Data & AI

Age assurance AI: Why compliance starts with the right training data


Steve Nemzer
Steve Nemzer

Director of AI Growth and Innovation

Age assurance AI: Why compliance starts with the right training data

Key takeaways

  • Age verification AI doesn't fail because of model architecture, it fails because the training data behind it doesn't reflect the actual conditions the model encounters in production.
  • Three failure modes account for most age assurance underperformance: demographic gaps that leave underrepresented groups misclassified, spoofing vulnerabilities that physical and AI-generated attacks exploit, and model drift as user behavior evolves faster than the training data is updated.
  • Production-grade age assurance training data requires four things working in concert: diverse consented demographic collection, calibrated annotation, controlled synthetic augmentation and continuous stratified evaluation including red teaming. A gap in any one of them compounds downstream.
  • Synthetic data can fill demographic gaps that real-world collection struggles to cover, but substituting it for consented collection produces models that pass benchmarks and fail against real users. This is the algorithmic mirage.
  • Ofcom's four criteria for highly effective age assurance (HEAA), technical accuracy, robustness, reliability and fairness, are each properties of the training data pipeline, not the model design. Building a compliant system starts there.

Regulators across the U.K., EU, Australia and more than 25 U.S. states now require platforms that host adult content, gambling, alcohol sales or material involving minors to leverage age assurance that meets an increasingly specific legal bar. What counts as sufficient, which platforms are in scope and what penalties apply differs significantly by market.

Until recently, those requirements applied primarily to platforms where age-restricted content was the core product. Australia's ban on social media access for users under 16, alongside similar legislation advancing across the U.S., Europe and Canada, has brought social media platforms under a far more rigorous age assurance standard than they had previously faced.

In March 2026, Ofcom and the Information Commissioner's Office (ICO) issued a joint statement confirming that self-declaration alone does not meet the age assurance bar under the Online Safety Act, and that platforms must actively address circumvention risks that would compromise the accuracy and robustness of their methods. For U.K. platforms specifically, compliance is now a dual obligation across online safety and data protection law.

Many platforms evaluating compliance at scale are turning to AI. AI-powered age verification methods like facial age estimation and behavioral inference offer a way to assess age across millions of users quickly, without creating the kind of friction that drives users to abandon sign-up flows. A liveness check takes seconds and a decision comes back without a human reviewer.

The challenge is that these systems are only as accurate as the data they were trained on. Open-source training datasets rarely account for the conditions that make age assurance difficult: edge cases, underrepresented demographics and users actively working to defeat the system.

Age assurance methods: a quick overview

Platforms use a range of methods to verify user age. Two AI-driven approaches are worth reviewing in the context of training data:

  • Facial age estimation analyzes a short selfie video to estimate a user's age range using computer vision. It's the lowest-friction option (no documents required) which makes it the preferred first step for social media and gaming platforms.
  • Behavioral age inference monitors how a user interacts with a platform over time (typing patterns, content engagement, session timing) and infers probable age from those signals. It's less intrusive than biometric age verification methods but slower and easier to game.

For a full breakdown of each method, their limitations and how they map to regulatory requirements, see our age verification compliance guide.

Where age verification AI data can fall short

There are three core areas where conventional training pipelines can fall short for age assurance models.

1. Demographic gap and distributional skew

Facial datasets that are publicly available tend to skew toward adults captured under controlled conditions such as studio lighting, high-resolution hardware and frontal angles. The 13 to 25 age band, where the risk of misclassification is highest and the regulatory stakes are most consequential, is consistently underrepresented, and phenotypic bias across skin tones, hair types and facial structure widens the gap further. The edge cases that determine whether a system works in production, like teenagers who look older or young adults who look younger, are the cases most likely to be absent.

Publicly available datasets also tend to capture individuals at a single point in time. For the 13 to 25 age band, that creates a temporal gap as significant as the demographic one. A model trained on one snapshot of a 15-year-old has no reference for how that same individual will look at 16, 17 or 18. A wide cross-section of different individuals at different ages is necessary but not sufficient. Training data that captures the same individuals across a multi-year span gives a model something cross-sectional datasets cannot: the actual trajectory of how a face ages through the bands where misclassification risk is highest.

Real-world conditions compound the problem. Users submit two-second selfies from smartphone cameras whose sensor characteristics, compression artifacts and image quality vary significantly across device generations. For example, a mid-range 2018 Android captures differently than a new, high-end version, and a model trained on generic low-resolution images won’t perform reliably on inputs from either. Building training data that accounts for this means developing degradation profiles tied to specific device generations and hardware cohorts, not simply adding generic noise or blur to simulate poor image quality.

Images also arrive at oblique angles with occlusions like glasses, masks, facial hair, heavy makeup and jewelry. The effect those occlusions have on estimation accuracy is not uniform across skin tones, age bands and lighting conditions, which means a dataset needs images of those accessories across all of those combinations, not just a few examples of someone wearing glasses.

A model trained on clean studio assets fails on these inputs in production since the model has never encountered them.

According to results from the National Institute of Standards and Technology’s (NIST) age estimation software evaluation, algorithm accuracy varies significantly by image quality, gender and region of birth, and an algorithm performing well on one demographic group can perform poorly on another. The systems that perform best tend to be the ones trained on more representative data.

2. Vulnerability to image spoofing

Underage users regularly attempt to bypass liveness checks using printed photographs, facial cutout masks and video playback on secondary screens. A model that hasn't been trained on these spoofing attempts cannot reliably distinguish a biological face from a two-dimensional rendering.

Physical spoofing is one attack surface. Generative AI has created a second. Consumer image tools can now produce faces that appear older than the user's actual age, submitted digitally with no hardware or physical prop required. Unlike physical spoofing attempts, synthetic artifacts follow systematic patterns: skin texture that is unnaturally smooth, a narrow range of pose angles and subtle regularities in how the image is encoded. A liveness model that has not been trained to recognise those specific signatures will not detect this class of threat.

Building the capability to detect spoofing requires matched datasets with real faces and their corresponding equivalents captured under the same environmental conditions, covering both physical and synthetic spoofing methods. Pairing synthetic augmentation data with matched real captures, and periodically re-validating against new attack variants as they emerge, keeps anti-spoofing coverage current as the threat evolves.

3. Model drift and generalization failure

Training data is a snapshot. It reflects user behavior at the moment of collection and starts losing accuracy the moment behavior shifts. And in age verification, that shift is often deliberate. Minors actively share workarounds with each other, treating age gates as a puzzle to solve collectively rather than a barrier to accept.

Juliet Shen, head of product at ROOST — a nonprofit building open-source online safety tools — put it directly during a TELUS Digital panel discussion, AI, identity and child safety: The new frontier of platform trust, "The best red teamer to attack a system and expose its vulnerabilities and weaknesses is a 12-year-old who's been told they can't go to a certain site."

As users develop and share new workarounds, the model falls behind, encountering inputs it was never trained to recognize and letting through people it should be blocking. But active evasion isn't the only driver. Even without deliberate workarounds, models fail to generalize as the world changes around them. Something as incremental as a shift in popular hairstyles or glasses styles sits outside the model's training distribution and is enough to affect performance. Over time this creates pressure in both directions: more underage users getting through, and more valid users getting incorrectly blocked. The only way to close that gap is to continuously collect data that reflects how users and behavior are actually evolving, and retrain against it.

AI, identity and child safety: The new frontier of platform trust - Hero

AI, identity and child safety: The new frontier of platform trust

For enterprises operating online platforms that serve young users, the risk landscape is shifting fast. Age verification regulations are tightening across borders, AI is reshaping the threat picture and the defenses platforms have long relied on are being tested in new ways. Watch this panel discuss...
Watch the video

Four pillars of production-grade age assurance training data

The four criteria Ofcom uses to define highly effective age assurance (HEAA) — technical accuracy, robustness, reliability and fairness — are each, at their foundation, properties of training data. Building a model that passes the test starts with the pipeline, not the architecture.

Building training data for a regulated age assurance model requires an end-to-end approach across workforce, governance and methodology. From our work with global platforms deploying age assurance in markets subject to U.K., EU and U.S. regulatory requirements, we've identified four pillars that have to be in place together.

1. Diverse demographic representation and consent-based data collection

Training datasets need authentic variation across skin tones, hair types, eyelid shapes, age bands, natural expressions, capture devices and lighting conditions This is not to check a compliance checkbox, but because the failure modes of a demographically narrow model fall disproportionately on the groups least represented in the training set.

For data involving minors, diversity also means legal and ethical rigor. Youth data collection requires robust verification of parental or guardian consent, real-time multi-stage consent authentication, strict adherence to regional privacy frameworks like COPPA and GDPR-K, and both on-site and remote collection protocols that keep guardians informed and involved throughout. Purpose limitation, withdrawal rights and retention policies need to be documented and jurisdiction-specific.

The demographic breadth required isn't achievable through web scraping or repurposing existing adult-focused datasets. It requires purpose-built collection programs designed for the specific age bands and phenotypic variation that age assurance models are actually trying to assess.

What ethical minor data collection looks like in practice

Collecting biometric data from minors at scale

Sourcing facial and voice data from children under 18 requires infrastructure that most data collection programs aren't built for. TELUS Digital has delivered multiple engagements for leading hardware and software companies requiring this capability. In one recent project, we delivered:

  • 450+ participants spanning ages three to 18
  • Six ethnicities: Caucasian, African, East Asian, Southeast Asian, South Asian and Middle Eastern
  • Feature diversity across skin type, hair color, hair type and eye color
  • Multiple on-site sessions with guardians present
  • Full collection completed in under three months

Building a globally representative dataset across 45+ countries

A leading technology company needed selfie and video data that reflected genuine global diversity, including minor contributors, with no demographic group overrepresented. TELUS Digital ran a remote crowdsourced collection program that delivered:

  • More than 7,000 contributors across 45+ countries
  • More than 80,000 images and videos
  • Equal distribution across 125 unique demographic profiles spanning gender, age group, skin tone and eyelid shape
  • Approximately 10% minor contributors, managed through a fully compliant consent and verification workflow

2. Annotation with calibrated inter-rater agreement

Annotation for age estimation is inherently subjective. Two annotators looking at the same image won't always agree on how old someone appears, and that disagreement compounds across thousands of images. If the labels going into a model are inconsistent, the model's outputs will be too.

Managing that inconsistency requires multiple annotators labeling the same images and a statistical measure of how closely they agree.

Two commonly used measures are Krippendorff's alpha, which tracks consistency across the entire annotator pool, and weighted Cohen's kappa, which measures agreement between individual annotators while accounting for how far apart their estimates are (i.e., A two-year disagreement carries less weight than a ten-year one).

Consistency is tracked per annotator, per cohort and per age band, with a process for catching and correcting drift before it propagates into the training set. Annotators also need regular recalibration against a set of images with known, verified ages to keep their judgments anchored.

For tasks involving biometric data from minors, the data handling standards need to match the sensitivity of the task. For example, TELUS Digital processes this data within ISO-certified secure facilities with biometric access controls, strict prohibitions on personal recording devices and role-based access limited to only what each team member needs. All data is minimized and fully anonymized before any asset enters a machine learning pipeline.

3. Synthetic data as a controlled supplement

Generative models can fill demographic gaps that real-world collection struggles to cover. They produce faces across age bands, skin tones and capture conditions without recruiting participants. For underrepresented demographic combinations, synthetic augmentation has genuine value. The operational cost of synthetic augmentation, however, is real, even if it looks different. Generating synthetic data at the scale needed to fill meaningful demographic gaps requires significant compute infrastructure and a quality assurance layer to catch failures before they propagate across large batches of images. The cost doesn’t disappear, it shifts from recruiting participants to generating and validating inputs.

The problem is that synthetic faces aren't neutral. They carry systematic distributional patterns that a model can learn instead of the actual biometric signals of human aging. The result is what looks like a well-performing model in evaluation that falls apart when deployed against real users on real devices — an “algorithmic mirage.”

Synthetic data works as a controlled supplement to real-world collection, not a replacement for it. The distinction matters: augmenting a dataset with synthetic examples while continuously validating against real-world distributions is a legitimate practice. Substituting synthetic data for consented real-world collection because it is faster or cheaper produces systems that pass benchmarks and fail in production.

4. Model evaluation, red teaming and anti-spoofing data

A model that ships without stratified evaluation across age bands, demographics and capture conditions is not ready for a regulated environment. Evaluation is not a one-time gate before deployment, it is a continuous practice, because the adversarial environment keeps changing.

Rigorous evaluation covers four areas:

  • Stratified accuracy testing checks performance across every demographic group and capture condition the model will encounter in production, not just aggregate accuracy scores that can mask poor performance on specific subgroups.
  • Adversarial probing stress-tests the model against presentation attacks, low-light edge cases and deepfake variants that real users will attempt.
  • Red teaming goes further, actively trying to break the system in the way a motivated underage user would.
  • Anti-spoofing evaluation requires purpose-built datasets that pair real captures with their attack equivalents (e.g., printed photographs, cutout masks and video playback) shot under identical conditions. Those pairs need to be organized as a live variation matrix, testing systematically across lighting conditions, capture angles, device types and attack variants rather than a single controlled setup. Without that structured variation, a model can pass anti-spoofing evaluation in the lab and fail against the range of conditions it encounters in production.

Continuous red teaming for age verification AI

Manual red teaming is inherently selective. Test teams prioritize the most obvious attack vectors, which means novel evasion patterns tend to surface in production rather than in a controlled evaluation.

Fuel iX™ Fortify automates this process, running thousands of adversarial simulations in hours and generating dynamic attacks tailored to your application's domain. Vulnerability findings are mapped against OWASP, NIST AI RMF and MITRE ATLAS, with human-AI review to validate severity. Clients have reduced red team testing time by up to 97% with the tool.

For age verification deployments operating under HEAA or equivalent regulatory standards, continuous automated red teaming closes the gap between periodic evaluation cycles and the pace at which new bypass patterns emerge.

Partner with an AI training data services team built for regulated AI

Meeting HEAA or its equivalent in any jurisdiction requires an end-to-end data pipeline built with compliance in mind from the start, not retrofitted after a model underperforms in an audit. Consented collection, calibrated annotation, controlled augmentation and stratified evaluation are interdependent. A failure at any stage compounds downstream.

TELUS Digital's end-to-end data collection and annotation practice spans remote and in-person programs across secure facilities, field operations and contributor environments. Over one million contributors work across more than 500 languages and dialects, with data handling governed by enterprise-grade privacy and compliance standards. For age verification specifically, that means contributors representing the full range of age bands, ethnicities, skin tones, genders, physical attributes and socioeconomic backgrounds needed to build representative datasets. Our annotation infrastructure supports calibrated inter-rater agreement protocols at scale and our operational model and data handling practices are built for the jurisdictional discipline that regulators in the U.K., EU and beyond will scrutinize.

The question for platforms evaluating age assurance solutions is not which model architecture to choose, it is whether the training data pipeline behind it can withstand a regulatory audit. Not sure if yours does? Our team of experts can help you build a pipeline that meets the bar regulators are setting. Reach out today.


Steve Nemzer

Steve Nemzer

Director of AI Growth and Innovation

Steve is the director of AI growth and innovation for TELUS Digital, bringing with him an extensive background in AI and technology with more than three decades in the industry. Steve’s expertise includes data collection, annotation and AI model validation, with a particular focus on large language models and generative AI. He is committed to the principles of responsible AI practices, particularly with respect to dataset bias mitigation.

Frequently asked questions

Be the first to know

Get curated content delivered right to your inbox. No more searching. No more scrolling.

Subscribe now