Apple’s latest iPhone update in the United Kingdom introduces a new requirement: some users must now confirm they are over 18 to access certain features (https://support.apple.com/en-gb/126788), using a credit card or government-issued ID.

The change follows pressure from regulators under the Online Safety Act (https://www.engadget.com/big-tech/uk-internet-watchdog-gives-social-media-companies-three-months-to-improve-safety-or-face-huge-fines-130018908.html) to strengthen child safety protections online. Until now, those efforts have focused largely on websites, where age checks are applied unevenly and often easy to bypass. 

Apple’s approach moves age verification into the operating system itself, meaning the device can determine access before a user reaches an app or service. 

It’s worth noting that Apple is not required to implement such measures under the Online Safety Act, which does not apply to app stores or hardware manufacturers (unlike its Advanced Data Protection feature, which provides optional end-to-end encryption (https://proton.me/security/end-to-end-encryption) for data stored in iCloud, and which it recently removed for UK customers (https://proton.me/blog/apple-ends-adp-in-uk)).

These shifts increasingly tie access to identity, moving the internet closer to a system where participation depends on who you are.

Similar proposals are emerging elsewhere. In the United States, California has passed a law requiring operating systems to collect age information and share it with apps, while lawmakers in other states are considering similar measures. 

Age verification moves to the operating system

Under the update, users can confirm their age by linking a credit card or scanning a government-issued ID. Those who do not verify may see content restrictions applied automatically.

The policy follows a broader push from UK regulators to limit children’s exposure to harmful content online. Many websites have already introduced age checks in response. Apple’s decision goes further. The Online Safety Act does not require age verification at the operating system or app store level.

Age checks have long existed online, but they have often been easy to avoid. Moving verification to the operating system changes that dynamic. Instead of each website checking age independently, the operating system can determine a user’s age once and share that signal across apps. 

The method of age verification also matters. A government ID or a credit card creates a durable connection between a user’s identity and their device. Once that connection exists, it does not need to be re-established. The system can rely on it in the background.

Access to information and services increasingly tied to identity

A system that confirms age can be adapted to confirm other attributes tied to identity. Location and nationality are among the most obvious. This has implications for how access is managed across borders.

The internet still operates with many inconsistencies. Some users are able to access services outside their region or download apps that are not officially available where they live. These gaps persist because identity is not consistently enforced at the system level.

When identity becomes part of the access layer, those inconsistencies narrow. A device that can verify who a user is can also be used to determine what they are permitted to access based on where they are from.

What this means beyond the UK

For most users, confirming their age will be a minor inconvenience. The longer-term effects, however, are less visible.

When access to apps and services depends on verified identity, enforcement becomes more uniform. Restrictions can be applied with greater consistency and less reliance on individual platforms.