Brazil’s ANPD releases draft age verification guide open to public input

Brazil’s Agencia Nacional de Proteção de Dados (ANPD) yesterday launched a preliminary model of its Guia Orientativo on age verification mechanisms (Mecanismos de Aferição de Idade), launching a public session course of generally known as a Tomada de Subsidios. The doc, dated Might 2026 and carrying administrative reference SEI 00261.003182/2026-47, units out detailed technical and authorized necessities for know-how product and repair suppliers whose choices are directed at kids and adolescents, or are more likely to be accessed by them.

The information is a preliminary, non-binding model open for stakeholder enter. Its launch marks a big step in implementing Lei nº 15.211/2025, the Estatuto Digital da Criança e do Adolescente – generally known as the ECA Digital – and Decreto nº 12.880 of 18 October 2026, the implementing regulation signed into legislation on 18 March 2026.

A framework constructed on six necessities

In keeping with the ANPD, the information consolidates and deepens the “Orientações Preliminares – Mecanismos Confiáveis de Aferição de Idade,” a shorter preliminary doc the company printed in March 2026. The brand new information teams the eleven subsections of Article 24 of the Decreto into six normal necessities: proportionality, accuracy and robustness and reliability, privateness and private knowledge safety, inclusion and non-discrimination, transparency and auditability, and interoperability.

Every of those necessities displays a definite authorized obligation. The proportionality requirement, drawn from Article 24, I of the Decreto, obliges suppliers to steadiness the accuracy and robustness demanded in a given context towards the chance that the verification mechanism itself might trigger antagonistic results on customers – notably on privateness and private knowledge. In keeping with the ANPD, suppliers should assess dangers on three ranges: the dangers related to the services or products itself, the dangers arising from the particular age verification mechanism chosen, and the dangers created by the working context and surroundings.

The accuracy, robustness, and reliability requirement addresses how effectively verification methods carry out. In keeping with the ANPD, accuracy refers back to the diploma of precision with which a technique can decide a person’s age beneath managed circumstances, measured utilizing metrics comparable to True Constructive Price, False Constructive Price, and False Destructive Price for binary outcomes, or Commonplace Deviation and Imply Absolute Share Error for age vary outputs. Robustness is outlined because the capability of a system to withstand circumvention makes an attempt, bearing in mind the doubtless person inhabitants and the technical means accessible to them. Reliability means the flexibility of a mechanism to supply appropriate and constant outcomes throughout totally different utilization contexts over time, not solely in improvement testing.

Three species of age assurance

The information distinguishes rigorously between three technical species of age willpower. Verification (verificação de idade) is a high-reliability process that confirms the accuracy of a declared age or age vary utilizing technical or documentary means. Estimation (estimativa de idade) makes use of biometric or behavioural traits to find out a possible age vary with out producing a precise end result. Inference (inferência de idade) deduces age not directly from contextual indicators comparable to consumption knowledge, instructional historical past, or on-line preferences.

A fourth technique – self-declaration (autodeclaração de idade) – is explicitly excluded from the class of dependable mechanisms. In keeping with the ANPD, self-declaration consists of a person merely offering their age or date of start with none extra affirmation. The information states that even supplying a Cadastro de Pessoa Fisica (CPF) quantity – the Brazilian particular person taxpayer registry quantity – is equal to self-declaration, as a result of it’s private knowledge supplied by the person themselves with out unbiased verification. Self-declaration is prohibited for companies providing prohibited content material, pornographic content material, playing and fixed-odds betting, social networks delivering prohibited services or products, and digital video games with loot containers (caixas de recompensa).

The digital chain of obligations

A central structural idea within the information is the cadeia digital de responsabilidades – the digital chain of obligations. In keeping with the ANPD, the ECA Digital distributes age verification obligations between two teams of suppliers: app shops and working methods on one aspect, and all different know-how suppliers on the opposite.

App shops and working methods should request a self-declaration when a person creates an account, then confirm age utilizing dependable strategies with a desire for verifiable credentials. They have to share the ensuing age sign with downstream suppliers by way of a safe, privacy-by-default Software Programming Interface (API). Critically, the API might transmit solely a binary affirmation – a sure/no reply as as to if the person is over 18 – with out disclosing the underlying private knowledge comparable to a date of start, identification doc, or biometric knowledge. The identical API should enable customers to contest and rectify their age classification.

Downstream suppliers obtain this age sign and should configure their services or products accordingly. Nonetheless, the information is unambiguous that receiving an age sign doesn’t switch accountability: in keeping with the ANPD, suppliers stay chargeable for the effectiveness of age-appropriate measures no matter indicators obtained from app shops or working methods. Suppliers of prohibited content material should moreover implement their very own unbiased age verification, and in circumstances of divergence between the sign and their very own evaluation, should apply whichever result’s extra protecting of youngsters and adolescents, as established by Article 25, paragraph 4 of the Decreto.

Danger matrix and layered verification

The information introduces a three-level danger matrix – low, reasonable, and excessive – and maps every stage to applicable verification approaches. Low-risk companies, outlined as digital companies that don’t supply content material labeled as inappropriate or prohibited however should still trigger oblique antagonistic results, embrace instructional and cultural content material platforms, general-purpose productiveness functions, and normal web search and shopping companies. For these, the ANPD recommends mechanisms with minimal influence on privateness, comparable to receiving the age sign from app shops or adopting verifiable credentials.

Reasonable-risk companies are these with antagonistic results on kids’s privateness, safety, or well being; these permitting person interplay; these exposing customers to inappropriate or insufficient content material; or these processing delicate private knowledge. The information lists social networks, mixed-content video platforms, digital video games with person interplay or microtransactions, general-purpose messaging companies, generative AI companies of normal use, digital well being and psychological wellbeing companies, and normal e-commerce platforms as examples. For reasonable danger, the ANPD recommends a multi-layer mannequin wherein strategies with decrease knowledge influence are utilized first, supplemented by extra strong mechanisms solely when vital.

Excessive-risk companies are these providing content material, merchandise, or companies expressly prohibited for individuals beneath 18 – together with pornographic content material, playing, betting, lotteries, loot containers, grownup companion companies, and social networks that make such content material accessible. For these, verification with excessive robustness, accuracy, and reliability is necessary, whatever the age sign obtained from app shops. In keeping with the ANPD, suppliers on this class should additionally prioritise options that mix excessive accuracy with superior privateness safety mechanisms, comparable to cryptographic proof architectures that affirm age with out disclosing extra private knowledge. They have to keep away from any mechanism that generates steady person monitoring or behavioural monitoring.

Facial estimation and its particular dangers

Part IV of the information addresses three particular technical strategies: facial estimation, documentary verification, and verifiable credentials. The therapy of facial estimation (estimativa facial) is especially detailed as a result of the know-how carries distinct dangers, together with susceptibility to deepfakes and artificial photographs, algorithmic bias, and discriminatory influence on weak teams.

The information attracts a technical distinction that has regulatory significance: methods of facial age estimation are totally different from biometric facial recognition. Estimation methods classify a face into an age vary and produce solely an age estimate. Recognition methods convert a face picture right into a template and evaluate it towards a saved reference for identification or authentication functions. Nonetheless, in keeping with the ANPD, facial picture processing should still represent processing of biometric knowledge – labeled as delicate private knowledge beneath Article 5, II of the LGPD – relying on the system structure and processing goal. Suppliers adopting facial estimation should show by way of technical documentation, together with a Relatório de Impacto a Proteção de Dados Pessoais (RIPD), that their answer doesn’t generate or use biometric identification templates.

The information requires that facial estimation methods transmit to the digital service solely the mandatory age attribute – for instance, a binary token indicating “over 16” or “over 18” – relatively than the captured picture or precise age. Liveness detection (prova de vivacidade) is beneficial to protect towards {photograph}, video, masks, or artificial picture assaults. Programs should block entry after an outlined variety of failed makes an attempt, and divergent outcomes from successive submissions by the identical person should set off escalation to a extra strong verification layer.

Documentary verification and verifiable credentials

Documentary verification is characterised within the information as a deterministic technique relatively than a probabilistic one. The system checks the info contained in an identification doc issued by a reliable authority – identification card, driver’s licence, passport, or equal digital doc – and compares the age attribute with the service’s necessities. In keeping with the ANPD, this deterministic nature provides documentary verification typically larger robustness than estimation strategies.

Nonetheless, Article 24, paragraph 3 of the Decreto establishes strict knowledge minimisation guidelines. Any knowledge processed from collected paperwork should be restricted to confirming the age or age vary. The picture, copy, or any info from the doc should be eradicated instantly and irreversibly after the mandatory info is captured. Storage or retention of doc photographs is expressly prohibited.

Verifiable credentials (credenciais verificáveis) are introduced within the information as a technically most well-liked strategy for decreasing knowledge publicity. In keeping with the ANPD, these credentials function as digitally signed declarations issued by a trusted entity – for instance a authorities authority comparable to Gov.Br or a certifying physique – and might be saved regionally on the person’s gadget. A relying get together receives solely the particular attribute wanted, comparable to affirmation that the person is over 18, with out accessing the underlying identification paperwork or biometric knowledge. The information references Zero-Information Proof (ZKP) strategies for example of privacy-preserving verification, noting that they permit a person to show an attribute from a trusted credential with out revealing the underlying private knowledge. The W3C Verifiable Credentials Knowledge Mannequin v2.0, accessed by the ANPD staff in April 2026, is cited as a governance reference.

Privateness necessities and the prohibition on secondary use

The privateness part of the information identifies six minimal ensures to be noticed in any age verification answer: knowledge minimisation, privateness safety, knowledge safety, prohibition of secondary use, prohibition of traceability, and prohibition of steady automated and unrestricted knowledge sharing.

Of those, the prohibition on secondary use is especially important for the advertising and promoting business. In keeping with the ANPD, knowledge collected for age verification functions could also be used solely for that goal. The prohibition explicitly covers behavioural promoting, profiling, person classification, database enrichment, and inference about habits, preferences, and shopping patterns. This is applicable to each the uncooked knowledge collected throughout verification and any derived knowledge produced by the verification system, together with age indicators, age vary classifications, and age tokens. The information additionally requires suppliers to separate verification methods functionally from different platform infrastructure, notably methods for focused promoting, behavioural evaluation, content material personalisation, and AI mannequin coaching.

The information moreover recommends double-blind structure wherein the third-party verifier doesn’t know which service supplier requested the verification, and the service supplier receives solely the verification end result with out entry to the identification knowledge used to generate it.

Worldwide response and context for advertisers

The discharge drew quick commentary from worldwide consultants. Tony Allen, Topic Matter Knowledgeable on Age Assurance and editor of ISO/IEC 27566, printed a LinkedIn submit noting that the ANPD had “clearly prevented simplistic ‘add your ID’ considering and as a substitute adopted a risk-based, proportional and privacy-aware framework for age assurance.” Allen highlighted the information’s recognition that age assurance is just not the identical as identification verification, its assist for layered and progressive assurance fashions, and its specific recognition of reusable age indicators, tokens, and interoperable credentials.

ANPD Commissioner Lorena Giuberti Coutinho – one of many doc’s named contributors – replied to the submit, confirming that the ANPD had hosted Allen for direct briefings as a part of getting ready the steerage, and stating that the company appeared “ahead to persevering with the dialogue because the age assurance panorama evolves.”

For the advertising and digital promoting neighborhood, the information has direct operational implications. The whole prohibition on utilizing age verification knowledge for promoting profiling or behavioural concentrating on closes a possible loophole that some had anticipated. The prohibition on steady knowledge sharing between verification methods and promoting infrastructure signifies that any age verification course of should be architecturally remoted from the programmatic stack. The requirement that age verification outcomes be represented as minimal binary tokens – relatively than exact start dates or full identification knowledge – limits the info accessible to platforms for viewers segmentation based mostly on verified age.

Brazil’s data watchdog added child protection as a priority enforcement theme in December 2025, establishing 30 inspection and enforcement actions targeted on privacy-by-default configurations and age-verification mechanisms for the 2026-2027 interval. The ANPD had additionally been elevated to regulatory agency status in September 2025, giving it better institutional autonomy. Its legal action against Meta over AI chatbots targeting children in August 2025 signalled the company’s willingness to maneuver past steerage into enforcement, notably on little one security issues. In the meantime, world regulators have been converging on comparable frameworks: German data protection authorities have called for enhanced GDPR protections for children, and US COPPA amendments that took effect June 2025 overhauled how kids’s knowledge could also be used for promoting functions.

In keeping with Tony Allen, suppliers in search of to function in Brazil ought to put together for regulators to require independently assessed efficiency, clear governance, privateness and knowledge safety by design, interoperability functionality, anti-bypass and resilience measures, and alignment with internationally recognised requirements. Allen particularly referenced ISO/IEC 27566-1 certification as changing into central to market entry and regulatory belief.

The doc was ready by a staff of 14 ANPD workers members beneath Director-President Waldemar Gonçalves Ortunho Junior and Administrators Miriam Wimmer, Iagê Zendron Miola, and Lorena Giuberti Coutinho. The session is open for public submissions.

Timeline

• 13 July 1990: Brazil enacts Lei nº 8.069, the unique Estatuto da Criança e do Adolescente (ECA).
• 14 August 2018: Brazil enacts the Lei Geral de Proteção de Dados Pessoais (LGPD), establishing the overall knowledge safety framework.
• 17 September 2025: President Luiz Inácio Lula da Silva indicators Lei nº 15.211/2025, the Estatuto Digital da Criança e do Adolescente (ECA Digital), Brazil’s first legislation particularly defending kids’s rights in digital environments.
• September 2025: ANPD is formally recognised as a regulatory agency with better institutional and budgetary autonomy.
• August 2025: ANPD takes legal action against Meta over AI chatbots targeting children, signalling lively enforcement intent on little one security.
• 22 December 2025: ANPD approves its 2026-2027 enforcement priorities map, putting little one safety in digital environments as a central theme with 30 deliberate inspection and enforcement actions.
• 17 March 2026: ECA Digital takes impact.
• 18 March 2026: Decreto nº 12.880 – the implementing regulation of the ECA Digital – is printed, establishing detailed necessities together with Article 24 on dependable age verification mechanisms.
• March 2026: ANPD publishes “Orientações Preliminares – Mecanismos Confiáveis de Aferição de Idade,” the precursor doc to the present information.
• 22 Might 2026: ANPD printed the preliminary model of the Guia Orientativo on Age Verification Mechanisms (Mecanismos de Aferição de Idade), opening the Tomada de Subsidios public session.

Abstract

Who: Brazil’s Agencia Nacional de Proteção de Dados (ANPD), led by Director-President Waldemar Gonçalves Ortunho Junior and Commissioners Miriam Wimmer, Iagê Zendron Miola, and Lorena Giuberti Coutinho, ready the doc with a staff of 14 workers.

What: A preliminary 49-page steerage doc – the Guia Orientativo on Mecanismos de Aferição de Idade – setting out six normal necessities and particular technical requirements for dependable age verification in digital services and products, opened yesterday for public session (Tomada de Subsidios).

When: The doc is dated Might 2026. It consolidates and extends preliminary orientations printed by the ANPD in March 2026 and implements necessities established by the ECA Digital (Lei nº 15.211/2025, signed September 2025) and its implementing Decreto nº 12.880, printed 18 March 2026.

The place: Brazil, with nationwide jurisdiction extending to all know-how suppliers whose services or products are directed at or more likely to be accessed by Brazilian kids and adolescents, whatever the supplier’s location.

Why: The ECA Digital requires know-how suppliers to undertake dependable, efficient age verification mechanisms as a part of a broader obligation to guard kids and adolescents in digital environments. The information operationalises the eleven subsections of Article 24 of the Decreto into actionable necessities, aiming to present regulated events the readability wanted to implement compliant methods. The prohibition on self-declaration as a dependable mechanism and the strict limits on secondary use of verification knowledge mirror the legislation’s goal of stopping each insufficient age gatekeeping and mass surveillance architectures.