Five member countries are already experimenting with the solution this year, but they don’t all seem to be on the same page. It was pointed out at the press conference that France and Denmark are far ahead, while Greece, Spain, and Italy are lagging. This is why some experts are skeptical that the digital wallet will come into force within the established time frame.

An Alternative to the US Model

Among the players already visible in the European market for age verification are Yoti, which TikTok is using in Europe for this purpose along with other methods such as credit cards and documents, and Persona, which is an identity- and age-verification provider used by platforms such as Roblox, Discord, and Reddit.

The latter has a much more data-intrusive model, one that the Commission says it wants to avoid. In fact, its services include fingerprint verification, face recognition, screening a person’s face to compare it to one on a particular list, and the retention of all such data for up to three years.

In February 2026, it also emerged that Persona publicly exposed thousands of files online. The company responded by saying that this was an isolated testing environment and that the data was not actually exposed, and, in addition, that it does not work with US government agencies to provide it with data on users.

In any case, the US model shows the risks of age verification based on massive collection and analysis of identifying data. This highlights the need for a European alternative, one that shifts the concept to another level: not so much “prove your identity so I can check your age” as “just prove your age, without revealing anything else.”

Brussels is promoting an open source architecture, leaving room for both member states and market players to publish national or derivative versions. Scytales and T-Systems were mentioned during the press conference as services to look to in Europe. Whoever develops the system will still have to consider a “triangular” architecture, officials say: A third party certifies that the user meets the required attribute, i.e., being above a certain age, without the site receiving documents or other personal data. To make the concept more understandable, the Commission cited the experience of Covid certificates.

A Glaring Loophole

There remains, however, a clear distance between the technical promise and the social reality of the problem. As recounted in the press conference, the mini-wallet seems designed primarily to prevent the site from learning too much about the user, but much less to solve the most trivial bypass of all: a minor using an adult’s phone, credentials, or ID. In other words, the system may perhaps reduce the amount of personal data in circulation, but it does not automatically eliminate the risk of age verification being bypassed in practice.

Despite this, the mini-wallet currently appears to be the most promising solution. The Commission has clarified, though, that it is not the only possible solution. The door remains open to alternatives, provided they are “equally effective.” Pornhub is already involved in the pilot phase, while other operators have been invited to participate.

In short, Europe could become the first major policy laboratory where age verification stops being a formality and becomes a real infrastructure, with all the promise and—not to be overlooked—all the risks that this entails.

This story originally appeared in WIRED Italia and has been translated from Italian.

Across the region, facilities tied to water and power—including desalination plants—have been damaged or exposed to risk as Iranian strikes extend beyond traditional targets.

A single strike, however, is unlikely to shut off the gulf’s water supply. The system is designed to absorb isolated disruption, but sustained or multisite attacks would begin to strain supply far more quickly.

“In the Gulf, desalination is built with enough breathing room that losing one plant doesn’t immediately show up at the tap,” says Rabee Rustum, professor of water and environmental engineering at Heriot-Watt University Dubai.

In Kuwait, Iranian drone attacks have damaged two power and desalination facilities and ignited fires at two oil sites. Other sites, including Fujairah in the UAE, have been identified as potentially exposed.

“Striking desalination plants would be a strategic move, but it would also come very close to, and in some cases cross, a red line,” says Andreas Krieg, senior lecturer at the School of Security Studies at King’s College London.

Water infrastructure, Krieg explains, occupies a distinct category. “Water infrastructure is not just another utility. In places that depend on desalination, it underpins civilian survival, public health, hospital function, sanitation, and basic state legitimacy.”

Krieg notes that international humanitarian law gives special protection to civilian objects and to objects indispensable to the survival of the civilian population. “Which is precisely why attacks on water systems carry such grave legal and moral weight,” Krieg adds.

The incidents highlight a structural reality: Desalination is central to water supply in the gulf, and disruption carries immediate implications for daily life.

How the System Absorbs Disruption

At first glance, desalination appears vulnerable. Shut down a plant, and supply is reduced. In practice, the system is designed with layers of redundancy.

Plants operate across multiple locations, allowing output to be redistributed if one facility slows down. Water is also stored at different points across the network, including central reservoirs and building-level tanks, creating a buffer that delays disruption.

According to a statement to WIRED Middle East by Veolia, an environmental services provider whose technologies account for nearly 19 percent of desalination capacity in the region, “the region’s water supply is diversified thanks to a network of numerous facilities distributed along the coastline.”

The company adds that distribution systems are interconnected, allowing plants to “support and substitute for one another when necessary,” helping maintain continuity of service.

In the UAE, storage capacity typically covers around one week, while in other parts of the region it may be limited to two to three days, Veolia says.

In practice, this means the system can absorb disruption for a limited period. Once reserves are depleted, water supply depends on whether plants can continue producing enough water to meet demand.

The System That Produces Water

Unlike most regions, the Gulf does not rely on rivers or rainfall. It depends on a network of desalination plants along its coastline that convert seawater into potable water on a continuous basis.

Seawater is drawn into treatment facilities, filtered and processed either through reverse osmosis—forcing it through membranes to remove salt and impurities—or through thermal methods that evaporate and condense water. The resulting supply is distributed through pipelines, stored in reservoirs, and delivered to homes, hospitals, and industry.

This is not a flexible system. It is designed to operate continuously, producing water at a scale that sustains cities, industrial activity, and essential services. Gulf states produce roughly 40 percent of the world’s desalinated water, operating more than 400 plants across the region.

Dependence varies by country but is high everywhere. In the UAE, desalination accounts for 41 to 42 percent of total water supply, while in Kuwait, it provides around 90 percent of drinking water, and in Saudi Arabia, approximately 70 percent.

When Disruption Becomes Visible

For residents, disruption would not be felt immediately—water would continue to flow.

Rustum explains that buildings are supported by internal storage and pumping systems, meaning early changes in supply may not be apparent. In many cases, water pressure remains stable, even as the wider system adjusts.

US Border Patrol agents are raising money by selling coins that commemorate last year’s wave of immigration enforcement “operations” across the country, along with other merchandise. The funds are for nonprofit organizations that list Border Patrol buildings as their address in IRS paperwork. At least two of the organizations have dedicated US Customs and Border Protection email addresses.

The front side of one coin for sale reads, “NORTH AMERICAN TOUR 2025,” along with the acronyms for US Border Patrol and the acronym for “fuck around and find out”—a phrase that was initially popularized by the far-right group the Proud Boys and has been used by various Trump officials. In the center, the coin depicts a gas mask, a riot control smoke grenade, and a pepper ball launcher. On the other side, the coin appears to have a portrait of Border Patrol’s now retired commander-at-large, Gregory Bovino, with his arm raised in a salute, along with the text “COMING TO A CITY NEAR YOU!” It lists seven cities, many of which actually saw federal enforcement surges in 2025: Chicago, Los Angeles, Memphis, Phoenix, Portland, Charlotte, and Atlanta.

The coin is for sale by Willcox Morale Welfare and Recreation, a nonprofit that the IRS most recently declared tax-exempt during the Biden administration and whose address on IRS paperwork matches that of the Willcox Border Patrol Station in Arizona. A request for comment sent to Willcox MWR’s dedicated CBP email address went unanswered.

Employees of the Department of Homeland Security, the parent agency for Border Patrol, are allowed to start private, not-for-profit employee associations within DHS, so long as they get formally recognized by the agency and follow certain rules. According to DHS policies, officially recognized groups can fundraise using government property and create merchandise with the agency’s name and logos–but they have to receive advance approval from the agency.

Willcox MWR is just one of several groups across the country that cater to Border Patrol agents and refer to themselves as MWRs, a reference to the US military’s “morale, welfare and recreation” programs. The groups tend to throw holiday events and retirement parties, and sometimes raise money for the families of agents going through hard times, including those not getting paid during the current shutdown.

Many MWRs also sell customized medallions known as “challenge coins” that commemorate specific teams or events. While anyone, including CBP alumni, can design and sell coins, current DHS employees are not supposed to use government resources to sell ones that use the agency’s seals or logos without permission, or ones that the agency considers inappropriate or unprofessional.

CBP did not provide comment about its relationship to Willcox MWR or any other nonprofit mentioned in this story, nor whether the agency had green-lit the “North American Tour” coin design, ahead of publication.

Under Willcox MWR’s Facebook post about the “North American Tour” coin, someone named Juan Diego commented, “Sign up SDC BK5 MWR for 10.”

“Shoot us an email,” someone managing the Willcox MWR account replied, giving out what appeared to be a dedicated cbp.dhs.gov email address for the group.

SDC BK5 MWR, also a registered nonprofit, lists an address on its website that matches that of a government facility in Chula Vista, California. It says on its site that it was started by San Diego Sector Border Patrol agents and sells custom merchandise “designed to raise funds for morale and relief efforts.”

Diego did not respond to a request for comment.

The SDC BK5 MWR website has listings for over 200 different products in addition to the North American Tour coin. One of those listings was a “Chicago Midway Blitz” challenge coin in the shape of a gas mask that doubles as a bottle opener. Embossed around the edges of the coin are the names of several municipalities and neighborhoods caught up in DHS’s immigration enforcement surge of the same name last fall. Like the North American Tour coin, it features the US Border Patrol logo and the acronym for “fuck around and find out.” Opponents of the Trump administration’s immigration enforcement activity in Illinois are unamused.