Not doing enough to keep underage users off platforms designed for older audiences
In Brussels, European regulators have reached a sobering conclusion: Meta's platforms are not adequately shielding children under thirteen from spaces never designed for them. The finding is not merely technical — it reflects a deeper question about whether the architecture of digital connection can be made to honor the vulnerability of the young. With substantial penalties now on the horizon, the EU is signaling that the protection of children is not a negotiable footnote to the business of social media, but a condition of its legitimacy.
- EU regulators have formally determined that Meta's age verification systems are failing — children under thirteen are slipping through Facebook and Instagram's gates with little resistance.
- The violation is not narrow: beyond access, the platforms are found to expose underage users to data collection, behavioral tracking, and inappropriate content without legally required safeguards.
- Brussels is not issuing a warning — enforcement action is being prepared, with fines potentially reaching billions of euros under the Digital Services Act's expanded regulatory powers.
- Meta now faces a dual burden: proving not only that it can build better age controls, but that it is genuinely willing to enforce them consistently across its platforms.
- The case lands amid a broader EU push to hold tech giants accountable, making this moment less an isolated dispute and more a test of whether European digital law has real teeth.
Brussels has formally concluded that Meta is failing to prevent children under thirteen from accessing Facebook and Instagram — a finding that places the company in direct violation of EU child protection law. Regulators determined that Meta's safeguards fall meaningfully short of what the law demands, with minors able to circumvent age restrictions by misrepresenting their birth dates or exploiting inadequate verification processes. The problem has been flagged for years by child safety advocates, yet Meta's response has been judged insufficient.
The legal stakes extend well beyond the question of who can create an account. EU law governs not just access, but how platforms handle children's data, what content they encounter, and what privacy protections apply. Regulators found that even children who do gain access are not adequately shielded — they remain exposed to inappropriate content, unsolicited contact from strangers, and data practices that EU law explicitly prohibits for their age group.
Enforcement action is now being prepared. Given Meta's scale and the severity of the findings, potential fines could reach into the billions of euros. The investigation is proceeding under the Digital Services Act, a recently enacted framework that gives EU regulators sharper tools to compel compliance from major platforms.
For Meta, the pressure is both immediate and structural. European policymakers have made child protection a priority that sits above ordinary commercial considerations, and the company will need to demonstrate that any remediation it offers is substantive — not cosmetic. This case is unfolding as part of a wider regulatory reckoning with how tech platforms operate across the continent, and its outcome will carry implications far beyond any single fine.
Brussels has concluded that Meta is not adequately preventing children under thirteen from using Facebook and Instagram, a finding that puts the company in direct violation of European Union child protection law. The investigation, conducted by EU regulators, determined that Meta's safeguards fall short of what the law requires—the company is simply not doing enough to keep underage users off platforms designed for older audiences.
The core issue centers on age verification and access controls. EU law sets a clear boundary: children under thirteen should not have accounts on these platforms. Yet Meta's systems have allowed minors to circumvent age restrictions, either by lying about their birth dates during signup or by slipping through inadequate verification processes. The company has known about this problem for years, as child safety advocates and regulators have repeatedly flagged it. But the investigation found that Meta's response has been insufficient.
What makes this enforcement action significant is the legal framework behind it. The EU has established strict rules around how platforms must protect children—rules that go beyond what many other jurisdictions demand. These requirements cover not just age verification but also how platforms handle data from young users, what content they're exposed to, and what privacy protections apply. Meta's failure to implement adequate controls means the company is exposing children to systems that collect their personal information, track their behavior, and serve them content without the safeguards that EU law mandates.
The investigation also found that Instagram and Facebook do not adequately protect minors who do manage to access the platforms. Even if a child successfully creates an account, the platforms lack sufficient tools to prevent them from encountering inappropriate content, being contacted by strangers, or having their data misused. This compounds the initial failure: not only are children getting in when they shouldn't, but once they're in, they're not being protected.
Brussels has signaled that enforcement action is coming. The threat of substantial fines looms over Meta—penalties that could reach into the billions of euros given the company's size and the severity of the violation. This is not a warning or a gentle nudge. This is a regulatory body preparing to impose real consequences for what it views as a systematic failure to comply with law.
For Meta, the stakes are high. The company has faced EU scrutiny before, but child protection violations carry particular weight in European policy circles. Regulators and lawmakers across the continent have made clear that protecting minors online is a priority that transcends other business considerations. Meta will need to demonstrate not just that it can implement age verification systems, but that those systems actually work—that they meaningfully prevent underage access and that the company is willing to enforce them consistently.
The broader context matters too. This investigation is part of a larger wave of EU regulation aimed at controlling how tech platforms operate. The Digital Services Act, which came into force recently, gives regulators new tools to hold companies accountable. Meta's failure on child protection is being examined under this new legal regime, which means the company faces both the immediate threat of fines and the longer-term pressure to reshape how it operates across Europe.
Citações Notáveis
Meta is not doing enough to prevent underage access to its platforms— EU regulators
A Conversa do Hearth Outra perspectiva sobre a história
What exactly did Meta do wrong here? They have age restrictions on their terms of service, don't they?
They do, but having a rule and enforcing it are different things. The investigation found that Meta's age verification process is porous—kids can easily lie about their birth date, and the company doesn't have meaningful ways to catch them. It's not that Meta didn't try; it's that what they tried wasn't adequate.
So this is about the signup process specifically?
It starts there, but it's broader. Even if a child somehow gets in, the platforms don't have sufficient protections once they're using the service. No robust tools to prevent contact with strangers, no real filtering of inappropriate content. It's a failure at multiple levels.
Why does the EU care so much about this compared to, say, the United States?
Europe has a different philosophy about children and data. The EU sees protecting minors as a fundamental right, not just a business practice issue. Their laws are stricter, and they're willing to enforce them with serious penalties. For Meta, that means this isn't a minor compliance problem—it's existential.
What happens next? Does Meta just pay a fine and move on?
Not if the EU is serious. Fines are part of it, but regulators will likely demand structural changes—real age verification systems, better content controls, transparency about how the company is protecting kids. Meta will have to prove it's actually working, not just promise it will.
Can Meta actually solve this? Is age verification even technically possible at scale?
That's the real question. Some solutions exist—document verification, biometric checks—but they raise their own privacy concerns, especially for children. Meta will have to find a way that satisfies both regulators and doesn't create new problems. It's a genuine technical and legal puzzle.