Governments around the world are introducing age-verification and youth social-media laws, but these policies may be doing far more than protecting children. They are quietly pushing identity into operating systems, app stores, and the core infrastructure of the internet, shifting governance down the stack and creating new enforcement chokepoints. Along the way, they reshape platform power, favour large incumbents, and redefine how users access digital environments. As illustrated in “Evolution of Internet Architecture (1990–2035)”, this may signal a transition toward an “identity-mediated” web. This article documents those changes, drawing on historical precedents from UK identity systems (including the UK identity card programme) and US telecommunications, and comparative developments across multiple jurisdictions, to show how independent regulatory efforts are converging on a shared architectural shift.