Protecting Minors Online: What If Age Verification Is Not Enough?

Protecting Minors Online: What If Age Verification Is Not Enough?

Key Takeaways


Protecting minors online has become one of the central issues in digital regulation. In a March 2026 paper entitled Protecting Minors Online Through Age Verification: How Can We Go Further?, the French Council for AI and Digital Technology notes that age verification may address an urgent need, but it only tackles part of the problem.


Protecting minors online has become one of the central issues in digital regulation. Social media platforms, video-sharing services, online games, messaging apps, and now generative AI tools expose children and teenagers to a wide range of risks, including the exploitation of their personal data, exposure to violent or harmful content, cyberbullying, attention capture, and addictive design.

In a March 2026 paper entitled Protecting Minors Online Through Age Verification: How Can We Go Further?, the French Council for AI and Digital Technology (Conseil de l’IA et du numérique or CIANum) makes the following observation: age verification may address an urgent need, but it only tackles part of the problem. Excluding minors from platforms must not become a substitute for a deeper redesign of digital spaces for the benefit of all users. The Council calls for moving beyond an approach focused solely on access restrictions in order to address the structural causes of online risks. Five priority areas are identified: 1. Creating a European standard for protecting minors online, 2. Opening up platform functionalities, 3. Rethinking the hosting platform/publisher dichotomy, 4. Taking into account the diverse uses of digital services, particularly those involving generative AI, and 5. Strengthening and structuring digital, media, and information literacy.


1. The Regulatory Framework Applicable to the Protection of Minors Online

The protection of minors online is governed by French law, supplemented by European law. The overall trend is toward stronger obligations for platforms, particularly when they offer social features, recommendation systems, or content that may be harmful to minors.

    1.1 In France: Focus on Digital Majority and Age Verification

On January 26, 2026, the French National Assembly adopted at first reading a bill intended to protect minors from the risks associated with their use of social media platforms. The French Law on Confidence in the Digital Economy (LCEN) of June 21, 2004 would be amended by adding a dedicated section on the protection of minors online.

This bill follows on from the 2023 Marcangeli Law, which had already sought to establish a digital majority at age 15, but has not been implemented due to the lack of an implementing decree and difficulties in reconciling it with European law. (1)

The January 2026 bill targets online social networking services and certain online platforms within the meaning of European law. It provides for an access ban for minors under the age of 15, while excluding certain services such as online encyclopedias, educational or scientific directories, and free software development platforms. Arcom, the agency in charge of audiovisual and digital communication, would be responsible for monitoring compliance with the framework, in coordination with the competent European authorities.

France has also strengthened age verification requirements for access to pornographic content. The SREN Law of May 21, 2024 requires the relevant services to implement an age verification system compliant with the technical framework adopted by Arcom. (2)

However, it is important to strike the right balance between the reliability of age verification and respect for users’ privacy.

    1.2 At the European Level: Focus on Digital Majority and Platform Accountability 

At the European level, two instruments form the foundation of the regulatory framework for protecting minors online: the GDPR and the DSA.

The GDPR (Article 8) sets at 16 the age from which a minor may independently consent to the processing of their personal data in connection with information society services, while allowing Member States to lower that threshold. In France, the threshold is set at 15.

The Digital Services Act (DSA) imposes obligations on platforms relating to transparency, moderation, the fight against illegal content, and risk management. In addition, very large online platforms (VLOPs) are subject to enhanced obligations, particularly regarding the assessment and mitigation of systemic risks.

The European Commission’s guidelines on the protection of minors under Article 28 of the DSA, published on July 14, 2025, provide several recommendations applicable to online platforms accessible to minors, with the exception of micro and small enterprises.

On November 26, 2025, the European Parliament also adopted a resolution calling for the minimum age for access to social media platforms, video-sharing platforms, and AI companions to be set at 16, with access between ages 13 and 16 possible, subject to parental consent. (3)

However, relying solely on age verification to limit minors’ access to online services is neither sufficient nor fully satisfactory.


2. The Limits of Age Verification

Age verification is currently one of the main tools used in public policies aimed at protecting minors online. However, according to the Council for AI and Digital Technology, age verification cannot, by itself, provide a sufficient response.

    2.1 Age Verification: A Useful Measure, but Technically Easy to Circumvent

Several age verification methods currently exist: self-declaration, age estimation, and age verification through identifiers or certified sources. Each has its limitations.

Self-declaration is simple but unreliable and is no longer accepted in France for accessing adult websites. Age estimation may rely on usage data or facial recognition, which raises concerns regarding reliability, bias, and personal data. Age verification through identity documents or digital wallets is more robust, but raises privacy concerns.

Accordingly, while age verification may be relevant for limiting access to certain content or services, particularly pornographic content or platforms presenting high risks for minors, these mechanisms can be easily circumvented, including through the use of VPNs, third-party accounts, or already verified accounts.

CIANum also emphasizes that this approach does not address the structural causes of risk: the attention economy, addictive design, algorithmic opacity, exposure to toxic content, large-scale data collection, and weak user control settings.

As a result, preventing a minor from accessing a service does not necessarily make that service safer. It may even shift the problem to other, less regulated spaces, such as alternative platforms, messaging services, online games, or conversational AI services.

    2.2 Risks to Privacy, Inclusion, and Accessibility

Age verification may lead to the collection of sensitive or highly identifying data: identity documents, facial images, biometric data, banking data, or usage signals. These processing operations must be assessed under the GDPR, applying the principles of data minimization, proportionality, purpose limitation, privacy by design, and security.

Age verification also creates a risk of exclusion. Some minors do not have official proof of identity. Others may face difficulties related to disability, where mechanisms rely on visual interfaces, captchas, or inaccessible procedures.

    2.3 A Potential Loss of Digital Learning Opportunities

Digital technology is part of our daily environment. Minors must be able to become familiar with these tools and learn how to use them, access information, learn, express themselves, and develop autonomy online within a secure framework.

CIANum emphasizes that an overly abrupt ban on access to digital services may deprive minors of a gradual learning process. Delaying access to social media platforms or other online platforms does not guarantee that teenagers will be better prepared when they eventually gain access.

Age verification should therefore be treated as one compliance building block, not as a comprehensive strategy for protecting minors. It is precisely on this point that the CIANum paper is most valuable: shifting the debate from mere access to age verification services to the very design of digital environments.


3. CIANum’s Proposals to Strengthen the Protection of Minors Online

The Council for AI and Digital Technology proposes moving beyond age verification alone in order to build more comprehensive protection for minors, focused on fundamental rights, data protection, digital education, and five priority areas.

    3.1 Creating a European Standard for Protecting Minors Online

The Council proposes shifting the protection of minors from a fragmented national approach to a European reference framework. The objective would be to create a common standard across Member States, incorporating harmonized requirements for service design, age verification, personal data protection, risk governance, and cooperation with trusted flaggers (DSA).

    3.2 Opening Up Platform Functionalities

Current measures to protect minors do not address platforms’ business models. These models are based on the exploitation of personal data, attention capture, continuous engagement, deceptive interfaces, and opaque algorithms.

The Council recommends opening up platform functionalities, establishing a “right to settings,” and strengthening algorithmic transparency. This would require enabling users to better understand and control the content recommended to them: choosing a chronological feed, disabling certain recommendations, limiting notifications, configuring sensitive content, controlling engagement features, and receiving understandable explanations about recommendation systems.

    3.3 Rethinking the Hosting Platform/Publisher Dichotomy

The Council also calls for rethinking the traditional distinction between hosting platforms and publishers. This distinction becomes less clear when the role of platforms is no longer limited to hosting content, but extends to ranking, recommending, prioritizing, and monetizing it. Accordingly, the more actively platforms intervene in relation to content, the more they could be expected to assume greater responsibility for the effects of their recommendation and moderation systems.

    3.4 Integrating Risks Linked to Generative AI

The discussion should not be limited to traditional social media platforms. Minors’ digital uses are evolving toward conversational assistants, AI companions, chatbots integrated into platforms, image or text generation tools, and personalized services.

These services may present specific risks: emotional dependency, excessive personalization, manipulation, exposure to inappropriate content, collection of sensitive data, generation of responses, or encouragement of dangerous behavior.

Providers of services integrating generative AI should therefore implement specific safeguards for minors: disabling certain features by default, limiting emotional personalization, detecting risk situations, displaying prevention messages, providing age-appropriate information, and strengthening human oversight.

    3.5 Strengthening and Structuring Digital, Media, and Information Literacy

Finally, the Council emphasizes the importance of digital education. Protecting minors cannot rely solely on technical or legal restrictions. It also requires developing critical thinking, understanding algorithms, knowing how to use privacy settings, being able to identify manipulative content, and mastering the risks associated with personal data.

Platforms can contribute to this objective by providing educational interfaces, contextualized prevention messages, understandable settings, onboarding pathways adapted to minors, and resources for parents, teachers, and users.


       Protecting minors online can no longer be reduced to age verification alone. Although age verification is necessary in certain contexts, such as access to pornographic or violent content, it remains insufficient to address the broader risks associated with digital platforms. The Council for AI and Digital Technology calls for a change in scale and a shift from a case-by-case logic of prohibition to a logic of responsible design for digital spaces.

For digital service providers, the challenge is twofold: to comply with the applicable regulatory framework and, where specific risks arise from minors’ use of their services, to integrate protection of minors by default or by design into their services.

* * * * * * * * * * *


(1) Law No.2023-566 of July 7, 2023 aimed at establishing a digital majority and combating online hate.

(2) Arcom, “Technical framework on age verification for the protection of minors against online pornography”, October 9, 2024. (in French)

(3) “Children should be at least 16 to access social media, say MEPs”, European Parliament press release of November 26, 2025.


Bénédicte DELEPORTE
Avocat

Deleporte Wentz Avocat
www.dwavocat.com

June 2026

Go back to News and Publications

Mots clés :

advertising (1) adwords (3) ai (32) anssi (3) arcep (5) arcom (23) artificial intelligence (14) audiovisual (2) audit (4) blockchain (8) cbpr (9) children (5) cjeu (3) cloud computing (3) cnil (24) commerce (6) communication (9) compliance (44) confidentiality (2) consumers (3) contract (9) cookies (8) copyright (5) cross-border data transfers (8) cybercrime (2) cybersquatting (3) data controller (4) data privacy (24) data privacy framework (2) database (1) digital accessibility (1) domain names (2) dpf (2) drones (1) dsa (12) e-commerce (19) e-consumers (1) employee (3) encryption (1) eu (26) europe (25) france (15) fraud (1) gdpr (41) general data protection regulation (12) health (1) indexing (2) information technology (9) intellectual property (10) internet (38) ip (5) legal training (6) liability (6) métavers (3) networks (1) nft (4) privacy (19) privacy shield (2) regulation (4) robotics (8) rpa (6) safe harbor (2) search engines (4) security (4) singapore (5) social media (8) software (8) terms and conditions (gtc's) (1) trademark (3) uas (1) unmanned aircraft (1) us (3) video game (3)