The framework emphasizes that age assurance mechanisms must respect fundamental rights, with children’s best interests as a primary consideration. Service providers are required to adopt a risk-based approach, conducting Data Protection Impact Assessments (DPIAs) and Child Rights Impact Assessments (CRIAs) where necessary. The requirements complement recent developments in the EU, where T-Systems and Scytáles are developing an age verification solution for the EU Digital Identity Wallet program.