Apple’s latest iPhone update in the United Kingdom introduces a new requirement: some users must now confirm they are over 18 to access certain features(nuova finestra), using a credit card or government-issued ID.
The change follows pressure from regulators under the Online Safety Act(nuova finestra) to strengthen child safety protections online. Until now, those efforts have focused largely on websites, where age checks are applied unevenly and often easy to bypass.
Apple’s approach moves age verification into the operating system itself, meaning the device can determine access before a user reaches an app or service.
It’s worth noting that Apple is not required to implement such measures under the Online Safety Act, which does not apply to app stores or hardware manufacturers (unlike its Advanced Data Protection feature, which provides optional end-to-end encryption for data stored in iCloud, and which it recently removed for UK customers).
These shifts increasingly tie access to identity, moving the internet closer to a system where participation depends on who you are.
Similar proposals are emerging elsewhere. In the United States, California has passed a law requiring operating systems to collect age information and share it with apps, while lawmakers in other states are considering similar measures.
Age verification moves to the operating system
Under the update, users can confirm their age by linking a credit card or scanning a government-issued ID. Those who do not verify may see content restrictions applied automatically.
The policy follows a broader push from UK regulators to limit children’s exposure to harmful content online. Many websites have already introduced age checks in response. Apple’s decision goes further. The Online Safety Act does not require age verification at the operating system or app store level.
Age checks have long existed online, but they have often been easy to avoid. Moving verification to the operating system changes that dynamic. Instead of each website checking age independently, the operating system can determine a user’s age once and share that signal across apps.
The method of age verification also matters. A government ID or a credit card creates a durable connection between a user’s identity and their device. Once that connection exists, it does not need to be re-established. The system can rely on it in the background.
Access to information and services increasingly tied to identity
A system that confirms age can be adapted to confirm other attributes tied to identity. Location and nationality are among the most obvious. This has implications for how access is managed across borders.
The internet still operates with many inconsistencies. Some users are able to access services outside their region or download apps that are not officially available where they live. These gaps persist because identity is not consistently enforced at the system level.
When identity becomes part of the access layer, those inconsistencies narrow. A device that can verify who a user is can also be used to determine what they are permitted to access based on where they are from.
What this means beyond the UK
For most users, confirming their age will be a minor inconvenience. The longer-term effects, however, are less visible.
When access to apps and services depends on verified identity, enforcement becomes more uniform. Restrictions can be applied with greater consistency and less reliance on individual platforms.
This matters in environments where access to information is already constrained. Tools that enable private communication or broader internet access often depend on the ability to install and use them without additional scrutiny.
If access to app stores is tied to identity, those channels become easier to regulate. Because these controls are embedded in the device, they are not easily bypassed. The conditions travel with the system.
The thin edge of the wedge?
The introduction of age verification at the operating system level reflects a broader change in how digital access is structured. Verification is moving closer to the core of the system, and identity is becoming a requirement for access in more situations.
Once that infrastructure is in place, it can be applied beyond age. The same mechanisms can be used to enforce other restrictions, across services and across borders. Over time, these systems become part of the foundation, shaping who can access what and under what conditions.
