Executive Vice-President Henna Virkkunen, in a written answer on 23 June 2026, defended the European age verification application against reports of cybersecurity and data protection flaws, stating that reported issues have been corrected and that deployment will proceed as planned, with Member States responsible for final security checks. The answer addresses a parliamentary question from Fabio De Masi (NI), who cited media reports that experts hacked the app in minutes. Virkkunen acknowledged that some expert concerns were well founded but said the development consortium released an updated version shortly after the app's launch on 15 April 2026, with further improvements to follow. She stressed that the app is in a piloting phase and that Member States must ensure compliance with cybersecurity and data protection standards before public deployment, as per the Commission Recommendation of 29 April 2026 calling for independent third-party scrutiny. No postponement of the timetable is required, she said, because deployment is conditional on successful checks. Virkkunen also confirmed that the app already uses a privacy-preserving 'zero-knowledge' architecture, relying on cryptographic techniques to verify age without disclosing identifying information, in line with GDPR and the European Data Protection Board Statement 1/2025 on Age Assurance. The Commission remains committed to strengthening these properties as the solution matures. The answer contains no new numerical targets or deadlines but reaffirms the existing design principles and conditional deployment timeline. Institutional follow-up will depend on Member States' independent scrutiny and the pilot phase results, with further updates expected as the solution evolves.
Source✉ Open answer ↗
Asked byFabio De Masi (NI) · answered by Henna Virkkunen