obvious that if the government require such a check it has to provide the proof/way of checking just like in the physical world it provides the id card/passport/etc used for checking this.

> just like in the physical world it provides the id card/passport/etc used for checking this.

In Sweden it wasn't the government that provided id cards, but the post office and banks. It became the government's job sometime after Sweden joined the EU, after the introduction of the common EUID standard.

And even then online identification is handled by a private company owned by banks: https://en.wikipedia.org/wiki/BankID_(Sweden)

Yeah we have something similar here in Finland with banks doing most of the (strong) identification.

This also makes things difficult for immigrants for the first month or two in the country as a lot of services (like making a phone or internet contract) require this identification to use but it is also a bit of a hassle to get a bank account (but getting a new bank account in a different bank once you have a bank account to do the strong verification takes like 2 minutes)

There is a government system but most don't use it but I expect once the eu digital identity wallet thing rolls around a lot of ppl will switch (or be required to?) to that

https://commission.europa.eu/strategy-and-policy/priorities-...

But very importantly this government, bank id, the identification part of the eu id wallet or really any identification system should not be used for age verification as it actually identifies the user not just give a proof that the user is over X years old.

These systems likely could be extended to just provide age information. If there truly was a wish for it. The suomi.fi systems can be configured. To pass or not pass address for example. So I see no need to pass personal identity number.

Yes and the "backend" (what provides the certificate to the app) for the age verification app for Finland will most likely be suomi.fi (or some dvv.fi thing directly) systems.

But we can't realistically expect every service that needs age check to work with 27 (eu countries) different systems but instead we need to unify it into a single api contract which is what this age verification app basically does.

We have BankID in Norway, run by DNB (I think). A single service that uses my personnummer (like a social security number but actually unique) as my user name and logs me in to almost all government services, banks, insurance companies, etc.

And unfortunately it's also used in some places outside the ones you're mentioning, e.g. private persons renting out their camper (I've seen this). Which opens the doors to fraud, as has happened too many times (the fraudsters make it look like a normal bank-id lookup, gets you to do it twice, and then they have enough to open your bank account and withdraw money. If they can get you do to it three times they also have enough to remove the limit on withdrawal, and empty your account).

The system is highly convenient and pretty safe, but it does still need vigilance from the user. Which is tricky, re all those phishing attempts and click-scams which people fall for again and again and again.

> And the fact that the companies have to implement the system themselves is just crazy.

Isn’t this how most industry regulations work? It’s not like the government provides designs to car companies to reduce emissions or improve crash safety.

Government does issue passports for identiftying their citizens when traveling. It is the one who made/enforces the law that requires that so it is the one who has to provide the means to do that.

Or are you suggesting that anyone should be able to make their own passport?

Or a bit closer example. If there was no official id cards/passports/etc (there currently is no official way of proving your age online) and the government made a law that mandates that one has to be over X to buy alcohol. Who’s job is it to provide the means to prove that you are over X?

For the car a proper analogy would be the goverment requiring drivers license. Who provides the drivers license? Should every manufacturer provide its own?