LONDON – I remember sitting down with a software developer in early 2005 to look at a 2257-compliance software solution he had written. I was running a sizeable affiliate program at the time and was looking for a compliance solution sufficiently robust and feature-packed to enable our company to deal with the massive number of depictions and URLs we’d need to cross-reference to comply with the coming changes to the regulations.

I was curious to see what features and functions this developer’s software offered – and even more curious to hear his answer to a question which sounded simple on its face, but was deceptively complicated: “How do you know using this software correctly will lead to compliance with the regulations?”

The reason the answer to that was more complicated than it seemed was while we knew, in a broad sense, what sort of changes were coming to the regulations, the final rule had not yet been published to the Code of Federal Regulations.

So, while some of the needs of the developer’s project were clear – it would need to offer some means of calling up a performer’s identification records and the ability to cross-reference that information with depictions in which that performer appeared, for example – there were still substantial questions about the details of 2257 compliance which were still unknowable, even as he dug into coding the software.

I’m reminded of those days back in 2005 when I read about the pending effective date of the UK’s Digital Economy Act (“DEA”), specifically the age-verification requirements therein for websites which offer sexually-explicit content.

Just like in the U.S. in 2005, developers working to comply with the pending UK regulations know, in broad strokes, what their solutions must accomplish – but when it comes to granular detail, the information provided to date by the UK government and its chosen regulator for the age-verification provisions of the DEA, the British Board of Film Classification (BBFC), has had little to offer, thus far.

Just this week the BBC sought further detail on how the age-verification system to be overseen, only to find there were no such details forthcoming.

To be fair, the BBFC was named the oversight body for the age-verification system just a matter of weeks ago, with Peers in the House of Lords noting at the time that it’s problematic to have the deadline for implementation of the system so close on the horizon, without knowing more about how it’s to work.

“Where we have got to is not particularly satisfactory if the general purpose of the age-verification regulator is to make sure that age verification really works and that there is not the access for young people to these pornography sites that the Act was designed to prevent,” said Lord Timothy Clement-Jones at the time.

It may well be that the various solutions already crafted to comply with the DEA, like MindGeek’s AgeID and AgeChecked, won’t need any changes made to them to be compliant with the law, but the current lack of clarity on how such systems will work, what data they will (and won’t) be required to store, is also concerning from a consumer perspective.

While MindGeek has issued statements assuring it won’t store personal information of AgeID users or cross-reference such data with the large amount of aggregate usage information the company regularly publishes, it remains to be seen how much comfort UK users take from such assurances. It’s also unclear how much consumers will trust any of the solutions on the market with their personal information, for that matter, given the significant privacy concerns with any system which collects the sort of information required to verify a person’s age.

As they say, “the devil is in the details” – and given the proximity of the effective date of the UK’s new age-verification requirements for adult sites, all we know for the moment is in this case, the devil is running a little late.