BILETA Response to Ofcom's Call for Evidence: Statutory Reports on Age Assurance and App Stores

This submission by the British and Irish Law, Education and Technology Association (BILETA) responds to Ofcom’s Call for Evidence regarding statutory reports on age assurance and app stores. The response critically evaluates the efficacy and privacy implications of current age assurance mechanisms, arguing that while methods such as photo-ID matching and facial age estimation are technically available, they are undermined by significant error rates for users under 25, exclusionary barriers for marginalized groups, and widespread circumvention via VPNs. The submission highlights that strict age verification mandates have inadvertently strengthened non-compliant markets and exposed users to security risks associated with free VPN services.

Regarding app stores, BILETA argues that these platforms play an active role in curating content and directing children toward potentially harmful user-to-user and search services. The response identifies critical regulatory gaps, specifically regarding "open" AI model repositories and the inability to detect Child Sexual Abuse Material (CSAM) in End-to-End Encrypted (E2EE) environments without "upload prevention" measures.

Ultimately, BILETA advises against the blanket deployment of intrusive, biometric age assurance at the app store level. Instead, the submission advocates for a privacy-preserving, risk-tiered approach. Key recommendations include the adoption of verified "child accounts" using token-based, interoperable age assurance signals, and a differentiated compliance model that applies stricter controls for regulated pornography while utilizing safety-by-design principles for lower-risk social applications.