Debate Over Kids Online Safety Act and Age-Verification Requirements for Minors
Policymakers in multiple jurisdictions are advancing child online safety rules that would restrict minors’ access to social media, “addictive” product features, and certain content (including pornography), increasing pressure on platforms to implement age assurance/age verification to determine users’ ages before allowing access. The Lawfare analysis highlights that while protecting children online is a widely shared goal, enforcing age-based restrictions at scale effectively requires collecting and validating age signals for all users—raising significant implementation, privacy, and governance challenges as governments consider measures such as the Kids Online Safety Act (KOSA), the Kids Off Social Media Act, and the App Store Accountability Act.
How this story unfolded
15 events from the earliest known activity through the most recent confirmed update.
Senate advances a stronger version of the Kids Online Safety Act
Before the current House debate, the Senate passed a version of KOSA that included a duty of care and explicit categories of harms to minors, making it the stronger benchmark cited by state attorneys general. Sen. Marsha Blackburn is identified as a Republican champion of that Senate version.
Previous KOSA effort dies after House-Senate language dispute
A prior iteration of KOSA failed in the last Congress because the House and Senate could not agree on final language. House leadership had described the Senate-passed version as unworkable.
UK Online Safety Act takes effect and drives stronger age checks
The UK Online Safety Act came into force in July 2025, prompting platforms to implement stronger age-verification and child-safety controls. Its early rollout became the basis for later assessments of both improved protections and widespread circumvention of age checks.
New Mexico opens trial against Meta over child safety allegations
New Mexico Attorney General Raúl Torrez opened a trial against Meta alleging the company and CEO Mark Zuckerberg failed to protect children from trafficking, sexual abuse, and online solicitation. The case also alleges Facebook and Instagram design choices promoted predator accounts and recommended child sexual abuse material to minors.
Forty state attorneys general warn House KOSA bill is too weak
A bipartisan group of 40 U.S. state attorneys general sent lawmakers a letter criticizing the House version of KOSA as insufficient to protect children online. They said it omits key Senate provisions, including a duty of care and explicit harms, and warned it could preempt stronger state laws.
European Commission announces age verification app for child safety
The European Commission announced a European age verification app intended to help keep children safe online. The initiative represents a concrete age-assurance measure at the EU level, separate from the Commission's later provisional DSA findings involving Meta.
AlmaLinux says California AB-1043 does not require immediate action
AlmaLinux said California's AB-1043 Digital Age Assurance Act may require operating systems to perform digital age verification and share results with apps, but it does not believe the law currently requires immediate action from the project. The organization said it will take a wait-and-see approach ahead of the law's scheduled January 1, 2027 implementation while monitoring court challenges and upstream responses.
EU provisionally finds Meta likely breached DSA child protection rules
The European Commission provisionally found that Meta likely violated the Digital Services Act by failing to adequately prevent children under 13 from accessing Facebook and Instagram. The finding increased pressure on large platforms to adopt stronger age assurance or age verification measures, though the Commission said the DSA does not require any specific technical solution.
Senate Judiciary Committee advances GUARD Act on AI companion chatbots
The U.S. Senate Judiciary Committee unanimously advanced the bipartisan GUARD Act, which would require age verification for AI chatbot users and bar minors from using AI companion chatbots. The bill would also impose criminal and civil penalties for harmful chatbot conduct and require disclosures that chatbots are nonhuman and not licensed professionals.
Meta expands AI age checks and under-13 account removals
Meta announced expanded age-verification measures for Instagram and Facebook that use AI to analyze images, videos, text, and account context to identify users under 13 and remove or suspend their accounts pending age revalidation. The company also said it would extend automated detection for users aged 13 to 15 so they can be moved into teen accounts with default parental controls and content restrictions.
Utah age-verification law takes effect with VPN circumvention provisions
Utah's Online Age Verification Amendments (SB 73) took effect, making the state the first in the U.S. to explicitly address VPN and proxy use in age-verification compliance. The law treats users as accessing a site from Utah based on physical location even if they mask it, and bars covered websites from providing instructions for bypassing age checks with VPNs.
UK age-gating expansion advances after Children’s Wellbeing bill clears Parliament
After the Children’s Wellbeing and Schools Bill cleared Parliament, UK proposals moved forward for consultation that could expand online age-gating to platforms, games, VPNs, and even some websites. Privacy groups, civil liberties organizations, VPN providers, and internet companies publicly warned the measures could undermine privacy, security, and the open internet.
Internet Matters report finds children easily bypass age checks
UK nonprofit Internet Matters reported that many children find online age-verification systems easy to circumvent, citing survey results from about 1,000 children and examples such as disguises or manipulated facial inputs fooling age-estimation tools. The findings added evidence that age-assurance measures being adopted globally may be ineffective in practice and may also raise privacy concerns when they require ID uploads.
Von der Leyen backs possible EU law delaying teens’ social media access
European Commission President Ursula von der Leyen said the EU should consider legislation to delay young teenagers’ access to social media platforms. She said an expert panel will soon issue child-safety recommendations that could lead to a legal proposal as early as summer 2026.
UK MPs urge tougher online safety rules for social media and AI chatbots
The UK Science, Innovation and Technology Committee told ministers the current online safety regime is failing children and called for stronger legal duties on social media platforms. In its submission to the government's 'Growing up in the online world' consultation, the committee urged privacy-preserving age verification, tighter controls on harmful content and recommendation algorithms, removal of addictive design features, and closure of Online Safety Act gaps affecting some AI chatbots.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
25 references tracked. Mallory keeps watching after this page renders.
Chatbot bills look to address safety fears as midterms loom - Roll Call
rollcall.com
Open sourceMPs want social media treated more like unsafe toys than harmless apps
theregister.com
Open sourceCongress Narrowed The GUARD Act, But Serious Problems Remain | Techdirt
techdirt.com
Open sourceOpenAI’s KOSA Endorsement Is Regulatory Capture With A Smiley Face | Techdirt
techdirt.com
Open sourceEuropean Commission head pushes creation of new law delaying teens’ social media access | The Record from Recorded Future News
therecord.media
Open sourceWissenschaftlicher Dienst des EP: Wer Kinder ausschließen will, muss Anonymität verbieten - netzpolitik.org
netzpolitik.org
Open sourceThis Utah law is a risk to everyone's digital liberty - Boing Boing
boingboing.net
Open sourceChildren easily bypass online age verification systems, report finds | brief | SC Media
scworld.com
Open sourceFake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
cybersecuritynews.com
Open sourceUtah Wants Websites To See Through VPNs. That’s Not How VPNs Work. | Techdirt
techdirt.com
Open sourceSome kids are bypassing age verification checks with a fake mustache | TechCrunch
techcrunch.com
Open sourceUK age-gating plans risk breaking the internet, privacy groups warn
theregister.com
Open sourceA Kid With a Fake Mustache Tricked an Online Age-Verification Tool | WIRED
wired.com
Open sourceUtah first state to hold websites liable for users who mask their location with VPNs - law goes into effect, designed to prevent bypassing age checks | Tom's Hardware
tomshardware.com
Open sourceBan on kids’ companion chatbots advanced by Senate committee - Roll Call
rollcall.com
Open sourceThe GUARD Act Isn’t Targeting Dangerous AI-It’s Blocking Everyday Internet Use | Techdirt
techdirt.com
Open sourceEurope Gliding Toward Mandatory Online Age Verification
bankinfosecurity.com
Open sourceEurope Gliding Toward Mandatory Online Age Verification
govinfosecurity.com
Open sourceProton CEO: Age checks turn internet into ID checkpoint • The Register
go.theregister.com
Open sourceAlmaLinux OS - Forever-Free Enterprise-Grade Operating System
almalinux.org
Open sourceSocial media bans might steer kids into riskier corners of the internet - Help Net Security
helpnetsecurity.com
Open sourceEuropean age verification app to keep children safe online - European Commission
commission.europa.eu
Open source438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. | Techdirt
techdirt.com
Open sourceTo Read This, Please Upload Photo ID | Lawfare
lawfaremedia.org
Open source40 state AGs warn House KOSA bill falls short of protecting children online | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Regulatory Push to Strengthen Child Online Safety and Age Assurance on Social Platforms
UK regulators **Ofcom** and the **Information Commissioner’s Office (ICO)** issued warnings to major social media and video platforms (including **Facebook, Instagram, Snapchat, TikTok, and YouTube**) demanding “urgent steps” to implement more robust **age assurance** controls to prevent access by children under 13. Regulators signaled potential enforcement if platforms continue relying primarily on easily bypassed self-declared ages, arguing this enables unlawful collection and use of children’s data and exposes under-13s to services not designed for them; Ofcom requested companies report back on their plans by the end of April. In the US, the House Energy and Commerce Committee advanced the **Kids Internet and Digital Safety (KIDS) Act** on a party-line vote amid Democratic objections that the bill could reduce platform accountability for harms to minors. Criticisms focused on provisions that could **preempt certain state laws**, a **knowledge requirement** that opponents argue may let companies claim ignorance of minors’ presence, and the lack of a proactive **“duty of care”** requirement; proposed amendments to strengthen protections were not adopted.
Apr 1, 2026
Regulatory Push for Online Age Verification and Adult-Site Access Restrictions
A growing regulatory push to require **online age verification**—particularly for access to pornography and other age-restricted content—is accelerating in the U.S. and U.K., with policymakers framing it as a child-safety measure and critics warning of privacy and free-speech risks. An **FTC** commissioner publicly endorsed age verification as a tool to protect children online, pointing to widespread state-level adoption in the U.S. and noting that court outcomes have been mixed, including a **U.S. Supreme Court** decision upholding a Texas law requiring pornography sites to verify users’ ages. In the U.K., the **Online Safety Act (OSA)** is driving direct service changes: **Aylo** (parent company of Pornhub and other tube sites) said it will **restrict access in the United Kingdom** rather than implement the OSA’s age-checking approach for all visitors, while allowing continued access for users who have already verified their identity. Aylo argued the framework diverts traffic to unregulated sites and creates privacy risks, while **Ofcom** countered that services can either implement compliant age checks or block U.K. access and urged development of effective device-level solutions.
Mar 21, 2026
Legislative and Technical Approaches to Online Age Verification and VPN Restrictions
Lawmakers in several US states, including Wisconsin, are proposing legislation that would ban the use of VPNs for accessing websites with content deemed potentially harmful to minors. The proposed bill, A.B. 105/S.B. 130, mandates that such websites implement age verification systems and block users connected via VPN, significantly expanding the definition of restricted materials to include broad discussions of human anatomy, sexuality, and reproduction. Privacy advocates have raised concerns that these measures threaten user privacy and could have far-reaching implications for internet freedom and access. In parallel, technical solutions for age verification, such as those implemented by platforms like Snapchat, are being scrutinized for their effectiveness and privacy implications. Current methods, including facial scans and editable birth dates, have proven unreliable, often allowing underage users to bypass restrictions while potentially excluding legitimate users. The debate highlights the challenges of balancing child protection with privacy rights, as both legislative and technical measures face criticism for their potential to overreach and create new security and privacy risks.
Mar 21, 2026