Executive Vice-President Henna Virkkunen, in a written answer on 23 June 2026, defended the European age verification app's privacy safeguards while acknowledging that complete anonymity of technical data such as IP addresses is not possible. The answer responds to a parliamentary question from MEP Friedrich Pürner (NI), who had raised doubts about the Commission's claim that the app is 'completely anonymous'.
Virkkunen outlined a multi-layered legal framework governing the app: age verification solutions will be assessed under Commission Recommendation (EU) 2026/1035, the Age Verification Blueprint, the eIDAS Regulation, the NIS Directive, the Cyber Resilience Act, and the GDPR. Providers are classified as trust service providers under eIDAS, subject to national supervision and mandatory breach notification. The Commission stressed that solutions must not communicate any identifying user information and that privacy-invasive measures are prohibited. However, Virkkunen conceded that 'it is technically not possible to keep IP addresses, device identifiers or timestamps fully private', but insisted that EU age verification solutions ensure such data cannot be linked to the user's identity.
the Commission prioritises robust data protection but stops short of promising absolute technical anonymity, instead relying on legal prohibitions and supervisory oversight. No new legislative proposals were announced; the response reaffirms existing rules. Institutional follow-up will involve the Commission assessing and approving specific age verification solutions under the established schemes, with national authorities supervising compliance. The exchange highlights a cleavage between privacy guarantees and technical feasibility, impacting EU citizens (privacy expectations), national authorities (enforcement burden), and trust service providers (compliance costs).