The Online Purchasing of Goods and Services (Age Verification) Bill is currently making its way through Parliament. If it becomes law it will require online retailers of age-restricted goods and services to verify the age of customers prior to making a sale of the goods or allowing access to the services.  

The objectives of the Bill are twofold. Research has shown that, increasingly, children are successfully buying age-restricted products, such as knives, alcohol or violent material, online. Using the Internet is an easy way for them to avoid the age checks usually carried out in a real world over the counter transaction. The Bill aims to protect children from the risks posed to them by being able to access these products. It also aims to leave retailers in no doubt that laws on the sale of age-restricted products apply equally to online trading.


The Bill requires all online retailers that sell age-restricted goods and services to take ‘all reasonable steps’ to verify that the person purchasing or otherwise obtaining access to those goods or services meets the requirements of the age restriction. Failure to do so will be a criminal offence triable in the magistrates’ courts and punishable by fine.  

It is not yet clear which age-restricted goods or services will be covered. The Government will specify what these are in subsequent legislation. It has the power, however, to extend the scope of the Bill to include goods or services that are not currently age-restricted but which the Government regards as potentially harmful to children. This could include, for example, the provision of certain social networking websites or chat rooms. The Bill has the potential, therefore, to apply to a significant number of online retailers.  


The Government is obliged to publish annual guidance on what action online retailers should take to comply with the Bill. How clear or useful this guidance will be remains to be seen. It appears, however, from the Parliamentary debates that the bar will be set quite high in terms of the age verification checks that online retailers must carry out. They must take not only reasonable steps to verify a customer’s age, but ‘all’ reasonable steps.  

Merely asking a customer to verify their age by ticking a box or providing credit card details will not be enough to satisfy this requirement. Online retailers are likely to have to implement a more sophisticated technical solution similar to those used by the providers of online gaming services. This would involve working with a specialist verification services organisation who will cross check personal data entered by the customer with that held on existing databases such as the electoral roll, phone directory and passport and DVLA registers. This is unlikely to disrupt the nature and speed of an online transaction as customers will enter much of this data anyway and the cross checking can be carried out quickly. However, online retailers must be prepared to incur the additional costs involved in buying in these services and implementing adequate data capture software (if they do not already have it). Online retailers will also need to ensure that all customer personal data is handled strictly in accordance with data protection laws. They must have systems in place to hold the data securely. As data can only be used for the purposes for which it is collected, it may also be necessary to implement secure means of destroying data after it has been used for age verification.  

Even sophisticated verification systems can be circumvented by a child who simply assumes the identity of an adult and lies about their age. However, the Bill does not go so far as to require online retailers to verify that their customer is who they claim to be.


The Bill will bring English law into line with that of other countries, both within and outside Europe, that already have similar measures in place, including Germany, Canada and Australia.  

In the USA, the Child Online Protection Act 1998 (COPA) required website operators to take steps to prevent children accessing ‘harmful material’ on their site, but this legislation has since been declared unconstitutional and unenforceable. The subsequent Children’s Online Privacy Protection Act 2001 (COPPA), which is still in force, requires websites aimed at or otherwise accessed by children under 13 years of age and collecting personal data from them to obtain parental consent before collecting, using or disclosing that data. The focus of COPPA is child privacy rather than restricting access by age to unsuitable goods or services. Sites required to comply with COPPA are, however, having to grapple with the question of age verification in order to establish whether their obligations under COPPA apply to any given individual wishing to access their site.  


The Bill was introduced into Parliament as a Private Member’s Bill. These Bills receive very little Parliamentary time and are notorious for never making it onto the statute books. It is by no means certain, therefore, that this Bill will become law or be enacted in its current form. We will know more about these issues in mid-October when the Bill is due to be debated again in the Commons. Even if this particular Bill does not become law, it is unlikely that the lobby for online age verification will be discouraged and this issue is likely to raise its head again sooner rather than later. Online retailers are advised to be prepared for this inevitable development in online trading.