- Recital 71, which vaguely suggests minors' privacy and security should be extra-protected, but says that services shouldn't process extra personal data to identify them.
- Article 28, which says that platforms should provide a high level of "privacy, safety, and security of minors", again without processing extra personal data to identify them. It also says that the Commision may "issue guidelines", but says nothing suggesting age verification should be implemented.
- Article 35, which says that "large online platforms" should maybe implement age verification.
Furthermore, recital 57 says that the regulations for online platforms shouldn't apply to micro/small enterprises (which has a definition somewhere). All together, I don't see anything suggesting that anyone but the largest online services is being forced to implement age verification right now.
Judging by various posts by the Commision I've seen online, they're certainly pushing for the situation to be seen this way, but de iure, that's currently not happening.
EDIT: I found the guidelines mentioned [0], and a nice commentary on the age verification parts [1].
[0]: https://digital-strategy.ec.europa.eu/en/library/commission-... [1]: https://dsa-observatory.eu/2025/07/31/do-the-dsa-guidelines-...
If implemented according to plan, things like ID cards, drivers' licenses, diplomas, train tickets, and even payment control can be handled within such apps entirely digitally. Aside from age verification, with attribute based authentication you can prove digitally that you're permitted to drive a certain vehicle without revealing your social security number (equivalent).
A healthy dose of cynicism would make clear that the moment such optional infrastructure is rolled out, new legislation can be drafted to "save on expenses" by enforcing this digital model and "protect the kids/fight the terrorists" by forcing age verification on more businesses.