Executive Vice-President Henna Virkkunen, on behalf of the European Commission, has defended the EU's new age verification app for minors online, stating that security weaknesses identified by experts in an early version have been addressed and that the phased deployment schedule remains on track. In a written answer to a parliamentary question from Elena Kountoura (The Left) on 19 June 2026, Virkkunen stressed that the Commission attaches the highest importance to security, privacy and fundamental rights, and that the solution uses privacy-preserving zero-knowledge proof technology to avoid disclosing identifying information.
The question, submitted on 21 April 2026, followed reports that hackers had bypassed the app's authentication mechanisms in minutes, raising concerns about data protection and institutional credibility. Kountoura cited expert findings of insufficient protection of stored sensitive personal data and the possibility of bypassing authentication, noting that the app was presented as technically ready while still being a demo version. She also referenced a European Parliament resolution of 26 November 2025 on protecting minors online and FRA data showing broad public support for age limits on social media.
Virkkunen's answer confirmed that the issues raised concerned an early pre-public-deployment version and have been addressed by the consortium, with an updated version already available and further improvements to follow. The app follows the requirements of the General Data Protection Regulation (GDPR) and the European Data Protection Board's statement on age assurance. The Commission sees no need to adjust the timetable, as deployment in each Member State is conditional on the completion of checks under the European Age Verification Scheme, which will define criteria for issuers and solution providers and assess them against security and data protection requirements. This provides a pathway for online platforms to demonstrate compliance with obligations to ensure a high level of privacy, safety and security for minors.
The answer signals a firm commitment to the current phased pilot approach, with third-party scrutiny built into the verification scheme rather than delaying deployment. The Commission prioritises privacy-preserving technology and relies on existing regulatory frameworks (GDPR, EDPB guidance) rather than introducing new legislation. Stakeholders impacted include online platforms (which must use equally effective tools if not the EU app), minors and parents (who gain a standardised verification method but must trust the system's security), and national authorities (responsible for adapting implementation). The answer does not set new numerical targets or deadlines, but reaffirms the existing schedule and the importance of the European Age Verification Scheme as the mechanism for ensuring compliance.