The Brazilian regulators are moving quickly to expand on and clarify the requirements for online platforms. Late last year, the Brazilian National Data Protection Agency (ANPD) released its “Technology Radar No. 5” focused on age assurance mechanisms, and on March 18 of this year, President Luiz Inácio Lula da Silva signed a Presidential Decree 18 that further clarifies and expands on companies’ obligations under the Digital Statute of the Child and Adolescent (ECA Digital). These resources provide a crucial window into how regulators are thinking about the intersection of youth safety, privacy, and technology.

For those of us building the infrastructure for the age-adaptive internet, the guidance from the ANPD and the new Presidential Decree  are not just encouraging; they are a profound validation of the direction the industry must take. These legislative developments make clear: the era of fragmented, privacy-invasive verification is ending, and the future belongs to interoperable, privacy-preserving age assurance.

Here are the key takeaways from the ANPD report and what they mean for digital operators globally.

‍

1. The End of Self-Declaration

The ANPD report and Presidential Decree are unequivocal: where children have the potential to be exposed to prohibited content, self-declaration is no longer sufficient as a standalone age assurance mechanism. This aligns perfectly with the requirements of ECA Digital, which prohibits self-declaration for services offering inappropriate content.

For years, k-ID has argued that simple “I am over 18” age gates are obsolete. They offer little protection and are easily bypassed. The ANPD's stance confirms that operators must move towards robust, multi-method orchestration. The challenge is no longer whether to verify age, but how to do so proportionately and effectively across diverse user bases without compromising users’ privacy and security, and without introducing unnecessary friction. This is precisely why we built AgeKit+ to provide the dynamic orchestration needed to replace outdated self-declaration flows.

‍

2. The Generational Shift to Reusable Age Signals

Perhaps the most significant aspect of the ANPD Technological Radar is its "generational approach" to age assurance. The agency outlines an evolution from basic document checks to what it calls the 4th and 5th generations: interoperable architectures and advanced cryptographic tokens.

The report specifically highlights tokens that use zero-knowledge proofs (ZKPs) to attest only the age attribute (e.g., "over 18") without revealing the user's identity. This is in direct alignment with the architecture underpinning the OpenAge Initiative and AgeKeys.

The ANPD recognizes that the most secure and privacy-respecting way to handle age assurance is not to repeatedly verify identity, but to verify once and issue a reusable, privacy-preserving credential. This is the exact ecosystem OpenAge is building alongside partners like Meta, Socure, and leading civil society organizations like the Free Speech Coalition.

‍

3. Privacy by Design and Data Minimization

The Brazilian Regulators strongly  emphasize privacy by design, data minimization, and the principle of proportionality. The report rightly warns against the risks of document-based verification and biometric estimation if not implemented with strict privacy safeguards.

At k-ID, these principles are foundational. . As an orchestrator of age assurance providers, we require strict data minimization from all our partners and prioritize on-device solutions wherever possible. By utilizing AgeKeys, which store the outcome of a verification rather than the underlying personal data, operators can meet the ANPD's rigorous privacy expectations while still ensuring a safe environment for their users. The double-anonymity architecture underpinning AgeKeys ensures that we can facilitate compliance without collecting unnecessary data.

‍

4. The Imperative of Interoperability

Finally, the report references international efforts like the Australian Age Assurance Technology Trial (AATT) and the Global Age Assurance Standards Summit, highlighting the critical need for interoperability across devices, operating systems, browsers, and platforms.

Fragmentation is the enemy of both security and user experience. The OpenAge Initiative was founded on the belief that age assurance must be a shared, interoperable infrastructure. The ANPD's recognition of this need further cements OpenAge's role as the neutral governance body providing the open protocols required to make this a reality.

‍

Operationalizing Compliance

The ANPD has provided a strong theoretical framework and clear regulatory expectations. However, the real challenge for operators isn't just understanding the law; it's operationalizing compliance at scale.

Translating complex regulatory signals into age-adaptive product experiences requires sophisticated infrastructure. That is the core mission of k-ID. Through our Compliance Development Kit (CDK) and neimo, we provide the tools necessary to navigate this evolving landscape confidently.

The ANPD's Technology Radar No. 5 is a landmark document. It shows that Brazilian regulators possess a sophisticated understanding of the technological landscape and are demanding solutions that protect both youth safety and fundamental privacy rights. At k-ID and the OpenAge Initiative, we are proud to be building the exact infrastructure the ANPD envisions. The future of age assurance is here, and it is interoperable, private, and secure.

‍

The report can be downloaded in English by clicking on this link.

‍