Digital Identity in Practice: Age Assurance, and Real Customer Journeys

Age checks aren’t simply a regulatory box to tick. They’re a key point in digital journeys, where trust can be built or broken.

In this episode of Digital Customer Communications: Regulated, Emily Hyett, Group Product Manager at Yoti, joins us to talk about digital identity in practice, and what “good” looks like when age assurance meets real user behaviour.

Why Digital Identity Gets Misunderstood

Emily starts with a misconception she hears repeatedly when digital identity comes up in public debate.

People often picture a single central database that stores everyone’s biometric data and personal details.

"When people think of digital identity, they think of a big central database with their facial images and personal information."

Emily Hyett, Group Product Manager, Yoti

Emily explains that the reality is usually more specific and more modular than that mental model.

In many implementations, a user is proving one attribute in one moment, rather than handing over an entire identity record.

That difference matters because fear grows in the gaps where the journey does not explain what is happening.

If the customer thinks you are collecting “everything,” they will hesitate, abandon, or look for a workaround.

If the customer understands you are asking for “just enough,” the check can feel proportionate and predictable.

Emily also makes a practical point that regulated teams sometimes miss.

Identity is not one thing, and digital identity is not one product category.

It can mean a reusable wallet, a one-off document check, a government login, or a certified service operating under a trust framework.

In the UK, that direction of travel is reflected in the government’s work on the service register, which lets organisations and the public check which digital identity services have been independently certified.

What Age Assurance Really Means In Practice

A big part of the episode is reframing age assurance as a spectrum.

Emily describes organisations choosing different approaches depending on risk, context, and user expectations.

That might include age verification using stronger evidence, or age estimation to answer a simpler question like “is this person likely over 18.”

Age Assurance Is A Journey, Not A Gate

Ofcom’s guidance on “highly effective” age assurance is explicit that outcomes depend on how a method is implemented, not just what method is selected.

It also makes clear that services need to think about the end-to-end age assurance process, including placement and user experience, rather than treating age checks as a bolt-on step.

Data Protection Is Part Of The Design Constraint

Emily says it's important to remember that customers do not separate “privacy” and “compliance” from “experience.”

That lines up with how the Information Commissioner's Office talks about age assurance, which emphasises proportionality, risk assessment, and data minimisation as core expectations.

Why Real Customer Journeys Break Down

It's critical to maintain focus on real user behaviour - where do people get stuck, and why does the friction show up when it does?

The Surprise Check Problem

Emily describes a familiar failure mode in digital journeys.

The user completes multiple steps, invests time, and then discovers a requirement they cannot meet in the moment.

The result is frustration, distrust, and a reluctance to try again.

"We’ve probably all been there where you’ve completed a form and then, right at the end, you’re asked for something you don’t have."

Emily Hyett, Group Product Manager, Yoti

The fix is often simple.

Tell people up front what they will need, and why you need it.

Inconsistency Across Channels Erodes Trust

Emily also highlights a more systemic problem.

Web copy, app screens, and support scripts often describe the same check in different ways.

Customers interpret that as a warning sign.

If the way that checks are represented across channels is not consistent, it does not feel legitimate.

The best identity journeys invest in shared language, shared cues, and shared expectations across teams.

Selective Disclosure And The “Over 18” Moment

Emily describes a future where a customer can prove an attribute without oversharing identity data - where age checks don't “ask too much.”

"I just want to share with the business that I’m over 18, and I don’t even want to share my date of birth."

Emily Hyett, Group Product Manager, Yoti

For example, showing a driving licence proves age, but it also exposes a name, address, and date of birth.

In digital journeys, that kind of oversharing increases both privacy risk and customer anxiety.

The point is not that organisations should avoid strong checks, but that organisations should match the check to the decision they are making.

Make It Easy To Share Less, Not More

When a journey lets a customer share only what is needed, it reduces friction and reduces exposure.

It also creates a clearer audit story because the organisation can demonstrate that it requested only the minimum necessary attribute.

Regulation Is Driving Adoption, But Behaviour Determines Outcomes

It is perhaps too easy to talk about age assurance as a regulatory requirement, because regulation is enmeshed with real behavioural design problems that it relies on for outcomes.

Online Safety Creates Real Deadlines

Ofcom has set clear expectations around how services must meet key obligations, including children’s access assessments and age assurance duties for certain services.

Its guidance includes roadmaps for particular services and children’s access assessments, which can help teams translate policy into operational plans.

Trust Frameworks Change Procurement Decisions

Emily's advice for regulated organisations is to prepare to accept digital IDs in a way that supports choice and resilience.

That advice lands in a UK context where trust frameworks and independent certification are increasingly shaping supplier choice.

DSIT has also written about the move to public beta for the digital identity register, and why it is designed to make trusted services easier to find.

The DSIT register update is a helpful explainer for non-specialists.

What Regulated Teams Should Take From This Episode

Emily's resounding message is not “identity is coming.”

Her message is “identity is already here, and customer experience will decide what works.”

A Practical Checklist For This Quarter

• Set expectations early: Tell customers what they will need before they start, and make sure the wording is plain.
• Offer more than one route: Build in alternatives for people who cannot, or will not, complete a single digital method.
• Design for consistency: Make sure web, app, and support channels describe the same check in the same way.
• Minimise what you request: Ask for the attribute you need, not the entire identity document by default.
• Use recognised standards: Treat accessibility as part of the identity design constraint, and reference standards like WCAG.

Compliance may require age assurance or other forms of identity verification.

But completion requires confidence.

And confidence is built through consistent, predictable journeys that adapt to human behaviour.

FAQs

What Is The Difference Between Age Verification And Age Estimation?

Age verification usually uses stronger evidence to confirm age, such as an identity document.

Age estimation is typically used to estimate whether someone is above or below a threshold, without collecting unnecessary personal details.

The right approach depends on risk, context, and the outcome you need to support.

How Do We Reduce Drop-Off In Age Check Journeys?

Make sure customers know what will be required before they invest time in the journey.

Use consistent language across web, app, and support channels.

Offer alternative routes for customers who cannot complete one specific method.

Do We Need To Store Identity Documents To Prove Compliance?

Many journeys only need an attribute outcome, not a retained copy of a full document.

Your retention approach should follow your risk assessment and legal obligations.

Use ICO guidance as a baseline for proportionality and data minimisation.

How Should We Prepare For EU Digital Identity Wallet Adoption?

Plan for interoperability so you can accept multiple credentials without repeating integrations.

Make sure your acceptance layer is consistent across channels.

The European Commission indicates wallets are set to launch by the end of 2026.

References

Statement: Age Assurance and Children’s Access, Ofcom, 2025

Guidance on Highly Effective Age Assurance, Ofcom, 2025

Age Assurance, Information Commissioner’s Office, 2024

Register of Services, DSIT, 2024

Register in Public Beta, DSIT Blog, 2025

WCAG 2.2, W3C, 2023

Age Verification Privacy, Yoti, 2025

Reviewed by

Sam Kendall, 28.01.2026