← Back to Blog

    Papers, Please: The Summer Europe Quietly Built the Verification State

    Age checks, digital ID, and message scanning are not three privacy fights. They are three components of one machine, and it ships this summer. Here is what is real, what is hype, and the privacy tech that could have made all of it safe.

    Privacy AnalysisPublished · 10 min read· By TheVPNMatrix.com

    Evidence-based review per our 28-criteria methodology · affiliate disclosure

    1. The week three surveillance debates became one

    On 15 April 2026, Ursula von der Leyen announced that the EU's age-verification app was 'technically ready.' It would reach European smartphones, she said, by summer. Twenty days later, on 5 May, the UK government closed its consultation on a national digital ID scheme, the one once branded the 'BritCard,' the one ministers spent the winter walking back from 'mandatory' to 'voluntary, honestly, trust us.' The day before that, on 4 May, negotiators in Brussels sat back down to argue about Chat Control, the proposal that would have your phone scan your messages before they are encrypted.

    Three different laws. Three different justifications, protecting children, stopping illegal work, catching abusers. Three different press releases. One machine.

    Because here is the thing nobody announcing these schemes wants you to connect. An age-verification system, a digital identity wallet, and a message-scanning mandate are not three policies. They are three components of the same infrastructure, a system that, assembled, removes your ability to do anything online without first proving who you are. Each piece is sold separately, on its own sympathetic story. Assembled, they are a verification state. This is the summer it gets built. So let us look at the actual machine.

    2. Component one, the age check that follows you

    Start with the most reasonable-sounding piece. Who could object to stopping children seeing pornography? The EU's answer is a 'mini-wallet', a stripped-down version of the larger EU Digital Identity Wallet, focused only on proving you are old enough.(Pillitteri, 2026) To its genuine credit, the design uses a real privacy technology, the zero-knowledge proof.

    A zero-knowledge proof lets you demonstrate that a statement is true without revealing the data behind it. Done properly, you can prove 'I am over 18' without handing over your birth date, your name, or a scan of your passport. The website learns one bit of information, yes or no, and nothing else. A zero-knowledge range proof means the service records only the result of the check, never the sensitive data. That is the privacy-preserving version. The cryptography is real and it works.

    The only question that matters is whether deployed systems actually use it that way, or whether 'privacy by design' is the marketing wrapper on something that quietly logs every check and links it to a device. We have been here before. The difference between a privacy-preserving age check and a surveillance beacon is not the slogan. It is the architecture. Is the proof unlinkable across sites, or does each check phone home to the same identity? That is the question to ask of every age-verification system this summer. Not 'does it protect children', everyone agrees on the goal. The question worth asking is simpler. Can the issuer see where I used it?

    3. Component two, the ID that wants to be mandatory

    The age check is a subset of something much larger. By the end of 2026, every EU member state must offer every citizen an EU Digital Identity Wallet under the eIDAS 2.0 regulation.(European Business Review, 2026) Large-scale pilots are already running across 26 member states, involving more than 350 companies and government agencies, and cross-border interoperability was demonstrated in December 2025.

    In Britain, the story is messier and more revealing. The digital ID announced in September 2025 was pitched as a fix for illegal migration and a mandatory requirement to prove your right to work. By January 2026 the government had backed down on compulsion, and passports and eVisas would still count.(House of Commons Library, 2026) The consultation that just closed insists the ID will be free and that access to public services 'will not be made dependent on having it.' And yet the government still plans for digital ID to be mandatory for right-to-work checks from 2029.(Full Fact, 2026)

    Read that sequence again, because it is the template. Announce it as mandatory. Absorb the backlash. Re-announce it as voluntary. Keep the 2029 mandate in the small print. 'Voluntary' is what you call a thing on its way to becoming compulsory, while you build the rails. The technical fight inside digital ID is the same as the age check, scaled up. It is selective disclosure. A well-designed wallet lets you reveal one attribute without revealing the rest of the document, and without the verifier or issuer being able to link your separate uses together. The research frontier in 2026 is exactly this, combining secure hardware with zero-knowledge proofs to make wallet credentials genuinely unlinkable.

    4. Component three, the scanner in your pocket

    The third component is the one that would make the other two airtight, and it is the one that just took a public beating. Chat Control, formally the CSA Regulation, is the EU proposal to detect child sexual abuse material in private messages. On 26 March 2026 the European Parliament voted 311 to 228 to reject extending the old 'voluntary scanning' loophole, which expired on 3 April.(Help Net Security, 2026) For a moment it looked dead.

    It is not dead. The permanent regulation lives on, and trilogue negotiations resumed on 4 May with a target deal by July 2026.(Electronic Frontier Foundation, 2025) The mechanism still on the table is client-side scanning. Your messages stay end-to-end encrypted in transit, but they are checked on your own device before encryption. Encryption remains technically intact and is simultaneously rendered pointless, because the inspection happens before the lock closes.

    This is not a fringe objection. The Max Planck Society's analysis of client-side scanning concluded it delivers 'more monitoring, but not more protection.'(Max-Planck-Gesellschaft, 2025) Signal has said plainly it will leave the EU before it implements client-side scanning. Notice how this component completes the machine. Age verification proves you are an adult. Digital ID proves you are you. Message scanning ensures that even your private conversations, the last unobserved space, are inspected against a list you cannot see, by software you do not control, on a device you paid for.

    5. Why it is all one infrastructure

    Here is the uncomfortable synthesis. Each of these is defensible alone. Children should be protected. Identity fraud is real. Abuse material is monstrous. If you only ever look at one component, the privacy objection sounds precious. But you are not being asked to accept one component. You are being handed a system, one sympathetic piece at a time, and the system's emergent property, the thing none of the three press releases mentions, is the end of anonymous participation in public life.

    The bitterest part is this. The privacy-preserving versions of all three already exist. Zero-knowledge proofs for age. Selective disclosure with unlinkability for identity. For the abuse problem, approaches that do not require breaking the encryption that protects everyone else. NIST is actively standardising the underlying cryptography (multi-party computation, zero-knowledge proofs, fully homomorphic encryption) through its Privacy-Enhancing Cryptography project, which fed into the 2025 National Privacy Research Strategy.(NIST, 2025)

    The maths to build all of this safely is sitting on a shelf, standardised and ready. The fight this summer is not science versus nature. It is whether anyone in power chooses to use the safe version when the surveilling version is so much more convenient to the people building it.

    6. What to do

    Three things, none of them paranoid. First, ask the unlinkability question. When any age check or digital ID launches near you, the test is not 'does it protect children.' It is 'can the issuer see where I used it, and can my separate uses be linked?' Demand that answer, and make your representatives demand it. Second, respond to the consultations and votes while they are open. The UK design phase continues and the 2029 mandate is still live, and the Chat Control trilogue runs through July. These are decided in rooms that assume you are not watching. Watch.

    Third, harden what you can now. Use end-to-end encrypted messaging that has publicly committed to leaving rather than implement client-side scanning. Use a VPN you can actually verify, one with an independently audited no-logs policy and a jurisdiction outside the worst data-retention regimes, so that your metadata is not a free gift to whatever the verification state becomes. For what it is worth, the provider that scores highest on those exact criteria in our own evidence matrix is also one we partner with. Proton VPN is Swiss-based, independently audited, with post-quantum protection. We disclose that, and our rankings are graded from evidence and do not move for commission. The methodology is public, so go and check it.

    The verification state is not coming in some dystopian future. It is being assembled this summer, component by component, each piece reasonable, the whole thing transformative. The only thing standing between 'privacy by design' as a promise and as a reality is whether enough people understand that the three stories are one, and say so before the rails are laid. Papers, please. Or not. That is still, just barely, up to us.

    7. References

    References

    1. [1]Electronic Frontier Foundation (2025) 'After Years of Controversy, the EU's Chat Control Nears Its Final Hurdle', EFF Deeplinks. Available at: https://www.eff.org/deeplinks/2025/12/after-years-controversy-eus-chat-control-nears-its-final-hurdle-what-know (Accessed: 23 May 2026).
    2. [2]European Business Review (2026) 'eIDAS 2.0 and the EU Digital Identity Wallet Explained', The European Business Review. Available at: https://www.europeanbusinessreview.com/eidas-2-0-and-the-eu-digital-identity-wallet-hype-fear-and-business-reality/ (Accessed: 23 May 2026).
    3. [3]Full Fact (2026) 'Is Labour on track to introduce mandatory digital IDs for Right to Work checks?', Full Fact. Available at: https://fullfact.org/government-tracker/digital-id/ (Accessed: 23 May 2026).
    4. [4]Help Net Security (2026) 'EU Parliament backs extension of CSAM detection rules until 2027', Help Net Security. Available at: https://www.helpnetsecurity.com/2026/03/13/eu-parliament-extends-csam-rules/ (Accessed: 23 May 2026).
    5. [5]House of Commons Library (2026) 'Digital ID in the UK', UK Parliament. Available at: https://commonslibrary.parliament.uk/research-briefings/cbp-10369/ (Accessed: 23 May 2026).
    6. [6]Max-Planck-Gesellschaft (2025) 'More monitoring, but not more protection', Max Planck Society. Available at: https://www.mpg.de/25788438/chat-control-eu-client-side-scanning (Accessed: 23 May 2026).
    7. [7]NIST (2025) 'Privacy-Enhancing Cryptography (PEC) Project', NIST Computer Security Resource Center. Available at: https://csrc.nist.gov/projects/pec (Accessed: 23 May 2026).
    8. [8]Pillitteri, P. (2026) 'EU Age Verification App: How the Anonymous Mini-Wallet Works', pasqualepillitteri.it. Available at: https://pasqualepillitteri.it/en/news/949/eu-age-verification-app-anonymous-mini-wallet-2026-guide (Accessed: 23 May 2026).

    ProtonVPN

    Most transparent VPN for privacy

    Get Deal

    Cookie Preferences

    We use essential storage and anonymous aggregate site metrics. Optional event analytics only run if you opt in.

    Learn more
    Questions or concerns?

    Contact us via X, Substack, or see our Cookie Policy for full details.