Age verification in France: Arcom requirements, double-blind privacy, and how to comply in 2025

Key takeaways (TL;DR)
 

In France, Arcom requires at least two age-verification methods available to users, with at least one operating under a double-blind model.

Verification must be independent of the platform, enforce per-session proofs, and include anti-spoofing/liveness controls.

The obligation applies to any service accessible from France that controls access to pornographic content.

For UX and conversion, offer a clear choice between age estimation and ID document, plus a fallback for borderline cases.

Age verification in France has become a fundamental requirement for any company that offers pornographic content and is accessible from French territory. Under the SREN Law and the operational standard set by Arcom, the country has imposed a model centered on double-blind privacy, independent third parties, and data minimization. The business challenge is clear: comply without destroying conversion or user experience.

If you’re in compliance or product and you operate (or plan to operate) in the French market, here you’ll find what the rules require, who’s covered, and which methods work, such as Didit’s age estimation—a low-friction solution with document-backed fallback.

What the SREN Law and Arcom’s standard require

France has several laws to protect the digital space. The most recent is the SREN Law (Loi n.º 2024-449, May 21, 2024), which enables age-verification obligations and grants Arcom enforcement powers (notices, fines, blocking, and de-indexing) when violations of Article 227-24 of the Penal Code persist, prohibiting exposing minors to pornography.

As the competent authority, Arcom publishes the technical referential with compliance requirements and the sanction procedure. The official document is available on its site: Technical guidelines on age verification.

Timeline, deadlines, and transition period: key dates

France moved from warnings and pilots to effective enforcement in 2025. Arcom’s referential was published on October 11, 2024, with 3 months to operate in conformity (until January 11, 2025) and an additional 3-month transition allowing limited card-based checks (until April 11, 2025).

Key dates:

• April 11, 2024. Arcom releases the draft referential with minimum requirements, double-blind privacy, and a temporary card option.
• May 21, 2024. The SREN Law is promulgated, enabling the current framework and Arcom’s enforcement powers.
• October 11, 2024. Arcom publishes the final technical standard.
• January 11, 2025. From this date, services must operate with a compliant age-verification flow.
• April 11, 2025. From this date, robust methods are required, with at least one double-blind option.
• August 2025. During August, Arcom initiates the first formal enforcement actions and communicates further rollouts for verification schemes.

This means that if you operate in France (or plan to) from January 2025 onward, you must implement an operational age-verification system.

Technical principles: reliability, independence, double-blind privacy, and data minimization

The French age-verification standard rests on four pillars:

• Reliability and non-discrimination. The age-check method must be technically sound and work consistently across the user base.
• Verifier independence. Age checks must be performed by a third party that does not share identifiable information about individuals with the platform.
• Double-blind privacy. The verifier must not know which site the person is accessing, and the site must not learn the person’s identity.

• Minimization and no retention. Only strictly necessary data is processed, with no storage beyond what’s required to perform the check.

  In addition, the double-blind method must be available to the vast majority of adults (reference ≈80% coverage), avoiding bias and exclusion.

Scope: who must comply and what counts as “pornographic content”

The rules apply to any service accessible from France that offers pornographic content under its control, regardless of hosting country or business model. The obligation is triggered when the service facilitates access to pornographic material and manages that access.

Who must comply?

• Adult sites and platforms (UGC or editorial) that host or distribute pornography.
• Audiovisual services with editorial responsibility over pornographic content.
• Mixed platforms with 18+ sections or explicit categories.

How to decide if it applies to your business

• UGC with moderation or monetization → High regulatory risk.
• Marketplaces or aggregators that host, embed, or systematically redirect to pornography → Must verify user age.
• Communities and forums that index or directly facilitate access to explicit material → Comparable to controlled services.

Accepted methods and user experience

To comply with Arcom without killing conversion, platforms must offer users at least two distinct age-verification methods—with at least one operating under double-blind privacy—and pair them with a fallback plan to resolve borderline cases.

This approach reduces friction, lifts completion rate, and strengthens privacy.

Effective methods:

• Age estimation with biometrics and liveness detection (see our article on liveness detection and fraud prevention).
• Document verification (with biometrics: 1:1 Face Match and liveness) to confirm date of birth.
• Reusable credentials (e.g., identity wallets) to minimize friction on repeat access and preserve privacy.

Compliance and enforcement: fines, blocking, and de-indexing

In France, non-compliance triggers an accelerated Arcom process: a formal notice in ~15 days (mise en demeure), turnover-based fines, and—if the violation persists—ISP blocking and de-indexing within 48 hours. In August 2025, Arcom issued formal notices and reported subsequent adoptions by several services.

Fines for non-compliance

• Base tier: up to €150,000 or 2% of global turnover (whichever is higher).
• Aggravated tier: up to €250,000 or 4% of global turnover if non-compliance continues after the first notice.
• Repeat offenses: up to €500,000 or 6% of global turnover.
• Intermediaries: operators that fail to execute orders (e.g., ISPs or search engines) can also be sanctioned.

Didit age estimation: compliant age checks with conversion-friendly UX

Didit Age Estimation enables platforms with 18+ content in France to comply with Arcom’s standard and the SREN Law through a fast, private, and scalable verification. Majority age is verified with a selfie analyzed by AI and liveness detection to prevent fraud—delivering low-friction UX built for conversion.

The system supports adaptive flows: when the estimate falls into a gray zone, it automatically triggers a document-verification fallback (with biometrics) to confirm age precisely. This lets platforms comply for age-gated (18+) products, prioritize privacy, and reduce drop-off.

See all technical details in our Age Estimation documentation.

Key benefits for platforms operating in France

• Two low-friction methods. Didit lets you operate with age estimation (no documents, enhanced privacy) or document verification (which also acts as fallback for gray zones), aligning with age-verification frameworks.
• Conversion-optimized UX. Instant approval when the estimate is clearly above the threshold; borderline cases flow into document fallback without breaking the journey.
• Privacy by design. Verification without documents or storage of sensitive data, improving acceptance and reducing friction.
• Fast integration. In just minutes, any platform can launch its age-verification flow via verification links (No-Code) or APIs for greater flexibility.

Conclusion: privacy, compliance, and low friction

The French framework cements a standard for minor protection that’s compatible with adult privacy. For companies, the key is adopting solutions that deliver double-blind privacy, independence, and data minimization, optimizing conversion with low-friction methods. Didit Age Estimation strikes a proven balance between Arcom compliance and UX, with document verification as a fallback to close the flow even in borderline cases.