France’s Loi SREN (2024) created the most privacy-focused age verification standard in the world. Since April 2025, credit cards are no longer accepted as an age verification method for adult content sites. ARCOM — France’s audiovisual and digital communications regulator — can block non-compliant sites within 48 hours. And the centerpiece requirement, double anonymity, eliminates most conventional verification approaches.
Xident’s architecture wasn’t adapted for France’s standard. It was built this way from the start. Here’s why.
What Is Double Anonymity?
France’s standard introduces a concept unique among age verification regulations: double anonymity. It imposes two simultaneous privacy guarantees:
- The verifier must not know which site the user visits. The age verification provider cannot track which platforms a user accesses.
- The site must not know the user’s identity. The platform requesting verification cannot learn anything about the user beyond whether they meet the age requirement.
This is architecturally demanding. Most age verification systems operate as a trusted third party sitting between the user and the platform. The platform sends the user to the verification provider, which checks their age and reports back. In this model, the provider inherently knows both the user’s identity and which platform they’re visiting — violating both prongs of double anonymity.
ARCOM also requires that the verification method be accessible to at least 80% of the French adult population, effectively ruling out solutions that require specialized hardware or apps.
How Xident Satisfies Double Anonymity
Xident’s architecture satisfies double anonymity not through workarounds but through its fundamental design:
The Verifier Doesn’t Know Which Site
When Xident’s verification widget runs on a platform, the age estimation happens entirely client-side. The user’s browser loads the ONNX model and processes the camera feed locally. No server-side request is made during the ML fast path (Path A).
For the ML-based verification path, Xident’s servers are never contacted with information about which site the user is visiting. The model runs in the browser. The result stays in the browser. The platform receives a cryptographic token confirming the result — but Xident as the SDK provider doesn’t see that exchange.
The Site Doesn’t Know the User’s Identity
The platform integrating Xident receives only a pass/fail token. It never sees:
- The user’s face
- The user’s estimated age
- Any biometric data
- Any identifying information
For Xident account holders (Path D), the platform receives a verification token that confirms the user meets the age threshold. The token reveals an age bracket — not an identity, not a face, not a date of birth.
This is double anonymity by architecture, not by policy. The data separation isn’t enforced by terms of service — it’s enforced by the fact that the data never exists in the wrong place.
Liveness Detection Against Deepfakes
ARCOM explicitly requires protection against “attacks regardless of their degree of sophistication (such as deepfakes).” This is one of the most forward-looking requirements in any jurisdiction.
Xident’s liveness detection system addresses this directly:
- Active head movement challenges: Users must perform randomized head poses (turn left, turn right, nod up, nod down). The specific sequence is cryptographically signed and unique per session. Pre-recorded videos cannot anticipate the random challenge order.
- Face mesh analysis: MediaPipe face mesh runs client-side to analyze 468 facial landmarks in real-time. This detects flat images, screen artifacts, and unnatural depth patterns that indicate a presented image.
- Anti-spoofing scoring: Multiple signals — texture analysis, lighting consistency, depth estimation — are combined into a spoofing probability score. The system rejects attempts that exceed the threshold.
- 5-minute expiry: Each challenge is HMAC-SHA256 signed with a 5-minute time window. Even if an attacker captures a valid challenge, it cannot be replayed after expiry.
All of this runs in the browser. No face data is sent to a server for liveness analysis — eliminating the attack vector of intercepting biometric data in transit.
Non-Discrimination: ML Fairness
ARCOM requires that age verification systems avoid bias from ML training. This is a critical requirement — facial analysis systems have historically shown varying performance across skin tones and ethnicities.
Xident addresses non-discrimination through:
- Diverse training datasets: The model is trained on faces spanning multiple geographic populations, ethnicities, and skin tones to prevent demographic bias.
- Per-group evaluation: During model evaluation, FPR and FRR are computed separately for each demographic group. Performance disparities are flagged and addressed before deployment.
- Ongoing monitoring: As the model encounters real-world usage patterns, demographic performance is tracked to catch any drift or emerging biases.
The evaluation methodology — implemented in our evaluation scripts — explicitly breaks down accuracy metrics by age group, sex, and ethnicity to ensure equitable performance.
The Two-Method Requirement
ARCOM requires platforms to offer at least two verification methods. This prevents platforms from relying on a single approach that might exclude certain users.
Xident provides exactly this:
- ML-based facial age estimation (Path A): Client-side ONNX inference estimates whether the user appears to be above the age threshold. Works on any device with a camera and a modern browser.
- Document OCR verification (Path B): Users upload a government-issued ID. Server-side OCR extracts the date of birth, and face matching confirms the document belongs to the user presenting it.
Path A handles approximately 89% of adult users on the first attempt. Path B catches the remaining 11% who don’t pass the ML threshold. Together, they satisfy ARCOM’s two-method requirement while providing a seamless user experience.
Xident’s Technical Profile vs. ARCOM Requirements
| Requirement | ARCOM Standard | Xident |
|---|---|---|
| FPR (ages 13–17) | “Reliable” (inferred <2%) | 0.03% |
| Double anonymity | Required | Built-in (client-side architecture) |
| Liveness / anti-deepfake | Required (sophisticated attacks) | Active liveness + face mesh + anti-spoofing |
| Non-discrimination | Required | Demographic monitoring per group |
| Multiple methods | ≥2 required | ML age estimation + document OCR |
| Accessibility | 80% of adult population | Any device with camera + browser |
| Credit card verification | Banned since April 2025 | Not used |
The “reliable” FPR standard in France doesn’t specify an exact number, but industry interpretation based on comparative analysis suggests a threshold around 2%. Xident’s 0.03% exceeds this by approximately 67x.
The Penalty Landscape
ARCOM’s enforcement powers include:
- Fines up to €150,000 or 2% of global turnover for first offenses
- Up to €300,000 or 4% of global turnover for repeat offenses
- ISP blocking within 48 hours of a blocking order
- Formal notices have already been sent to major platforms
ARCOM has demonstrated willingness to act. Formal notices have been sent to adult content platforms, and the 48-hour blocking mechanism creates urgency that few other jurisdictions match. A site can go from operational to blocked in France within two business days.
Privacy as Architecture, Not Policy
What makes Xident uniquely suited for the French standard is that its privacy guarantees are architectural, not procedural.
Many age verification providers promise privacy through policies: “We won’t share your data. We’ll delete it after processing. Trust us.” France’s double anonymity standard was designed to move beyond trust-based privacy. It demands that the system architecture itself prevents data leakage.
Xident’s client-side processing model achieves this. Face data processed in the browser literally cannot leak to a server — there’s no request to intercept, no database to breach, no logs to subpoena. The platform receives a token. Xident receives usage metrics (without identifying information). The face image exists only in browser memory and is released when the session ends.
This isn’t privacy by policy. It’s privacy by architecture.
Conclusion
France’s ARCOM standard is the most privacy-focused age verification framework in the world. Double anonymity, anti-deepfake liveness detection, non-discrimination, and multi-method requirements create a compliance bar that eliminates most conventional approaches.
Xident was architecturally designed to meet this bar. Client-side inference delivers double anonymity by default. Active liveness detection resists sophisticated attacks. Diverse training data and demographic monitoring address non-discrimination. And the combination of ML age estimation with document OCR satisfies the two-method requirement.
At 0.03% FPR, Xident doesn’t just meet France’s “reliable” standard — it exceeds it by an order of magnitude.
Need ARCOM-compliant age verification? Join the waitlist to get early access when we launch.
I just have new insights When a user fails with retries remaining, they should be able to retry directly inside verify.xident.io (“Try Again” button on failure screen), or leave button to sent back to the member’s site first
