MEP Fabio De Masi (NI) has asked the European Commission whether it will postpone the launch of the European age identification app after cybersecurity experts demonstrated it could be easily hacked, raising concerns over data protection and privacy. In a written parliamentary question submitted on 20 April 2026, De Masi also urged the Commission to adopt a 'zero-knowledge' approach to safeguard personal data.
The question, filed under Rule 144, cites media reports that experts found the app technically inadequate for ensuring security and data protection standards. De Masi asks two concrete questions: whether the Commission will delay the launch until the reported issues are resolved, and whether the EU will move toward a zero-knowledge architecture to better protect users' privacy.
Policy orientation and ambition
De Masi's question signals a push for stronger data protection and cybersecurity safeguards in EU digital identity tools. By advocating a zero-knowledge approach, he aligns with privacy advocates who argue that the app should not have access to users' personal data beyond what is strictly necessary for age verification. The question reflects a cleavage between security and privacy on one hand, and the Commission's push for rapid deployment of digital identity solutions on the other.
Expected follow-up
The Commission is required to respond within approximately six weeks. Its answer will indicate whether it acknowledges the vulnerabilities and is willing to delay the rollout, or whether it considers the issues manageable without postponement. The reply will also signal the Commission's stance on zero-knowledge proofs, a technical approach that could increase privacy but may also raise implementation costs and complexity.
Stakeholders impacted
- EU consumers: A delayed or redesigned app could better protect their personal data, but may also slow access to age-restricted services.
- EU tech industry: Companies developing age verification solutions may face uncertainty if requirements shift toward zero-knowledge systems.
- National authorities: They would need to adapt to any new technical standards, potentially increasing administrative burden.
- Cybersecurity and privacy experts: Their warnings are being taken seriously, which could lead to stronger safeguards.
Importance score: 55