// Zero-Knowledge Age Verification
Cryptographic age verification that returns one bit:
is_over_18: true — and nothing else.
No personal data is stored on our servers. Proofs are generated locally on-device — only a cryptographic proof is shared. Designed to meet emerging age-verification requirements.
A primitive for proving attributes — starting with age — without revealing identity. Requires NFC-enabled biometric passport and compatible device.
Currently in pilot phase. Performance metrics based on internal testing. Security audit in progress.
// Live Demo
// Protocol
The user taps their biometric passport to their phone. NFC reads the cryptographically signed chip directly — no photo, no camera scan, no upload to any server.
The passport's authenticity is verified against the Country Signing Certificate Authority chain. Forged documents are rejected at the cryptographic level — resistant to common bypass methods like self-reported DOB or photo uploads.
A ZKP is generated locally: "this passport holder is over 18." The proof is mathematically verifiable by the platform without revealing any passport data or identity.
// Privacy-by-Design Architecture
A primitive for proving attributes — starting with age — without revealing identity.
We do not store personal data on our servers. Veritas is a privacy-by-design age verification system that treats regulatory compliance and user privacy as the same architectural goal — not a trade-off. France's double anonymity requirement calls for verification without storing or transmitting user data. Our architecture is designed to align with this requirement, subject to regulatory interpretation.
// Target Markets
The $2.5B age verification market is projected to reach $7.1B by 2033. Most current solutions either compromise privacy or rely on self-reported data. ZKP-based verification addresses both gaps.
6,000+ UK services in scope. 92 Ofcom investigations already open. Current default: photo ID uploads — creating significant breach liability. Veritas returns is_over_18: true and nothing else.
$38.5B US market. 16+ states allow delivery, all require 21+ at door. Operators pay staff to check IDs on-site — a direct, measurable cost Veritas is designed to reduce substantially.
10,000+ operators. FDA rules from January 2026 require ID checks for under-30 buyers. Current default: a date-of-birth field — easily bypassed. The passport chip is cryptographically signed, enabling stronger verification than self-reported methods.
TikTok, Reddit, X, Discord, Bluesky all named under UK OSA. California SB 976 and NY SAFE Act add US pressure. Photo-ID upload creates brand and liability risk. Veritas is designed to align with privacy-forward compliance approaches.
Bumble, Tinder under OSA scope. Their entire value prop is safety and trust — photo-ID upload undermines user confidence. France's double anonymity requirement makes a privacy-first architecture a structural advantage.
Thousands of operators using date-of-birth entry globally. Regulatory pressure growing. A friction-minimal alternative with no PII liability is a straightforward upgrade and a differentiated brand signal.
// Regulatory Landscape 2025–2026
Active July 25, 2025. Ofcom has opened 92 investigations and is naming operators publicly. £18M or 10% of global turnover — whichever is higher.
Active April 2025. Law requires 'double anonymity'. Pornhub geo-blocked France rather than comply. Veritas is designed to align with this requirement, subject to regulatory interpretation.
June 2025: SCOTUS upheld Texas HB 1181 (6-3). No clear federal safe harbor remains. FDA tobacco/vape January 2026. The regulatory direction is unambiguous.
Phase 2 March 2026: websites, social media, AI chatbots, device makers. Fines up to AUD 49.5M. Broadest scope of any jurisdiction on earth.
// Get Access
We're onboarding the first wave of operators. If you're facing a compliance deadline — reach out directly.
Talk to the team →