IEEE 2089.1 Certification

What is IEEE 2089.1?

IEEE 2089.1-2024 is the global standard for online age verification, developed by the IEEE Standards Association. It defines how age assurance systems — whether using age verification or age estimation — should be designed, tested, and deployed to deliver consistent, reliable, and privacy-respecting outcomes.

The standard covers not only the performance of the technology (e.g. accuracy, demographic parity, fraud resilience) but also the supporting processes such as privacy protection, data security, evidence management, and accountability structures.

Why it matters.

• Regulatory alignment: Demonstrates readiness for laws such as the UK Online Safety Act, EU Digital Services Act, Australian Online Safety reforms, and emerging US/KOSA initiatives.
• Trust and transparency: Builds confidence with platforms, regulators, and users that your system meets recognised benchmarks.
• Child-centred protection: Ensures systems balance effectiveness with proportionality, privacy, and rights-respecting safeguards.
• Competitive differentiation: Independent certification validates your claims and strengthens your market position.

ACCS’s Role & What We Do

The Age Check Certification Scheme (ACCS) has been accredited and appointed by IEEE SA to deliver the IEEE 2089.1 certification programme in the UK.

We support providers by:

• Explaining the standard and its requirements.
• Conducting independent audits of your solution.
• Issuing reports and certificates of conformity to successful systems.
• Maintaining a public registry of certified solutions.
• Facilitating transfer to IEEE’s ICAP programme for international recognition.

Key Elements of the Standard

• Levels of Confidence (LoCs): Four defined assurance levels, from entry-level assertions through to the highest confidence (“Highly Effective”), depending on evidence, resilience, and fraud mitigation.
• Accuracy & Performance: Systems must demonstrate measurable accuracy, demographic parity, repeatability, and reliability.
• Privacy & Data Protection: Strict requirements for minimisation, security controls, and privacy-preserving design.
• Fraud & Security Resilience: Resistance to spoofing, tampering, or injection attacks, with ongoing monitoring.
• Accountability & Governance: Clear roles, documented processes, and transparent evidence trails.
• Measurement & Evidence: Providers must maintain and present performance metrics, testing data, and policies for independent review.

Certification Process

IEEE 2089.1 Certification Journey

The certification follows a clear step-by-step journey:

• Sign-Up & Contract
  Complete application form and sanctions check. Sign the certification agreement and notify IEEE. Define your scope and TOE (technology under evaluation).
• Initial Invoice (50%)
  First payment covers planning, scheduling, and document review.
• Audit Dates Agreed
  Mutually convenient dates aligned with release cycles and auditor availability.
• Technical Testing
  Independent evaluation against IEEE 2089.1 metrics:
  • Accuracy, error rates, demographic parity
  • Reliability and repeatability
  • Privacy & data minimisation
  • Security controls & resilience
• Tailored Document Request List
  Examples: practice statements, privacy & security policies, design docs, performance evidence.
• Audit Phase
  Remote review of submitted evidence against the IEEE 2089.1 framework (Determination → Selection → Assurance → Categorisation).
• Report Writing & Review
  Detailed findings by the auditor, reviewed by an independent Certification Officer for final decision.
• Final Invoice (50%)
  Issued after audits are complete.
• Certification Issued
  You receive a Certificate of Conformity, listing in the ACCS public registry, and transfer for IEEE certification mark & ICAP listing.

Who should consider this certification?

• Start-ups seeking credibility to secure funding or clients.
• Component providers wanting to prove their technology independently of integrators.
• SMEs in the US and other regions without a regulatory mandate, needing early assurance to satisfy partners, investors, or risk teams.
• Global providers entering multiple jurisdictions who want a consistent international benchmark.
• Platforms under regulatory pressure (social media, gaming, e-commerce) who need to demonstrate compliance and accountability.

Who is this for?

• IEEE 2089.1 certification is designed for:
• Start-ups and scale-ups seeking to prove their solutions meet international benchmarks and gain early market trust.
• Component-level providers (e.g. biometric age estimation engines, document checkers, orchestration layers) who want to certify their part of a wider age assurance ecosystem.
• US-based providers and others in jurisdictions without formal regulatory frameworks, who need a recognised international standard to demonstrate responsibility and pre-empt legislation.
• Mature providers already working with regulators or large platforms who want independent, third-party assurance of compliance.

Why Choose IEEE 2089.1 Certification?

• It is globally recognised as the first independent international benchmark for age assurance.
• Certification through ACCS provides impartial third-party validation trusted by regulators, NGOs, and industry.
• It offers flexibility: certify full systems, or individual components such as facial age estimation engines.
• It supports ongoing trust: certification isn’t one-off,  it includes monitoring, re-assessments, and continuous improvement.

ICAP Certification Mark & ICAP Listing

In addition to ACCS certification, providers may choose to obtain the internationally recognised IEEE certification mark and be listed on the ICAP global register of certified providers.

This option carries an additional fee set by ICAP:

• Small sites (<250,000 users/year): 15% of the ACCS audit cost, minimum $1,000
• Medium sites (250,000–5M users/year): 12.5% of the ACCS audit cost, minimum $3,000
• Large sites (>5M users/year): 10% of the ACCS audit cost, minimum $5,000

An additional $750 administration fee applies for issuing the certificate and IEEE mark.

Choosing the IEEE mark alongside ACCS certification gives your solution international recognition and visibility, signalling trust and compliance at the highest level.