The era of "AI as a public good" is officially giving way to a regime of rigid compliance. OpenAI and Anthropic are simultaneously rolling out Know Your Customer (KYC) procedures, turning model access into a process comparable to opening a bank account. Under Anthropic’s updated July regulations, privacy policies now include mandatory age and ID verification. For Claude and ChatGPT users, confirming a phone number is no longer enough; the system now demands a government-issued ID and a "3D liveness check"—a video selfie where you must blink and turn your head to prove you aren't a deepfake.
The control mechanisms run deeper than they appear. For the past six months, OpenAI has been "under the hood" using age-prediction models, analyzing activity patterns and registration timing without notifying users. For organizations, the rules are even stricter: OpenAI requires verification via physical documents, vetoing digital IDs and enforcing a "one document, one organization" rule. Anthropic has stated explicitly that as autonomous AI agents evolve, verification scenarios will only expand.
Implications for the Enterprise
For businesses, this trend transforms AI providers into full-scale personal data operators. Handing over employee biometrics and identification creates new leak vectors and legal risks that standard contracts have yet to address. The illusion of developer anonymity is vanishing: every action is now tied to a legal identity. Officially, this is framed as "preventing unsafe use," but in practice, it helps combat the training of competing models on proprietary APIs.
The Price of Security
Corporations claim they collect this data solely for safety and legal compliance. We should take them at their word, as centralized databases containing the faces and passports of the world’s top developers are surely the "best-protected" assets in the modern world.
Now, any model deployment begins not with code, but with documentation. This shift is rapidly turning innovation into a highly regulated banking product.
AI providers are adopting banking-grade KYC and biometric identity verification. New requirements include 3D liveness checks and physical ID documentation. Corporate legal risks are rising as AI firms become major repositories of sensitive personal data. The move serves as a strategic moat to prevent competitors from scraping API outputs.
