Shufti Recognized as a Leader in Liminal’s 2026 Age Verification Index

Key Takeaways

• Liminal evaluated 189 age verification vendors in 2026. Only 17 cleared the required thresholds.
• Shufti tied for the highest strategy score at 92% and placed in the top tier of the cohort on product execution at 64%.
• Practitioners cite fragmented regulation and full-KYC friction as the biggest scaling blockers.
• 50% of buyers now want one platform for every age assurance use case.
• Shufti’s risk-based, fully owned architecture maps to where the market is heading.

In its 2026 Age Verification Index, Liminal scored 189 vendors across Product Execution, Strategy, and Market Presence. Only 17 cleared the 42% product execution floor and the 61% strategy floor to qualify as Leaders. Shufti achieved one of the highest score 64% on Product Execution and tied for the highest Strategy score, 92%, placing in Liminal’s Exceptional market-presence tier.

The placement matters less as a marketing claim and more as an indicator of where age verification compliance in 2026 is heading and which vendors are equipped to serve it. Practitioners reading this index aren’t shopping for capability checklists anymore. They’re trying to solve four specific fears, and Liminal’s data makes those fears unusually legible.

What Liminal’s 2026 age verification index actually measures

The index ranks vendors on three pillars: Product Execution, Strategy, and Market Presence. Two of those pillars carry strict thresholds. Vendors that fall below either floor don’t qualify as Leaders, regardless of how strong they appear in any other category.

The two scores buyers should care about

Product execution measures verification accuracy (low false accepts and false rejects), document and data signal quality, fraud and spoof resistance, decisioning and orchestration across methods (document checks, database checks, biometric age estimation, reusable age tokens), and end-user experience, including completion rates and time-to-verify. It captures what the platform actually does when a real user lands on it.

Strategy measures forward-looking investment: scalability across regions and traffic volumes, automation and policy-driven decisioning, integration with adjacent identity and fraud stacks, durability against AI-enabled evasion, privacy-by-design controls including data minimisation and retention governance, and regulatory adaptability across fragmented requirements. It captures where the platform is going.

Why is the leader cut narrower than it looks

189 vendors entered the evaluation. 172 didn’t make the leader cut. Roughly 91% of the age verification platforms failed to clear thresholds that practitioners themselves told Liminal were the minimum bar.

The product execution floor (42%) filters out vendors that can’t reliably verify in production conditions. The strategy floor (61%) filters out vendors with a working product today but no credible answer for where the market is going next. Most failures sit on the strategy line, not the product line. Vendors built single-method tooling, added age verification as an add-on to it, and never invested in the orchestration layer that risk-based age assurance now requires.

Shufti cleared both floors with a margin. Liminal placed Shufti at the top of the 17-Leader cohort on product execution, tied for the top of the cohort on strategy at 92%, and classified the vendor within its Exceptional market-presence tier.

The four fears reshaping how age verification buyers choose vendors in 2026

Liminal’s buyer demand survey of 98 practitioners, combined with regulator activity through 2025 and into 2026, points to four fears now dominating vendor selection. Each one shows up in the index methodology, and each one is testable in a vendor demo.

The regulatory fragmentation is sharper than the table suggests. As of February 2026, Ofcom had 90+ platforms under investigation, issued six fines, including a £1 million penalty against an adult website operator, and confirmed that 77 of the UK’s top 100 dedicated pornography services now have age assurance in place. On June 27, 2025, the US Supreme Court upheld Texas HB 1181 in FSC v Paxton, validating a wave of state age-verification laws across more than 20 states. On December 10, 2025, Australia’s social media ban for under-16s came into force. 4.7 million accounts were removed within days, the per-breach civil penalty is AUD 49.5 million, and the eSafety Commissioner formally opened investigations into five major platforms on March 31, 2026.

Each of those frameworks has its own definition of acceptable age assurance. A vendor that satisfies Ofcom’s “highly effective” bar in the UK may not meet KJM’s specifically-evaluated-systems requirement in Germany. That means a vendor suitable for one jurisdiction doesn’t automatically become the best age verification vendor everywhere. The cost of getting this wrong is no longer reputational. It’s measurable in nine-figure penalties and platform-level operational risk.

Where Shufti landed in Liminal’s 2026 index, and why it matters

Shufti cleared both thresholds, on Product Execution scored one of the highest among 17 leaders, and tied for the highest strategy score at 92%. Liminal placed Shufti within its Exceptional market-presence tier. The placement reads cleanly because the report’s methodology mirrors how practitioners now evaluate the market.

Top of product execution

The Product Execution score of 64% measures accuracy under load, fraud resistance, decisioning across methods, and the end-user experience that converts traffic into completed verifications. Liminal’s analyst note credits Shufti with a configurable, multi-method age assurance solution combining AI-based facial age estimation, authoritative database lookups, and document-based verification, with optional liveness and fraud checks layered according to risk. The note calls out fast, low-friction entry points (estimation delivers decisions in a few seconds) and step-up mechanisms that invoke document or database verification when confidence thresholds aren’t met.

The structural reason this score lands at the top is straightforward. Shufti built and owns its entire technology stack, including OCR, liveness, document intelligence, age estimation, AML screening, and deepfake detection. Most vendors stitch together components licensed from third parties. The orchestration latency that drags execution scores in stitched-together stacks doesn’t appear when one platform owns the decision end-to-end.

Tied for the top of the strategy

Strategy is the harder line. It measures whether the platform can keep pace with where age verification is going: risk-based decisioning, reusable age signals, on-device estimation, integration with fraud and identity stacks, post-decision auditability, and regulatory adaptability across fragmented requirements.

Shufti tied for the top of the cohort here because the roadmap maps in that direction. Liminal calls out a planned on-device age estimation capability that performs inference locally without network connectivity (issuing reusable tokens), NIST FATE benchmarking participation with top-15 placement in several Challenge 25 and Child Online Safety Act metrics, and iBeta Level 1, & 2 conformance plus KJM recognition in Germany. These are items most vendors don’t have on their roadmap at all.

How Shufti handles age verification at the four practitioner fears

If you’ve shipped age verification to a production audience, you’ve felt at least three of the four fears Liminal documented. The decisions take too long. The regulator in one market accepts what the regulator in the next market rejects. The vendor count keeps climbing. The unit economics get worse as volumes scale.

Shufti’s age verification is structurally designed against each of those failure modes.

Friction:

Most age checks don’t need full KYC. Shufti runs facial age estimation as the first-line check for low-risk flows. Decisions return in a few seconds. When the estimated age sits close to a regulated threshold, or when the use case demands a stronger signal, the platform steps up to document-based verification, authoritative database lookups, NFC chip reads, or liveness, invoked only when the risk profile warrants it. Most users clear in seconds, not hours.

Regulatory Fragmentation:

The same Shufti platform handles Ofcom’s “highly effective” bar in the UK, KJM-recognised verification in Germany, Texas SB 12, and the wave of US state laws that followed FSC v Paxton, Australia’s eSafety enforcement, EU DSA age provisions, and emerging EUDI Wallet integrations under eIDAS 2.0. Shufti accepts physical IDs, Digital IDs, EUDI Wallets, NFC chip verification, and Qualified Electronic Signatures through one integration. Compliance teams configure jurisdiction-specific policies in the orchestration layer rather than swapping vendors when a new regulation lands.

Vendor Sprawl:

Age verification is one capability inside a single Shufti platform that also covers KYC, KYB, AML screening, document verification, face verification, eIDV, and fraud prevention. The 50% of practitioners who want one platform for every age use case (and the 38% who want a one-stop shop covering the full identity stack) close that gap with one integration rather than four.

Pricing Pressure:

Because the stack is owned end-to-end, Shufti isn’t passing through third-party liveness, OCR, or screening licence costs. Pricing scales with usage rather than with the number of subprocessors in the chain.

The independent validation behind the platform: iBeta Level 3 conformance under ISO/IEC 30107-3, the highest published standard for liveness attack detection, introduced June 2025 in response to AI-driven fraud, tested against expert attackers with no budget constraints. Very few vendors globally hold it. Combined with Liminal’s Leader recognition and the Exceptional market-presence tier, the picture practitioners get from independent sources is consistent.

One platform. Fully owned technology. Global coverage with real local depth.