South Korea’s Approach to Age Assurance
Seungmin (Helen) Lee, Michelle J. Lee / Mar 19, 2025
Photo by Daniel Bernard on Unsplash
In recent years, Western governments have been introducing age assurance measures to enhance online safety for minors. In 2024, Australia passed a ban on children under 16 from creating social media accounts, and the European Union (EU) proposed a digital identity regulation known as Electronic Identification, Authentication, and Trust Services (eIDAS) 2.0 or Regulation (EU) 2024/1183. EIDAS 2.0 includes the European Digital Identity Wallet (EUDIW)–a secure digital application with cryptography that enables EU citizens and residents to store, manage, and selectively disclose their digital identities and credentials. Several US states also passed laws requiring age verification for certain online content. At the national level, in 2024, the Kids Online Safety and Privacy Act (KOSPA)—which included a required study on the feasibility of age verification—passed the US Senate, though it did not get a vote in the House of Representatives.
American social media companies have also taken some voluntary measures to protect teen users. Meta implemented changes to Facebook and Instagram to reduce inappropriate interactions and content exposure for users under 18 and to pause notifications on minor accounts from 10 p.m. to 7 a.m. to promote healthy sleep patterns. TikTok also put safeguards for teen accounts in place, including limiting screen time and making accounts private by default. However, they have not adopted age assurance or verification requirements for users, instead using other measures like AI to identify both teen and underage accounts.
Yet, age assurance is a highly contested policy discussion in many countries, facing various criticisms and concerns. Verification methods like facial recognition, government ID checks, and behavioral analysis present inaccuracy problems, surveillance concerns, and excessive data collection risks. Storage of sensitive user data for verification increases the risk of breaches, fraud, and unauthorized access.
In the US, there is a concern among many that age verification could infringe on First Amendment rights by limiting minors’ access to certain types of information. Globally, the absence of standardized regulatory frameworks leads to inconsistent enforcement, with some countries imposing strict verification mandates while others lack clear guidelines. Another significant concern is the disproportionate burden on smaller platforms. Large tech companies can afford to develop and maintain robust verification systems to adhere to age assurance requirements, but smaller businesses and startups may struggle with compliance costs, potentially forcing them out of the market.
While governments debate options to implement age assurance while addressing the above concerns, South Korea has already enforced a nationwide identity verification system that encompasses age assurance. In 2016, South Korea became the first and only country to impose comprehensive adult verification restrictions on Netflix. Korean Netflix users are prompted to verify their age annually for access to adult-rated content (19+) by entering their name, gender, date of birth, mobile carrier, and phone number for a verification code. Specific verification methods provide differing levels of content access, with credit card verification granting access to all content, phone number verification allowing access to content rated 15+, and verification with a Korean social security number permitting access to 19+ content. South Korean online platform Naver also has a content age rating that categorizes content appropriate for all ages, teens, young adults, and mature users, and uses various verification methods such as government-issued IDs.
South Korea’s approach to age assurance differs from many Western governments’ more recent and debated efforts as it stems from a long history of government-led identity verification measures. To understand how Korea arrived at its current system, it is essential to examine how its policies evolved through regulatory responses to online safety, election security, and content control.
Korea’s Approach
South Korea’s online safety policy efforts arose in 2004 with election security. An amendment, Article 82-6, to the Public Official Election Act required online users to verify their real name by submitting their Resident Registration Numbers (RRNs)–the unique 13-digit number assigned to Korean citizens at birth–when posting information related to elections, political parties, and candidates. The amendment was later repealed for being unconstitutional, but it laid the foundation for a broader internet-wide identity verification system.
The government introduced an alternative method for identity verification because the collection and use of RRNs had led to identity theft and data breach risks. The 2006 Internet Personal Identification Number (i-PIN) system designated credit bureau companies–Korea Credit Bureau, National Information Credit Evaluation, and the SCI Information Service–as official i-PIN issuing organizations.
Along with the concerns of identity theft and data breach risks, the issue of increasing suicides due to cyberbullying and online slander, including the highly visible cyberbullying-induced suicide of Korean celebrity Cho Jin-sil, arose. Thus, the government introduced the Internet Real Name System (인터넷 실명제) in 2007, aimed at expanding the real name system across the internet to all websites with more than 100,000 visitors per day under Article 44(5) of the Act on Promotion of Information and Communication Network Utilization and Information Protection (ICN Act).
The Internet Real System only lasted five years and was repealed in 2012 when eight judges on the Constitutional Court overturned it for being ineffective, limiting freedom of speech, and increasing cybercrime and identity theft.
While identifying users and their age with the Real Name System disappeared in 2012, the government improved upon different identifiers. The i-PIN system evolved in 2010 into i-PIN 2.0 but was eventually deprecated in 2018 due to its usability challenges and low adoption. Despite its efforts to replace RRNs, i-PIN 2.0’s reliance on password-based authentication and additional security measures, such as CAPTCHA and ActiveX, made it inconvenient for users.
Due to continued concerns of privacy and data breach risks resulting from using sensitive identifiers, such as RRNs or passport numbers, the Personal Information Protection Act (PIPA) of 2011 banned the process without consent and explicit approval while allowing alternative methods to online identity verification. A year later, in 2012, the Amendment to ICN Act further restricted RRN usage to authentication agencies designated by governments to provide alternative ID numbers and qualified information and communications service providers. However, alternative methods, such as the deprecated I-PIN and public certificates, were insufficient substitutes due to technical barriers. Thus, the Korea Communications Commission (KCC) designated three mobile operators as identity verification agencies; this designation allowed phone numbers to be an alternative authentication method.
In 2017 the KCC added seven credit card companies as identity verification agencies as well, consequently allowing credit card numbers and mobile transactions to be included as alternate identification methods.
Difference with the West
The past 20 years of South Korean identity verification efforts highlight the differences in culture and policy from the West.
First, the cultural perspective toward privacy and individual rights differs significantly in the East from the West. Influenced by Confucian principles that emphasize collective harmony and state authority over individual autonomy, South Korea has historically placed greater trust in government-led regulatory measures. Unlike in the West, where privacy and civil liberties are often central to policy debates, Koreans have generally been more accepting of identity verification and state oversight in the interest of security and social order.
Second, South Korea started with extremely strict policies–the Real Name System–and gradually repealed them in response to concerns as they arose: When the i-PIN system posed adoption and technical risks, the government abolished the system; when the Internet Real Name System limited freedom of speech and increased cybercrime and identity theft, the Supreme Court ruled against the System; when using RRNs and passport numbers led to privacy and data breach risks, the 2011 PIPA moved to alternative authentication methods such as phone numbers and transaction details.
In the US, resistance to age assurance stems not only from concerns over privacy, free speech, and regulatory inconsistencies but also from a deeply rooted cultural emphasis on individual rights and autonomy. Unlike South Korea, US digital governance has favored minimal government intervention. The idea of mandatory identity verification—especially for minors—raises fears of government overreach.
This cultural divergence, along with the absence of federal data protections and a reliance on private-sector enforcement, makes implementing a centralized age assurance system in the US particularly challenging. As the West continues to debate age assurance and online identity verification, South Korea’s 20-year history of responding to arising risks offers a valuable point of reference for key differences in culture and policy.
Authors

