European Digital Identity Framework (eIDAS2) in practice – conference report

On 28 May, the Personal Data Protection Office hosted a conference organised by the Office in cooperation with the Social Expert Team advising the President of the Office, entitled "European Digital Identity Framework (eIDAS2) in practice. Digital identity and age verification in the service of protecting children and young people." The event was held under the patronage of the Ombudsman for Children. The discussions that unfolded during the conference demonstrated that the safety challenges faced by children and young people online require action at multiple levels.

Opening the conference, the President of the Personal Data Protection Office, Mirosław Wróblewski, emphasised that the internet should today be seen as a tool which, on the one hand, helps young people build relationships, acquire knowledge and explore the world, and on the other, constitutes a space full of risks and traps, including cyberbullying, deepfakes and commercial manipulation.

In President Wróblewski's view, the safety of children and young people could be improved through age verification required when accessing digital platforms, but - as he stressed - this must not come at the expense of users' privacy.

"In this context, eIDAS2 appears crucial - enabling the confirmation of a user's age without disclosing their identity," stated the President of the Personal Data Protection Office.

He added that the European Data Protection Board, in its 2025 statement, explained that digital systems should reconcile their functionality with the protection of personal data. The European Commission likewise points to safe and well-designed methods of online age verification.

President Wróblewski also defined the role of the Office in this area: "The role of the Personal Data Protection Office is to remind that human development also depends on safety online, with respect for children's rights and with respect for the GDPR." He recalled that, as a supervisory authority, the Office performs its role in close cooperation with the Ministry of Digital Affairs.

Katarzyna Lubnauer, Secretary of State at the Ministry of National Education, stressed during her address that the protection of children is fundamental, and that subjects such as health education make this possible (this subject will become compulsory from September 2026). She also noted that smartphones and tablets will soon no longer be permitted in primary schools.

She added that the Ministry's aim is also to restrict access to social media until a certain age, although recent developments in Australia show that similar measures there have not been as successful as expected.

Michał Gramatyka, Secretary of State at the Ministry of Digital Affairs, informed participants that the Standing Committee of the Council of Ministers had approved a draft act on protecting minors from access to pornographic content. He also explained that eIDAS2 is designed so that any attribute can confirm a user's age without revealing their personal data. However, he added that solutions based on biometric verification methods have so far proved ineffective.

Joanna Napierała, Chair of the State Commission for Counteracting the Sexual Exploitation of Minors under 15, noted that the body she leads works preventively to protect children and is involved, among other things, in developing the content of the health education curriculum. She stressed, however, that she is receiving an increasing number of alarming reports indicating that pornographic websites are being visited more frequently by minors, which will most likely require more decisive action from all state authorities.

Katarzyna Hernandez, Director of the Digital Education and Online Safety Team at the Office of the Ombudsman for Children, explained that in the context of age verification it is worth mentioning plans to restrict children's access to social media (following the example of countries such as Australia), but the difficulty lies in the practical implementation of such measures. She added that for the European Digital Identity Wallet to function effectively, public education is essential.

In the next part of the conference, Mirosław Gumularz, PhD, Chair of the Social Expert Team advising the President of the Personal Data Protection Office, delivered an introductory lecture. He emphasised that protecting children must not weaken the privacy protection of other users, and that both aspects must be considered. He also noted that it is both interesting and beneficial that the safety of children and young people in the digital sphere has become one of the core subjects of EU legal regulation, whereas previously it was treated as a secondary issue in the EU agenda.

Gumularz explained that age verification should not be confused with identity verification; these are two distinct elements. He also highlighted the importance of Article 8 of the GDPR, concerning consent for data processing, and Article 28 of the Digital Services Act (DSA), which focuses on the protection of minors.

The Chair of the Social Expert Team also presented findings from UK research showing that 46% of minors believe that bypassing online restrictions and blocks does not pose much difficulty.

In first panel "eIDAS2 and its significance for personal data protection" participants included: Aleksandra Kacała-Szwarczyńska from the Ministry of Digital Affairs, Monika Krasińska - Director of the Law and New Technologies Department at the Personal Data Protection Office, Ewelina Żak from the Office of Electronic Communications, and Mateusz Kupiec, PhD from the Institute of Legal Sciences of the Polish Academy of Sciences. The discussion was moderated by Piotr Drobek, Director of the Innovation and Data Management Department at the Personal Data Protection Office.

The discussion focused on the significance of the eIDAS2 Regulation for personal data protection and the challenges associated with its implementation. Participants highlighted the need to adapt national regulations to the new European digital identity framework, to build trust in the European Digital Identity Wallet, and to ensure that new solutions comply with personal data protection principles. They also stressed the importance of effective age verification while respecting users' privacy.

In second panel "Age-verification technologies - implementations, challenges and future standards" participants included Urszula Góral, PhD from Meta Platforms, Jagoda Zakrzewska from Google Poland, Magdalena Krzymowska-Witkowska, PhD from the Ministry of Digital Affairs, Remigiusz Lewandowski, PhD from the Polish Security Printing Works (PWPW SA), and Prof. Mariusz Krzysztofek, lawyer and member of the Social Expert Team advising the President of the Personal Data Protection Office. The panel was moderated by Tomasz Izydorczyk, member of the Social Expert Team.

The discussion addressed the technical and organisational aspects of age verification in the digital environment. Participants examined the possibilities offered by new identification solutions, including selective data disclosure and the use of the European Digital Identity Wallet. They also discussed the effectiveness of various age-verification methods, the potential role of biometric tools, and the need to develop common standards and solutions at the European level.

In third panel "Children's online safety - social, educational and parental perspectives", moderated by Karol Witowski, spokesperson of the Personal Data Protection Office, featured Katarzyna Staciwa from the State Commission for Counteracting the Sexual Exploitation of Minors under 15, Katarzyna Szymielewicz, President of the Panoptykon Foundation, and Joanna Napierała, Chair of the State Commission.

The panel focused on the social aspects of protecting children online. Speakers highlighted the scale of risks faced by young internet users and the need for more decisive action from the state, online platforms and public institutions. They emphasised the importance of digital education, parental support and effective responses to cases of online child abuse. The discussion also pointed to the need for systemic solutions that would enable more effective protection of the youngest internet users.

The conference demonstrated that effective protection of children and young people in the digital environment requires cooperation between public administration, regulators, academia, civil society organisations and the technology sector. It was clearly stated that the development of age-verification tools must go hand in hand with respect for privacy and fundamental rights. The conference provided a platform for exchanging experiences and views on the challenges associated with implementing the European Digital Identity Framework and building a safer internet for children and young people.

Personal Data Protection Office's seminar on the European Digital Identity Framework

We invite you to watch the conference recordings here

Opening of the conference "European Digital Identity Framework (eIDAS2) in practice. Digital identity and age verification in the service of protecting children and young people."

Introductory lecture by Mirosław Gumularz, Chair of the Social Expert Team advising the President of the Personal Data Protection Office.

Panel I (Legal Perspective) entitled "eIDAS2 and its significance for personal data protection", with the following participants: Aleksandra Kacała-Szwarczyńska from the Ministry of Digital Affairs, Monika Krasińska - Director of the Law and New Technologies Department at the Personal Data Protection Office, Ewelina Żak from the Office of Electronic Communications, and Mateusz Kupiec, PhD from the Institute of Legal Sciences of the Polish Academy of Sciences. The discussion was moderated by Piotr Drobek, Director of the Innovation and Data Management Department at the Personal Data Protection Office.

Panel II (Practitioners and Technology) entitled "Age-verification technologies - implementations, challenges and future standards", with the following participants: Urszula Góral, PhD from Meta Platforms, Jagoda Zakrzewska from Google Poland, Magdalena Krzymowska-Witkowska, PhD from the Ministry of Digital Affairs, Remigiusz Lewandowski, PhD from the Polish Security Printing Works (PWPW SA), and Prof. Mariusz Krzysztofek, lawyer and member of the Social Expert Team advising the President of the Personal Data Protection Office. The panel was moderated by Tomasz Izydorczyk, member of the Social Expert Team advising the President of the Personal Data Protection Office.

Panel III (Social Context) entitled "Children's online safety - social, educational and parental perspectives", moderated by Karol Witowski, spokesperson of the Personal Data Protection Office, with the following participants: Katarzyna Staciwa from the State Commission for Counteracting the Sexual Exploitation of Minors under 15, Katarzyna Szymielewicz, President of the Panoptykon Foundation, and Joanna Napierała, Chair of the State Commission for Counteracting the Sexual Exploitation of Minors under 15.

Address by Benjamin Hayes, Ambassador of Australia

Address by Tom Sulston, Head of Policy at Digital Rights Watch