In 2026, selling CBD, alcohol, vape, knives, or tobacco online without an age verification mechanism is no longer a theoretical legal risk. DGCCRF controls have tightened since 2024, the GTC of carriers (Colissimo, DHL, UPS) now require documented proof of majority for certain categories, and sanctions go up to €75,000 for selling alcohol to a minor (article L3353-3 of the French Public Health Code).
The problem: a poorly designed age gate makes 15 to 25% of visitors flee. Well designed, the impact drops below 3%. This article reviews the legal obligation by sector, the UX patterns that work in 2026, and the technical mechanism on PrestaShop.
The legal framework by sector in 2026
Alcohol
Article L3342-1 of the French Public Health Code: selling alcohol to minors is forbidden, the merchant must require proof of majority. Online, this translates to a declarative mechanism at minimum, ideally reinforced by a delivery control (adult signature).
Vape and nicotine e-liquids
Decree 2016-1117 transposing the TPD directive: sale forbidden to minors, declarative age check mandatory. Since 2024, marketplaces (Amazon, Cdiscount) refuse sellers without a visible device.
CBD
Framework blurry stricto sensu (CBD isn’t a narcotic since the 2023 Court of Cassation ruling), but sector self-regulation requires a +18 age gate. Carriers and payment processors (Stripe, Mollie) impose it in their GTC to keep the merchant account.
Tobacco and accessories
Reinforced Évin Law: strict prohibition of sale to minors, but in practice online tobacco sales are forbidden in France (article 568 ter CGI). For accessories (lighters, papers, hookahs), +18 age gate is professional norm.
Weapons, knives, defence
Decree 2013-700: certain categories (fixed-blade knives +6 cm, category D weapons) require identity verification, not just declarative. A simple age gate doesn’t suffice — KYC is needed.
Adult content and gambling
Law 2020-936 of 30 July 2020 and decree 2024-200: pornographic sites must verify age by robust device (bank card, France Connect, third-party verifier). Arcom checks. Simple declarative is no longer accepted.
Declarative vs robust verification: where to place the cursor
Not all age gates are equal. Three levels distinguish:
| Level | Mechanism | Probative force | Recommended sector |
|---|---|---|---|
| 1 — Binary declarative | “I am +18” / “I am under 18” | Low | CBD, vape, tobacco accessories, soft alcohol |
| 2 — Dated declarative | Full date of birth entry | Medium | Hard alcohol, light online betting |
| 3 — Documentary verification | ID, FranceConnect, KYC third party | Strong | Adult content, weapons, gambling |
For 95% of concerned PrestaShop stores (CBD, vape, alcohol, accessories), level 1 or 2 is sufficient and compliant. Level 3 requires a paying third-party integration and is mandatory only for very specific sectors.
The UX cost of a failed age gate
The age gate intervenes at a critical moment: the visitor arrives on the store, isn’t yet engaged, and is asked for an action. Patterns that tank conversion:
- Blocking all pages, including the homepage and blog. The visitor can’t even get an idea of the store. Abandonment rate: 25-30%.
- Re-displaying the modal at each visit without memorising consent by cookie. Frustration guaranteed.
- Forcing full date of birth entry on a €9 e-liquid store. Perceived disproportion, exit.
- Visually botched modal that looks like a phishing window. Immediate loss of trust.
- No correct mobile version. 70% of traffic leaves by mobile in 2026, and a buggy overlay kills the session.
The architecture that works: clean blocking modal, 30-day cookie, native mobile version
The pattern we’ve proven on several CBD and vape PrestaShop stores:
- Blocking modal displayed on arrival on the domain, without depending on user JavaScript (the modal is rendered server-side or injected by script that doesn’t block critical rendering).
- Two clear buttons: “I am 18 or older” / “I am under 18”.
- If refusal, redirection to an external page (generally Google or an information page on responsible consumption).
- If acceptance, 30-day cookie memorises consent. The visitor doesn’t see the modal again for 30 days.
- Multilingual: the modal speaks the language of the active store (French, English, Spanish, German).
- GDPR and tracking compatible: the modal doesn’t trigger tracking scripts before Consent Mode v2 consent.
- Mobile-first: the modal is sized and styled for mobile, without scroll or viewport bugs.
Technical implementation on PrestaShop 8 and 9
Three technical approaches are possible:
frontController or displayHeader hook
The age gate is injected at the top of the page via a standard PrestaShop hook. The module detects the absence of the consent cookie and inserts the modal HTML. The cleanest pattern, compatible with all themes.
Front controller override
To avoid. Overrides break at the next PrestaShop or theme update.
Dedicated module
The recommended approach. The module handles the hook, the modal, the cookie, the multilingual, and the BO configuration (concerned categories, redirection, design).
Our dfagegate module: the packaged solution
Our dfagegate module directly implements the described pattern. For €29, you get:
- Clean blocking modal, configurable design from the BO (colours, logo, texts).
- Activation by category or global: you can reserve the age gate for CBD/vape product pages, or impose it on the whole store.
- Consent cookie with configurable duration (30 days by default).
- FR/EN/ES/DE multilingual with native translations.
- Parameterisable redirection if the visitor declares themselves a minor.
- GDPR compatible: doesn’t trigger trackers before validation.
- Mobile-first, tested on iOS Safari, Chrome Android, Firefox mobile.
- Without theme modification: 100% via hook, clean uninstallation.
It’s the most direct solution to comply without a day of dev.
Measured impact on the funnel
On stores where we deployed a clean age gate (vs a home-made botched age gate), we measure on average:
- Modal abandonment rate: 3 to 5% (vs 15-25% with a botched age gate).
- Global bounce rate: +1 to +2 points (vs +8 to +12 points).
- Conversion: non-significant impact after re-display 30 days later (returning visitors don’t see the modal).
The idea that “the age gate kills conversion” comes from failed implementations. A clean modal, shown only once per visitor, has almost no measurable impact beyond the first filtering.
FAQ
Is age gate mandatory for CBD in France in 2026?
The legal framework isn’t explicit, but sector self-regulation and partner GTC (carriers, payment) require it in practice. Selling CBD without a +18 age gate has become impossible to stay on marketplaces and keep your Stripe/Mollie account.
Is simple declarative legally sufficient for alcohol?
For online home delivery of alcohol, the declarative (binary or by date of birth) is accepted by the DGCCRF as long as it’s combined with an adult signature on delivery. For Drive or Click&Collect, physical verification is done at pickup. A declarative age gate alone doesn’t suffice — logistics chaining is needed.
What to do if the visitor clicks “under 18”?
No single best practice. Three options: redirect to Google (radical, legally safe), redirect to an information page on responsible consumption (more social), or display a blocking message forbidding access (frustrating but clear). Our recommendation: dedicated information page, sober, without a return appeal.
Does the age gate impact SEO?
If the modal blocks page rendering for robots, yes — Google sees only the modal and can’t index content. Solution: allow passage of Googlebot and Bingbot user-agents (bypassing the modal), and ensure the produced HTML doesn’t mask content via display:none BEFORE consent. Our module handles this case by default.
Can age gate and GDPR cookie banner be combined?
Yes, and it’s even recommended. The age gate displays first (majority verification), then the cookie banner after acceptance. See our PrestaShop GDPR Consent Mode v2 guide for correct chaining.
To go further
Sectoral compliance (CBD, vape, alcohol) has become in 2026 an operational stake as much as a legal one: carriers, payment processors, and marketplaces now refuse non-compliant stores. The age gate is the first link. For food sectors, see also our upcoming dossier on INCO 1169/2011 compliance and the Omnibus directive for promotional price display.