BSIS0/IEC27566-1:2025 BSl Standards Publication Information security, cybersecurity and privacy protection Age assurance systems Part 1: Framework bsi. BSIS0/IEC27566-1:2025 BRITISH STANDARD National foreword This British Standard is theUK implementation of IS0/IEC 27566-1:2025. The UK participation in its preparation was entrusted to Technical Committee IST/33/5/5,Age Assurance Standards. A list of organizations represented on this committee can be obtained on request to its committee manager. Contractualandlegalconsiderations This publication has been prepared in good faith, however no representation,warranty,assurance or undertaking (express or implied) is or will bemade,and no responsibility or liability is or will be reasonableness of this publication. All and any such responsibility and liability is expresslydisclaimedto thefull extent permitted bythelaw. This publication is provided as is, and is to be used at the recipient's own risk. The recipient is advised to consider seeking professional guidance with respect to its use of this publication. Thispublication is not intendedto constitutea contract.Users are responsible for its correctapplication. TheBritish Standards Institution 2025 Published byBSI Standards Limited 2025 ISBN9780539304381 ICS 35.030 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under theauthority of the StandardsPolicyandStrategyCommitteeon31December2025. Amendments/corrigenda issued sincepublication Date Text affected BSIS0/IEC27566-1:2025 IEC International ISO Standard IS0/IEC27566-1 Information security, cybersecurity First edition and privacy protection Age 2025-12 assurance systems - Part 1: Framework Sécurité de I'information, cybersécurite et protection de la vie privee-SystemesdecontroledeI'age- Partie 1: Cadre de travail Referencenumber ISO/IEC27566-1:2025(en) ?ISO/IEC2025 BSISO/IEC27566-1:2025 IS0/IEC27566-1:2025(en) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2025 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 40i: Ch. de Blandonnet 8 CH-1214 Vernier,Geneva Phone: +41 22 749 01 11 Email: [email protected] Website: www.iso.org Published in Switzerland @IS0/IEC 2025-All rights reserved i BSISO/IEC27566-1:2025 IS0/IEC27566-1:2025(en) Contents Page Foreword. Introduction .vi 1 Scope. .1 2 Normative references .1 3 Terms and definitions .1 3.1 Terms relating to age assurance 3.2 Terms relating to actors and parties .3 3.3 Termsrelatingtodataandprocesses 1 4 Overview of age assurance. 4.1 Age. .7 4.2 Characteristicsofageassurancesystems 4.3 Age assurance methods. .8 4.3.1 Overview of age assurance methods .8 4.3.2 Age verification methods. .8 4.3.3 Ageestimationmethods. .9 4.3.4 ..10 Age inference methods 4.3.5 Successive validation. .10 4.4 Stakeholders ..10 4.4.1 General ..10 4.4.2 Policy makers. .10 4.4.3 Consumerprotection agencies ..11 4.4.4 Sector associations. .11 5 Functional characteristics 11 5.1 Age assurance systems ..11 5.1.1 General .11 5.1.2 Ageassuranceproviders ..11 5.1.3 Intermediaries. .12 5.2 Data acquisition for age assurance components ..12 5.2.1 Sources of data .12 5.2.2 Primary and secondary credentials 12 5.2.3 Date transposition errors. .13 5.3 Binding of age assurance result to the correct individual 13 5.3.1 Binding characteristics .13 5.3.2Approaches to binding 13 5.4 Ageassurance data processing .14 5.5 Configuration management. ..14 5.6 Contextinuse .15 5.7 Delivery of age assurance result ..15 6 Performancecharacteristics 15 6.1 Performance effectiveness. 15 6.1.1 General.. .15 6.1.2 Effect