NEWS
EU Moves to Limit Kids’ Social Media Access as Its Age App Falters
The European Commission plans EU-wide social media age limits for children under 13, even as its own verification app failed a security test in minutes.
European Commission President Ursula von der Leyen said Monday the European Union will pursue age appropriate social media restrictions for children across all 27 member states. An expert panel she convened wants kids under 13 limited to supervised, time-limited access, with rules loosening gradually as teenagers get older.
The announcement lands three months after the bloc’s own tool for checking anyone’s age failed a public test in under two minutes. Brussels has not said how, or whether, it will close that gap before writing any age limit into law.
Supervised Access Starts Under Age Thirteen
The recommendations come from a Special Panel on Child Safety Online that von der Leyen set up in March 2026. Child psychiatrist Prof. Dr. Jörg M. Fegert, of Germany’s University of Ulm, and epidemiologist Dr. Maria Melchior co-chaired the group, which delivered its report to her in Brussels on Monday.
The report’s language was blunt about where responsibility sits. “The burden of proof needs to be on providers, not regulators, parents and children,” the panel wrote, arguing platforms should face restricted access for under 13s “until they demonstrate that their services are safe by design.”
- Under 3 – no screen exposure at all, the panel recommends
- Under 13 – time-limited social media access only under parental or caregiver supervision
- 13 to 18 – restrictions ease gradually, with room for national “precautionary” rules
- Every age – platforms built around infinite scrolling, autoplay or persistent notifications get treated the same as social media
Von der Leyen calls that broader category “social media plus,” meaning any platform with age-inappropriate or addictive design features, not just Instagram or TikTok by name. The panel’s brief went beyond screen time limits too, arriving alongside British guidance urging parents to hide children’s photos as AI-generated abuse imagery spreads online.
“It is very clear that we need age-appropriate restrictions to platforms. The issue is not whether children can access social media, but whether and when social media can access our children.”
Von der Leyen said that during a press conference in Brussels, repeating the point in a social media post framed around a safer start online for every child.

Brussels Has Been Building to This for Months
Monday’s announcement did not come from nowhere. The Commission found Instagram and Facebook in preliminary breach of the Digital Services Act (DSA) on April 29, saying minors could create accounts under 13 simply by entering a false birth date, with no effective check stopping them.
Just over a week before Monday’s event, the Commission separately warned Meta, under the same law, that it must disable addictive design features like infinite scrolling or face a hefty fine.
Parliament had already built momentum of its own. In November 2025, MEPs adopted a non-legislative report by 483 votes to 92, with 86 abstentions, backing a harmonised EU digital minimum age of 16 for social media, video sharing platforms and AI companions, with parental consent allowed from 13.
The same report cited research showing 97% of young people go online every day, 78% of 13 to 17 year olds check their phones at least hourly, and one in four minors show behaviour patterns that mirror addiction. A 2025 Eurobarometer survey found more than 90% of Europeans consider protecting children online an urgent priority.
French President Emmanuel Macron organized a call with counterparts from Germany, Greece, Ireland, Italy and Spain to align national plans, Bloomberg reported, as governments raced ahead of Brussels with bills of their own. In Britain, physicians have been lobbying Parliament for restrictions on children’s social media use, part of a wider pattern of medical bodies pushing lawmakers to act. Australia’s ban on under-16s, in force since December, gave the whole campaign a working precedent to point to.
Does the EU’s Own Age Check Work?
Not on its first public outing. The Commission’s verification app, first previewed as a concept in July 2025 alongside new DSA guidelines on protecting minors, opened to the public April 15, 2026. UK security consultant Paul Moore bypassed it in under two minutes the very next day.
Moore found the app’s PIN was encrypted, but that encryption was never tied to the identity vault it was supposed to protect. Deleting a few configuration values and restarting the app let him set a new PIN while keeping access to credentials created under the old one. He posted the process on X, walking through the setup and the bypass step by step, and warned Brussels the design would eventually cause a serious breach.
Telegram founder Pavel Durov called the app “hackable by design,” arguing it trusted the user’s own device instead of leaning on hardware-level protections such as a phone’s secure enclave chip. The app’s GitHub repository never claimed otherwise. Its own readme file warned that security and privacy standards were lower than a final release and advised against using the code in production.
Caesar Groep chief technology officer Dibran Mulder traced the flaw to what he called a “trust boundary” problem: verification happens on a phone the user controls, but the issuing system accepts the result without checking it independently. Eva Simon leads the tech and rights program at the Civil Liberties Union for Europe. She said the deeper irony is that Brussels has spent years trying to hold Big Tech accountable and is now building a system that depends on those same companies’ phones and operating systems just to function.
A VPN-Shaped Hole
Even a flawless app would not close every gap. The European Parliamentary Research Service (EPRS), the Parliament’s own research arm, warned in May that virtual private networks (VPNs) represent “a loophole in the legislation that needs closing,” as adoption surged wherever age checks had already taken effect.
Commission Executive Vice President Henna Virkkunen acknowledged the same problem while unveiling the verification app. “VPN must not allow the system to be circumvented,” she said, calling it one of the “next steps” regulators still have to work out.
- 1,800% jump in VPN downloads in the UK during the first month after its Online Safety Act took effect
- 1,150% spike in Florida after Pornhub blocked access over the state’s own age check law
- 967% increase in Utah following its age verification law
- 61% of Australian children aged 12 to 15 still reach restricted platforms, according to that country’s own regulator
The workaround does not always require technical sophistication either. An EU-funded study out of Ireland’s Lero research centre found children can bypass most platforms’ age gates simply by lying about their date of birth at sign-up, with no follow-up check.
Member States Are Drafting Their Own Age Lines
While Brussels finalizes a bloc-wide plan, national governments have not waited. As of May, 23 of the 27 EU member states were already weighing national bills to restrict or ban minors’ social media access, according to a tracker kept by the Brussels policy institute Interface.
| Country | Proposed Model | Age Threshold |
|---|---|---|
| Denmark | Strict ban, then parental approval | Banned under 13; parental consent required for 13 to 15 |
| Italy | DDL 1136 Senate bill | Banned under 15; parental consent required for 15 to 16 |
| Germany | CDU and SPD proposal | Banned under 14; restricted youth version for 14 to 16 |
| France | Mixed blacklist model | Banned under 15 on blacklisted apps; parental consent elsewhere |
| Austria, Cyprus, Finland, Poland, Slovenia, Spain | Outright ban, no opt-out | Below a set age, with no parental consent waiver |
The split creates exactly the fragmentation the Commission says it wants to avoid. A teenager barred from an app at home in Rome could open the same account freely a short flight away in Tallinn.
A September Deadline, Still Unconfirmed
Von der Leyen said formal proposals will go to the 27 member states after the summer. Two European officials told reporters they expect Brussels to unveil an age limit this autumn, while cautioning that nothing has been finalized.
A Commission spokesperson put it more cautiously. “We are exploring possibilities to make minors safer online,” the spokesperson said. “More can and must be done.”
The proposal is expected to surface around von der Leyen’s State of the Union address in September. It would not be the Commission’s first fight with a major platform this year; its top court has already sided with regulators three times in Apple’s gatekeeper status challenges under the Digital Markets Act, a sign Brussels is willing to go the distance against pushback from Big Tech.
- What we know – the panel delivered its report July 13 and von der Leyen endorsed its direction; a formal proposal goes to member states after the summer
- What’s unconfirmed – the exact age cutoffs, whether the plan becomes a binding ban or a softer recommendation, and how VPN circumvention gets addressed
Platforms have already warned that hard thresholds will simply push minors toward unmoderated, non-EU services instead. Whatever age Brussels eventually picks, it will still need a verification system that survives longer than two minutes.
Frequently Asked Questions
What age will the EU set for social media access?
No single number is confirmed yet. The Commission’s panel recommends supervised, time-limited access under 13 with rules that ease by age, while a separate, non-binding Parliament resolution passed in November 2025 called for a harmonised digital minimum age of 16. A Commission spokesperson said only that officials are exploring possibilities to make minors safer online ahead of a formal proposal.
Is the EU’s age verification app mandatory right now?
No. The Commission first previewed the concept in July 2025 alongside new Digital Services Act guidelines, then opened a public prototype on April 15, 2026. It is designed to prove a user is over 18 without revealing their identity, and it is not yet tied to any confirmed social media age limit.
Can VPNs get around the EU’s age checks?
Yes, and regulators have said so publicly. Beyond the EPRS warning, 19 organizations including Mozilla, Proton and the Electronic Frontier Foundation wrote to UK officials on May 5 opposing any rule forcing VPN users to verify their age, arguing it would undermine the open internet.
Which EU countries already restrict children’s social media?
Most of them, in some form. Only Estonia and Belgium have resisted the trend outright, with Estonia arguing Brussels should lean harder on existing tools like the GDPR and on digital literacy programs instead of new age bans.
When could new EU rules actually take effect?
Not soon. Any Commission proposal still has to clear the European Parliament and win agreement from all 27 member states before it becomes binding law, a process that typically runs well past the announcement stage even after a September unveiling.
-
GAMING1 month agoMicrosoft Xbox Layoffs Start in July as Sharma Slams 3% Margin
-
NEWS1 month agoGoogle Search Profiles Build a Follow Graph Inside Discover
-
AI3 weeks agoOracle Cuts 21,000 Jobs in a Year, Cites AI in 10-K Filing
-
NEWS1 month agoOppo’s ColorOS 17 Eligibility List Leaves A-Series Buyers Behind
-
AI3 weeks agoGoogle DeepMind and A24 Sign $75 Million AI Partnership Deal
-
CRYPTO2 months agoOCC Issues AML Consent Order Against Wise and Crypto.com Sponsor Bank
-
APPS1 month agoDGO App Brings Rs 549 Mobile Pass for FIFA World Cup 2026 in Nepal
-
AI4 days agoMeta’s Iris AI Chip Enters Production in September, Tests Clean
