Anthropic Wants Some Claude Users to Prove Who They Are, Passport and Face Scan Included

Anthropic, the safety-focused AI lab behind Claude, has updated its privacy policy to make clear it can ask some users to verify their age or identity by uploading a government-issued ID, and in some cases by submitting a selfie and a scan of their facial geometry.

The change was first reported by TechCrunch and sits inside a broader privacy-policy revision that Anthropic published on June 8 and that takes effect July 8. A new "Verification Data" category in the policy spells out, in unusually concrete terms, what the company may collect: an image of a passport, driver's license, state or national ID card and the personal details printed on it; a photo or video of the user's face; a facial geometry template that Anthropic itself concedes may count as biometric data in some jurisdictions; and the result of the check, such as whether a user clears an age threshold. PPC Land, which reviewed the document closely, notes this is the most substantive revision to the policy since September 2025.

Under certain still-undefined circumstances, then, Claude may want to see your ID.

What's actually changing

Scope matters here, because Anthropic has been at pains to narrow it. The verification requirement applies to consumer accounts, meaning Claude Free, Pro, and Max. Business customers on Team, Enterprise, and API plans are exempt and remain governed by separate commercial terms, according to Tech Times.

Anthropic also says this is not a blanket new gate on the front door. Spokesperson Michael Aciman pointed TechCrunch to a post on X from Anthropic's Thariq Shihipar, who framed the update as part of an appeals process: it applies to a "small subset of users" whose accounts have been flagged for potential policy violations but not outright banned. Those users would get a path to verify themselves and appeal rather than losing access entirely. Shihipar added that the policy was updated on June 17 and is "unrelated to the Fable or Mythos rollout," a reference to the AI models the Trump administration recently forced offline.

The company says it can require ID for a familiar set of reasons, including administering accounts, enforcing its terms of service, and investigating fraud, abuse, security issues, and unlawful conduct, SC Media reported. Anthropic's help center stresses that verification data is not used to train models, is not sold or shared for marketing, and stays between the user, the vendor, and Anthropic except where the company is legally compelled to respond.

That sounds reassuring. The harder questions sit in everything the policy leaves out.

The gaps

The triggers are undefined. The policy uses conditional language, saying Anthropic "may ask," but it never specifies what behavior puts an account in the flagged pool, or what a user can do to avoid it. Anthropic's own help language allows that a prompt could appear when accessing certain capabilities, as part of routine platform integrity checks, or as part of other safety and compliance measures. That is a wide aperture. There is also evidence the checks predate this month's policy. Gigazine reported that a help page on verifying identity surfaced in the Internet Archive as far back as mid-April, and that a Reddit user said in April that refusing verification rendered their paid plan unusable.

Retention is also unspecified. Anthropic says it decides how long its vendor holds onto identity documents, but its spokesperson did not say when that data is deleted. For comparison, TechCrunch noted that Roblox, another customer of the same vendor, says user images are deleted immediately after processing, which sharply limits the window for a leak. Anthropic has published no equivalent commitment, and CyberInsider confirmed the policy lists no retention periods for IDs, selfies, videos, or facial geometry templates.

Then there is the sensitivity of the data. Facial geometry cannot be reset like a password. Illinois's Biometric Information Privacy Act treats it as protected biometric data and attaches statutory damages of $1,000 to $5,000 per violation, as The Next Web pointed out, which makes the legal exposure real rather than theoretical for users in biometric-privacy states.

The vendor problem

Anthropic is not doing the checking itself. It uses Persona, a San Francisco identity-verification firm, and that choice carries baggage.

Persona is backed by Founders Fund, the venture firm led by Peter Thiel, who is also an investor in Anthropic. That overlap has caused trouble before. When Discord selected Persona for age verification earlier this year, it reversed course after users objected to handing government IDs to a Thiel-linked firm, TechCrunch reported. The Next Web added a security wrinkle: Persona data was reportedly found on a U.S. government-authorized endpoint, with roughly 2,500 accessible files, though the full scope has not been detailed. And whatever Anthropic's own promises, a third-party vendor storing IDs on U.S. servers can still be served with government demands for that information.

For a company whose brand is built on being the careful, safety-first AI lab, asking users to route passport scans and face data through a Thiel-backed vendor raises a trust question that technical assurances may not settle on their own.

The political backdrop

The substance of this change reads as routine. The timing is what draws attention.

Anthropic has spent much of the past year in open conflict with Washington. In late February, Defense Secretary Pete Hegseth designated the company a "supply chain risk," a move widely read as retaliation after Anthropic resisted contract terms that would have let the military use its technology for mass domestic surveillance and lethal autonomous weapons, The Hill reported. Then, on June 12, the administration issued an export-control directive forcing Anthropic to suspend its newest and most powerful models, Mythos 5 and Fable 5, just days after release, barring access by any foreign national, including Anthropic's own foreign-national employees. The stated concern was a jailbreak that could strip the models' safety guardrails. Reporting from CNBC and The Wall Street Journal tied the directive to Amazon CEO Andy Jassy flagging cybersecurity concerns directly to U.S. officials. Amazon is both a major Anthropic investor and a competitor.

The fallout reached well beyond Washington. Al Jazeera reported that the export ban rattled U.S. allies, with leaders including Canada's Mark Carney citing it as a cautionary tale about over-reliance on American AI.

There are signs of a thaw. Tech Times reported that Trump told Axios on June 20 he no longer views Anthropic as a national security threat, a notable softening that followed a meeting with CEO Dario Amodei at the G7 summit in Évian-les-Bains, France, even as the Commerce order suspending Fable 5 and Mythos 5 remains in force.

Against that backdrop, a policy giving Anthropic a cleaner way to confirm exactly who is using its tools invites two readings. Anthropic frames it as routine platform integrity. Critics will see one more accommodation to a regulatory and political environment that keeps tightening. Shihipar's insistence that the verification change has nothing to do with the model standoff may well be accurate, yet the two threads are hard to separate, because both point the same way: Anthropic keeping closer tabs on who is on the other side of the screen.

Why it matters

There is a longer arc here. Identity infrastructure was easy to leave optional when Claude was a chatbot you typed at. It gets harder to avoid when Claude is an agent acting on someone's behalf, booking, buying, connecting to outside apps, and running multi-step tasks. Anthropic's own privacy update ties the revisions to those expanded, more agentic capabilities, PPC Land reported. Knowing who the user is starts to look like part of the product.

Anthropic may be the first major consumer AI provider to formally write biometric identity collection into its policy, and it is unlikely to be the last. What privacy advocates and state attorneys general will watch after July 8 is whether outsourced processing, undefined triggers, and unspecified retention is a proportionate answer to the problems it is meant to solve.

For most Claude users, nothing will change on July 8. For the few who get flagged, the choice will be sharper: hand over a passport and a face scan to a Thiel-backed vendor, or walk away.