UK Mobile Operators Launch Age Verification and Anti-Fraud APIs Through GSMA Open Gateway Initiative

BT and EE, CK Hutchison Group Telecom, Virgin Media O2, and Vodafone Group collaborate to provide developers with powerful consumer safeguarding and identity verification tools

23 September 2025, London: BT and EE, CK Hutchison Group Telecom, Virgin Media O2, and Vodafone Group today announced the commercial launch of new network technologies in the UK that will help online platforms verify customer ages and combat digital fraud.

Delivered through the GSMA Open Gateway initiative, CAMARA-standardised Application Programmable Interfaces (APIs) will give developers simple, secure tools to protect consumers and comply with new UK safety laws.

The launch comes just weeks after the Online Safety Act came into force in the UK, mandating age checks for platforms hosting user-generated content. According to the Age Verification Providers Association, UK consumers are now undergoing five million additional age checks every day under the new law - highlighting the pressing need for scalable, frictionless verification.

Speaking at API Days London, BT and EE, Virgin Media O2, and Vodafone Group outlined the release of CAMARA-standardised Age Verify and Know Your Customer (KYC) Tenure APIs for developers, with an enhanced KYC Match API, featuring fuzzy logic capabilities, to follow before the end of the year.

The collaboration addresses two pressing challenges in the UK digital landscape: the need for robust age verification following new legal safeguarding laws and the escalating threat of online fraud.

People in the UK lost £11.4 billion to scams last year, according to the Global Anti-Scam Alliance's (GASA) latest The State of Scams in the UK report. Worldwide, GASA estimates that criminals scammed more than $1 trillion from victims last year, further emphasising the need for the mobile industry to work together with online banks and retailers through global standardised technology initiatives to tackle the issue.

Technology Partners Ready to Commercialise for Developers

Technology companies are now partnering with UK operators to commercialise these APIs, connecting them with online entertainment and commerce sites to help implement age verification and identity protection capabilities.

Jersey Telecom (JT Group) and TMT.ID are already working with UK operators to process hundreds of thousands of Network API calls a month to support a wide range of services, from age assurance for social media platforms through to smoother, more secure App registration and login experiences.

On top of other CAMARA APIs already available in the market, the operators are now providing developers three further APIs to support consumer protection and fraud prevention:

• KYC Age Verification API (Available Now): Checks whether a customer is eligible for age-restricted products and services. Since operators already manage verified user data, such as date of birth linked to mobile numbers, they can provide a seamless and privacy-compliant solution for digital platforms. The API can be applied in various scenarios, including streaming services, gaming platforms, online marketplaces, and adult content websites, ensuring compliance with regulations while reducing friction in the user experience.

• KYC Tenure API (Available Now): Helps build trust by providing a simple and efficient method to determine whether a phone number has been in use for a significant period, offering a strong indicator of user stability and reducing reliance on self-reported identity data. It checks whether the lifetime tenure of a given phone number is longer than an input date provided by the customer.

• KYC Match API (available by end of-2025): Allows businesses to cross-check customer-provided information with the verified records maintained by the user's mobile network operator, as part of their KYC (Know Your Customer) process. This cross-check comparison can include details such as mobile phone number, name, postal code, address, birthdate, and email address. Importantly, no Personal Identifiable Information (PII) is shared in the process, ensuring user privacy while enabling secure and accurate verification.

Henry Calvert, Head of Networks, GSMA, said: "Age assurance is just one area where the smart use of mobile networks can support online entertainment and commerce sites, and safeguard consumers. By giving developers easier, secure access to the rich network functionality of mobile networks, we can also use network intelligence in the fight against fraud and scams. We've already seen the results UK mobile operators and banks have achieved through Scam Signal and look forward to building on these foundations."

Malcolm Cubitt, Director of Product, Mobile at BT Group's Consumer Division, said: "A safer online ecosystem has long been a priority for BT Group. As platforms work to meet regulatory requirements, we've continued to deliver seamless innovative solutions that support low-friction security checks. The GSMA Open Gateway initiative gives developers the tools to help build a safer digital environment globally. Cross industry alignment and global standards are key to protecting UK customers. With this approach, we can take decisive steps as an industry to protect the UK from harmful content and fraud, while creating a secure and trusted ecosystem for the country as a whole."

Matt Hemingway, Head of Network-As-A-Service, Virgin Media O2, said: "Through GSMA Open Gateway, Virgin Media O2 are taking a stand against digital fraud and identity theft. By launching these first APIs, we're giving enterprises and developers the tools they need to deliver safer, more trusted digital experiences for consumers. This is a vital step in building a more secure connectivity ecosystem for the UK."

Francesco Zampini, Director of Devices and Digital Product & Services, CK Hutchison IOD: "Identity is pivotal to building trust in the digital economy. Our ability to verify who we are, or claim to be, is of vital importance to tackle the impact of fraud on our social and economic wellbeing, and to deliver safer online experiences. Through GSMA's collaborative Open Gateway initiative, CKH IOD and Three are committed to delivering interoperable APIs to channel partners and service providers to achieve higher levels of customer authentication and help protect consumers from fraud."

Johanna Wood, Director of Network APIs, Vodafone Group said: "Vodafone is committed to creating a safer digital ecosystem for everyone. Through the GSMA Open Gateway initiative, these new APIs give developers and businesses the tools to deliver seamless age verification and robust fraud prevention. This continued collaboration among UK operators marks a significant step in protecting consumers, ensuring compliance with new safety laws, and building greater trust in the digital economy."

Henry Howe, Head of Mobile Intelligence Product Development, JT said: ''JT is working closely with UK operators to help bring these APIs to market, enabling developers to access trusted network data for both safeguarding and commercial use. Age verification is especially important as platforms respond to new safety laws and rising expectations around online protection. These APIs offer a practical way to protect children, reduce fraud, and streamline onboarding-making it easier for businesses to build secure, compliant digital experiences.''

Matthew Hornsey, Head of Product and Purchasing, TMT ID: "Every year TMT ID processes millions of Network API calls in the UK and across the world for many different use cases including, proofing age assurance for social platforms, verifying identity in financial services to making it possible to register and login to your favourite app without usernames and passwords. Open, standardised network APIs are vital to enabling the agentic ecosystem to build trustable connections between people and organisations globally." 

Commitment to Continued Innovation

Looking ahead to 2026, UK operators plan to expand their API portfolio with additional services focused on identity and fraud prevention, as well as advanced network quality capabilities leveraging 5G infrastructure for enhanced availability, latency, and throughput performance.

The UK initiative forms part of the global GSMA Open Gateway programme, which now includes more than 79 mobile operator groups representing 291 networks and nearly 80% of mobile connections worldwide. By bringing together operators from around the world, the GSMA Open Gateway initiative facilitates the design of digital products capable of operating seamlessly on all devices, regardless of the country or operator. The service APIs are available through the CAMARA repository, an open-source project by the Linux Foundation and a fundamental part of the GSMA Open Gateway initiative.

-ends-