Anthropic adds identity verification requirement to Claude

According to Anthropic's updated privacy policy and its support documentation, the company may require a subset of consumer Claude users to verify their age or identity, with the policy set to take effect on July 8, 2026. The policy language states, "In certain circumstances, we may ask you to verify your age or identity," and lists a new Verification data category that can include an image of a government-issued identity document, the information on that document, a photo or video of the user's face, and facial geometry templates (per Anthropic's published policy and support article). Anthropic's support page identifies Persona Identities as the verification vendor; reporting also notes that for age-only checks Anthropic may use Yoti, which returns a pass/fail age result without sending the underlying ID images (support.claude.com; TechTimes). TechCrunch reports that Anthropic shared a statement from Thariq Shihpar characterizing the change as applying to a "small subset of users" whose accounts are flagged but not outright banned. Other outlets report that the checks have been run in limited form since April through Persona (TechCrunch; TechTimes). Multiple outlets note the policy covers consumer tiers: Claude Free, Pro, and Max-while excluding Team, Enterprise, and API customers (TechTimes; The Register; CybersecurityNews).

Editorial analysis - technical context: The policy uses the term facial geometry templates, which most vendors derive from a user's selfie and represent face structure as numeric vectors. Industry-standard verification setups separate age-verification-only flows (returning a boolean) from full document-plus-biometric flows; reporting notes Anthropic uses a separate vendor or mode for age-only checks (TechTimes). The support page further states that Anthropic is the data controller for verification data, Persona processes the data on Anthropic's behalf, and that images are held by Persona rather than being stored on Anthropic systems, although Anthropic can access verification records through Persona's platform for specific use cases like appeals.

Formalizing biometric identity checks in a mainstream consumer AI assistant is notable because it embeds high-sensitivity personal data-government ID fields and biometric templates-into the operational compliance posture of a widely used model. Reporting highlights three immediate privacy and compliance questions: scope and triggers for checks (the policy does not enumerate clear triggers), retention and access controls for verification records, and cross-jurisdictional legal implications where biometric data has extra protections (for example, Illinois' Biometric Information Privacy Act). TechTimes flags that the consequences of non-compliance are not fully specified in the policy, and reports that the verification feature has been active in limited form since April; The Register also flags that the consequences of non-compliance are not fully specified (TechTimes; The Register).

Editorial analysis: Observers should look for clarifications from Anthropic on:

• •explicit trigger conditions and frequency of checks
• •concrete data-retention timelines and deletion mechanisms for verification records
• •auditability and access logs around when Anthropic accesses verification records via Persona
• •how regional legal requirements will alter the verification workflow. Practitioners operating downstream systems or integrating Claude via the API should note that Team, Enterprise, and API accounts are described as exempt in the policy, but that customer-facing consumer integrations or UI flows may need updated UX and privacy notices before July 8

What is reported in public sources is limited to the text of Anthropic's updated privacy policy, its support article, and contemporaneous reporting. TechCrunch relays a company statement attributing the change to a limited subset of flagged accounts; the company has not published a granular trigger list or a public retention schedule beyond the policy's descriptive sections (TechCrunch; support.claude.com).

For privacy engineers and compliance teams, this development exemplifies a broader industry trade-off between platform integrity and biometric privacy exposure. Industry-pattern observations: Companies deploying identity verification often balance minimizing stored PII with operational needs like fraud investigation and account appeals; vendors frequently implement designs that keep raw ID images off the principal platform while allowing controlled access via the verifier's portal. Security teams should evaluate vendor assurances, contractual limits, and technical controls such as isolated storage, access logs, and scoped retrieval for appeals.

Overall, the change formalizes a verification flow already running in limited form and expands the kinds of personal data a major consumer AI product could collect, while leaving several operational details unspecified in public documents.