We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our data privacy statement.



AGCOM tightens regulations on video platforms: introduction of age verification systems

PrintMailRate-it

​​​​​​​​​​​​​​​​​​​​​​​​​​​published on 3 June 2025 | reading time approx. 5 minutes​


On April 18, 2025, the Italian Communications Authority (AGCOM) adopted Resolution No. 96/25/CONS, marking a significant step forward in the protection of minors online, in implementation of Law No. 159 of November 13, 2023, better known as the “Caivano Decree”. 

The measure establishes the technical and operational procedures necessary to ensure reliable age verification for users accessing content deemed potentially inappropriate for minors, distributed via video-sharing platforms or certain websites accessible from Italy—particularly pornographic sites. Obligated entities will have six months from the date of publication to comply with the provisions of the resolution.

Let us now examine in detail the main changes introduced.

The age verification system introduced by the new resolution is structured in two distinct but complementary phases. The first phase involves user identification, which must be carried out using certified digital identity systems, such as SPID or the Electronic Identity Card (CIE). The second phase consists of user authentication for each session, in order to ensure that access to regulated content is granted only to adult and previously identified users.
​​​
However, such a regulatory framework inevitably involves significant processing of personal data, especially concerning identifying and documentary information, which — if improperly managed — could pose serious risks to the rights and freedoms of individuals. To mitigate these risks and ensure a high standard of data protection, the resolution requires the involvement of certified third parties, acting as trusted intermediaries between the user and the platform, independently and separately performing the age verification functions. This mechanism ensures that the verifier is unable to know the identity of the platform the user intends to access, and the platform does not receive any identifying data about the user. 

In this context, the certified third-party intermediary, although operating within a complex system that enables the platform to function properly, does not act as a processor but rather as an autonomous data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 (GDPR). It is the intermediary who determines the purposes and means of the data processing carried out during the age verification procedure, being directly responsible for GDPR compliance, while the “target” platform receives and processes no personal data whatsoever. This technical and organizational framework fully aligns with the data minimization principle under Article 5 of the GDPR, avoiding unnecessary processing and strengthening user control over their personal data.

In defining the regulatory framework for age verification systems, AGCOM has adopted a technologically neutral approach, avoiding the prescription of specific technical solutions, but instead establishing a series of binding principles that all systems must comply with. These include the principle of proportionality—meaning an appropriate balance between the tools used for age verification and the impact on users’ fundamental rights—data protection, cybersecurity, accuracy and effectiveness in age determination, as well as accessibility, inclusivity, and user-friendliness.

These requirements are complemented by the obligation to ensure non-discrimination, user training and information, and the availability of effective complaint management mechanisms. Furthermore, systems implemented must progressively align with the guidelines to be adopted by the European Commission, allowing for amendments and updates to the resolution to ensure coherent alignment with EU law and technological developments in the sector.

It should be noted, however, that the resolution focuses exclusively on age verification systems, without directly addressing the issue of parental control. Consequently, the obligation to comply with the regulation primarily concerns the operators of video-sharing platforms and websites that distribute pornographic content in Italy, who must implement effective age verification systems to ensure secure and restricted access to adult content.

A regulatory approach that considers parental control as an integral part of online minor protection would be more comprehensive and effective, ensuring not only the restriction of access to inappropriate content but also the active and informed protection of younger generations in the vast digital landscape.
In light of AGCOM Resolution No. 96/25/CONS, obligated entities — namely video-sharing platforms and websites that distribute pornographic content accessible from Italy — must adopt, within six months of the resolution’s publication, a series of concrete measures aimed at full compliance with the new regulatory provisions. It should be noted that failure to comply within the established deadlines will result in the initiation of sanctioning procedures by AGCOM. According to Article 1, paragraph 31, of Law No. 249/1997, as referenced by the Caivano Decree, entities that fail to comply with the Authority’s orders or warnings may be subject to substantial financial penalties.

Therefore, to comply with the regulatory requirements, the recipients of the Resolution must:
  1. Select certified and reliable third parties for age verification, to ensure a clear separation between the user's identifying data and the destination platform. This measure ensures compliance with the personal data protection and data minimization principles set out in Article 5 of the GDPR, strengthens cybersecurity, and reduces the risk of unauthorized access by minors. These third parties must adopt technically effective, proportionate, and inclusive solutions (to ensure accessibility and ease of use, including for people with disabilities) capable of ensuring high accuracy in age determination, in compliance with the principle of proportionality between the implemented verification mechanism and its impact on users' fundamental rights;
  2. Implement a two-phase age verification system: an initial verification phase using a certified digital identity system managed by the third party, and a second authentication phase for each session on the adult platform. Therefore, in the case of a negative verification result and confirmed minor status of the user, the platform must implement a system that prevents further browsing and promptly blocks access to content, ensuring an immediate and unbypassable block and guaranteeing full protection of minors and compliance with regulatory requirements;
  3. Adopt a proportional verification system, where the selected and employed means are balanced with respect to the rights of the individuals potentially affected;
  4. Ensure accessibility and user-friendliness of the platform;
  5. Implement transparent mechanisms for user information. In this context, it is advisable to adopt effective and proactive communication methods, such as well-visible informational banners or advance service announcements published on the website before the measures enter into force. These tools must provide clear and concise guidance on how the verification mechanisms work, how to file a complaint, users’ rights, and how to contact the platform for any reports, thereby ensuring full transparency and awareness;
  6. Establish appropriate mechanisms for handling user complaints.

All of the above must be preceded by an ex-ante assessment of the inherent privacy and cybersecurity risks related to the processing of personal data and to the platform in general. This assessment will serve as fundamental support for platform operators in selecting and adopting technical and organizational security measures, in compliance with prevailing privacy and cybersecurity regulations.​

from the newsletter

Legal ​​Newsletter​​​​​​​

author

Contact Person Picture

Chiara Benvenuto

Attorney at law (Italy)

Senior Associate

+39 02 6328 841

Send inquiry

Profile

Contact Person Picture

Elena Bonvini

Degree in Law (Italy)

Junior Associate

+39 02 6328 841

Send inquiry

Profile

Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu