Incode Launches On‑Device Age Estimation to Meet Global Age‑Assurance Laws While Preserving Privacy
What Happened — Incode announced On‑Device Age Estimation, a solution that runs facial age‑estimation and liveness‑detection models locally on a user’s phone, tablet or laptop. No facial image or biometric data leaves the device; only the age‑estimate and tamper‑metadata are transmitted to the relying service.
Why It Matters for Compliance & Audit Readiness
- Demonstrates a privacy‑by‑design approach that aligns with SOC 2 CC5 (Privacy) and CC6 (Confidentiality) requirements for data minimization and protection.
- Provides concrete, auditable evidence that biometric data is never stored or transmitted, simplifying the collection of “privacy‑by‑design” artifacts for a SOC 2 audit.
- Directly supports emerging age‑assurance regulations (e.g., UK Online Safety Act) by offering a compliant verification method without the need for additional ID‑document handling.
Who Is Affected — Digital platforms that must verify user age (social media, gaming, e‑commerce, fintech, streaming) across all regulated jurisdictions.
Recommended Actions
- Map the on‑device verification flow to SOC 2 privacy and security controls (e.g., CC5.1, CC6.1) and capture screenshots or logs as audit evidence.
- Update your privacy policy and data‑handling procedures to reflect the data‑minimization benefits of on‑device processing.
- Conduct a readiness review of age‑verification controls against the UK Online Safety Act and comparable global statutes.
Technical Notes – The solution embeds optimized deep‑learning models for age estimation and spoof‑detection within the client app; outcome data is signed and sent over TLS. No CVEs or known vulnerabilities are disclosed. Source: Help Net Security