Proving Your Age Without Handing Over Your ID

Since June 3, 2026, an adult in Denmark can sign up for a betting site, an adults-only platform or an online liquor store without showing a single piece of identification. Their phone runs AltID, the app launched by the Danish Agency for Digital Government, and it hands over exactly one thing: yes, this person meets the age limit. No name, no date of birth, no national registration number. A verdict, nothing else.

That seemingly technical detail overturns the way we prove who we are. For twenty years, verifying your age online meant photographing your ID card and trusting it to a stranger, some website that swore to delete it afterward. AltID reverses the gesture: the data stays in the phone, and only the result of a calculation leaves it. The cryptography behind the trick carries an austere name, the zero-knowledge proof, and it is about to leave the specialists' circle.

The proof that says nothing else

The principle fits in a sentence: establish that a statement is true without revealing what makes it true. Prove I know a password without speaking it, that I hold a sum without showing my balance, that I am over eighteen without surrendering my birth date. Long confined to laboratories, the idea is now mature enough to live inside an ordinary smartphone.

In AltID, the computation happens on the device. When a service asks for a check, the phone mints on the fly an encrypted attestation that certifies the threshold is cleared, thirteen, fifteen or eighteen, and stops there. The platform receives a cryptographic "yes," never the underlying document. Nor can two attestations issued to two different sites be cross-referenced into a profile: the absence of a link is built into the design.

This toolkit comes straight from the world of distributed ledgers, where the zero-knowledge proof has for years validated transactions without exposing everything. The projects that live on it are now worth more than eleven billion dollars. What states are borrowing is that toolbox, turned toward what is called self-sovereign identity: credentials the citizen carries himself and presents on demand, with no central server logging every use.

What you stop giving away

The benefit shows first in what you stop surrendering. Every old-style age check leaves a copy of your papers on a server, and every server eventually leaks. As laws impose age verification on social networks and sensitive sites, the number of those deposits explodes, and the risk with it. The zero-knowledge proof cuts the problem at the root: there is no copy left to steal, because there is no copy.

The gain is also a matter of comfort. No card photo to frame, no form to fill, no wait while a distant operator validates the snapshot. One tap, and the door opens. What the citizen recovers is a little control over something he thought lost in advance: his own attributes, age, nationality, diploma, proven one at a time instead of dumped all at once.

Europe joins in this summer

Denmark is not moving alone. On April 15, 2026, in Brussels, Ursula von der Leyen announced that a European age-verification app was technically ready and would reach the continent's smartphones as early as summer. The Commission calls it a "mini-wallet," because it is only a fragment of a far larger project, the European digital identity wallet mandated by the eIDAS 2.0 regulation.

Every member state must offer that wallet to its citizens before the end of 2026. AltID is the Danish version, shipped ahead of schedule. The ambition reaches well beyond age: in time, the same container is meant to hold driving licenses, diplomas, prescriptions, transit passes, all presentable in measured drops. Identity stops being a document you hand over and becomes an answer you compute.

The price of convenience

What you accept in exchange still has to be weighed. First, a dependency: to create his proofs, the Dane must already hold a MitID account and a registration number, the CPR. The elegant cryptography changes nothing upstream, where it is still the state that attests to who you are. Without a smartphone, without a prior electronic identity, you stay at the door, and the promise of autonomy closes around those who already had the means.

Then a quieter side effect. Generalizing age proof, however graceful, normalizes the idea that you must show your credentials to enter anywhere online. The technology protects the data, not the principle: an internet where every threshold demands an attestation is still an internet you move through on condition. And as long as platforms can, out of laziness or distrust, keep demanding the old card photo, the zero-knowledge proof will remain an option offered, not a right guaranteed.

The most discreet risk lies in the identifier itself. Privacy advocates have warned for months: replacing a thousand accounts with a single, persistent identity, even an encrypted one, creates a fresh target and a checkpoint that did not exist before. The counter-move has a name, attribute-based verification, proving only what a service needs to know, never a global identity. That is precisely AltID's bet. Governments still have to hold that line when the temptation to link everything arrives.

This coming summer, millions of Europeans will carry in their pocket an object that can answer "yes, I am old enough" and add nothing. On a small scale, it is one of cryptography's oldest promises coming true: to prove without showing. The comfort is real, and so is the recovered control. How long they last depends on a simple question no one has yet settled: who decides what we are allowed to keep to ourselves?