Ofcom investigates TikTok age assurance under UK’s Online Safety Act

Ofcom has opened an investigation into TikTok age assurance and the platform’s compliance with child safety duties under the UK’s Online Safety Act.

The investigation will examine whether TikTok uses proportionate systems and processes to prevent children from encountering content classified as harmful under the Act.

Since 25 July 2025, user-to-user services likely to be accessed by children have been required to prevent minors from encountering primary priority content harmful to children. Platforms must also protect different age groups from other forms of harmful material.

Where primary priority content is available, providers must use age-assurance systems that are highly effective at determining whether a user is a child, unless the content is prohibited for all users under the platform’s terms of service.

Ofcom said the investigation follows its review of measures adopted by major platforms and findings from its report on children’s online experiences, which raised concerns about minors encountering harmful content on TikTok.

A separate report on age assurance also suggested that age-estimation models, including those used by TikTok, may have failed to identify a significant proportion of children correctly.

The regulator will assess whether TikTok’s age-assurance measures meet the legal standard of being ‘highly effective’ and whether any shortcomings may have left children exposed to harmful content.

The regulator stressed that opening the investigation does not mean it has concluded that TikTok breached the law. Its first step will be to use formal information-gathering powers to collect and analyse evidence.

TikTok may choose to follow Ofcom’s Protection of Children Codes of Practice or adopt alternative measures. However, any alternative approach must still satisfy the platform’s legal obligations under the Online Safety Act.

If Ofcom identifies failures involving TikTok age assurance or other child protection systems, it could impose a fine of up to £18 million or 10% of qualifying worldwide revenue, whichever is greater.

In the most serious cases, Ofcom can seek a court order requiring third parties, including payment providers, advertisers and internet service providers, to withdraw services from or block access to a platform in UK.

The investigation is expected to take at least three months, with Ofcom planning to publish an update in October 2026.

Why does it matter?

The investigation will provide an early test of how rigorously Ofcom enforces the Online Safety Act’s child protection duties against major platforms. Its outcome could help define what constitutes ‘highly effective’ age assurance and shape industry expectations for protecting minors online.

The case also reflects a broader shift towards holding platforms accountable not only for removing harmful content but for demonstrating that their safety systems work in practice. Any enforcement action is likely to influence how other online services approach age verification and child safety compliance in the UK.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Spain promotes national cybersecurity support helpline

Spain’s National Cybersecurity Institute (INCIBE) has highlighted its free and confidential 017 helpline, which provides specialist advice on digital security issues for citizens, businesses, professionals and educational institutions.

The helpline provides guidance on scams, phishing, identity theft, compromised accounts, social media privacy, cyberbullying, device security and protecting personal information. It also advises on parental controls, online child safety, digital identity management and the safe use of apps and social media platforms.

INCIBE stressed that 017 is a cybersecurity advisory service rather than a reporting channel or technical support line. Specialists explain appropriate reporting procedures, direct users to the relevant authorities where necessary and assess each case individually.

The service is available daily from 8:00 to 23:00 via telephone, WhatsApp, Telegram, an online form and, by appointment, in person at INCIBE’s headquarters in León.

Why does it matter?

As cyber threats become more common, many users need trusted advice before or after an incident rather than only technical assistance or law enforcement support. Services such as INCIBE’s 017 helpline can help individuals and organisations respond more effectively while improving awareness of everyday cyber risks.

The initiative also reflects a broader shift towards strengthening national cyber resilience through public support services. By combining technical, legal and practical guidance in a single point of contact, governments can encourage earlier reporting, better cyber hygiene and more effective responses to digital security incidents.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK plans default overnight social media restrictions for teenagers

The UK government plans to introduce default overnight social media restrictions for 16- and 17-year-olds, alongside measures to limit features designed to encourage prolonged platform use.

Social media platforms will be expected to activate overnight restrictions from midnight to 6 a.m. by default for users in this age group. Teenagers will be able to change the settings, but the protections will be enabled automatically.

Autoplay and continuously personalised content feeds will also be disabled by default. The government said these features can encourage prolonged use and reinforce potentially addictive patterns of engagement.

The measures are intended to avoid a sudden reduction in online protections when children turn 16. They complement the government’s previously announced plans to prohibit social media services from being offered to children under 16 from spring 2027.

The proposals follow a government pilot involving more than 300 teenagers and parents across the UK. Participating families said the overnight restrictions became part of their routines and helped improve sleep and concentration.

Technology Secretary Liz Kendall said older teenagers should retain greater independence while continuing to receive protection from features that could negatively affect their wellbeing.

The government also plans additional protections for children using AI chatbots. Proposed measures include encouraging regular breaks for users under 18 and taking action against services that provide dangerous, misleading or unverified mental health advice.

Ministers will work with regulators and other government departments to consider further restrictions, including possible bans on chatbots considered to pose a serious risk to children. Guidance for children, parents and guardians will also be added to the Kids Online Safety Hub.

Schools will strengthen media literacy through Relationships, Sex and Health Education classes covering AI, chatbots, misinformation and harmful online content. From September 2028, media literacy will also be embedded across the National Curriculum, including lessons on AI, data science, source analysis and technological bias.

The first regulations supporting the under-16 social media restrictions are expected to be presented to Parliament by the end of 2026, with implementation and enforcement planned for spring 2027.

Why does it matter?

The proposals reflect a growing shift from focusing solely on access to social media towards regulating how digital services are designed and used. By targeting autoplay, personalised feeds and AI chatbots alongside age-based protections, the government is seeking to address features that may contribute to excessive use and online harms.

If adopted, the measures could further shape debates on youth online safety beyond the UK, reinforcing the trend towards safety-by-design, stronger protections for minors and greater platform responsibility for children’s digital wellbeing.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia’s eSafety report highlights gaps in child safety measures

Australia’s eSafety Commissioner has published its third transparency report assessing how major technology companies are tackling child sexual exploitation and abuse under the country’s Basic Online Safety Expectations.

The report concludes that significant gaps remain across major platforms, particularly in responding to the growing threat of sexual extortion targeting children and young adults.

The report examines the practices of Apple, Discord, Google, Meta, Microsoft, Snap and WhatsApp, highlighting shortcomings in proactive detection technologies, reporting tools and safety measures. According to eSafety, many platforms in Australia are not fully using available technologies, including language analysis tools capable of identifying coercive scripts used by offenders.

The report also identifies weaknesses in reporting mechanisms across several messaging services and notes that private messaging and video environments remain particularly challenging for detecting sexual extortion and livestreamed child sexual abuse.

Between July and December 2025, eSafety received more than 2,000 complaints relating to sexual extortion, with men aged 18 to 24 accounting for the largest group of victims. Separate research with the Australian Institute of Criminology found that more than one in ten adolescents aged 16 to 18 had experienced sexual extortion, while more than half of victims were first targeted before the age of 16.

The report also notes that Microsoft is currently the only provider using dedicated tools to detect and disrupt livestreamed child sexual abuse during video calls.

While eSafety acknowledged incremental improvements—including Google’s and Snap’s enhanced detection of known child sexual abuse material, Meta’s expanded grooming detection and Discord’s blocking of known child sexual abuse URLs—it argued that much stronger action is still needed.

The Commissioner called for wider deployment of proactive detection technologies, faster responses to victim reports and greater investment in tools capable of preventing abuse before it occurs.

Why does it matter?

The report highlights growing regulatory expectations that online platforms should actively prevent child sexual exploitation rather than rely primarily on user reports. As threats such as sexual extortion become more sophisticated, regulators are increasingly scrutinising whether companies are deploying available technologies to detect and disrupt abuse.

The findings also reinforce a broader shift towards safety-by-design in online regulation. By identifying gaps in detection, reporting and intervention, the report could increase pressure on technology companies to strengthen protections across messaging, social media and video services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

European Parliament committee backs stronger online protections for children

The European Parliament’s Committee on Culture and Education has adopted a report calling for stronger enforcement of existing EU digital legislation to create a safer online environment, particularly for children and young people.

MEPs argue that platforms should be held more accountable for the impact of their services through stronger safeguards, greater algorithmic transparency and stricter protections against addictive digital design.

The European Parliament report calls for a ban on the most harmful addictive platform features and supports introducing a dedicated ‘youth mode’ that would disable targeted advertising and reduce minors’ exposure to addictive design practices.

MEPs also propose greater transparency around recommender systems so users can better understand why content is promoted, restricted or removed. They further suggest introducing personal liability for serious and persistent failures to comply with child protection obligations.

Beyond platform design, the report recommends an EU-wide code of conduct for influencers and stronger safeguards against practices such as kidfluencing and sharenting, where children are used in commercial content or exposed excessively online.

MEPs also call for mandatory ethical standards for AI companions, greater transparency around AI model training, measures against AI-generated impersonation scams, stronger protection against synthetic child sexual abuse material, and systematic monitoring of children’s digital habits across the EU.

The committee said these measures should complement existing legislation, including the Digital Services Act, AI Act, GDPR and Audiovisual Media Services Directive, creating a more coherent EU framework for protecting minors online. The report will now be submitted to Parliament’s plenary session in September 2026.

Why does it matter?

The report signals growing political support for strengthening children’s online safety by making platforms more accountable for the design and operation of their services. Rather than relying solely on new legislation, MEPs are urging stronger enforcement of existing EU rules alongside targeted measures addressing addictive design, recommender systems and AI-powered services.

Although the report is not legally binding, it could influence future EU legislation and enforcement priorities by reinforcing the shift towards safety-by-design, greater transparency and stronger protections for minors across digital platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Eurobarometer finds strong support for protecting children online

A new Eurobarometer survey released by the European Commission shows that Europeans are overwhelmingly concerned about the risks children face online, with cyberbullying, online grooming and harmful content ranking among their biggest worries.

The Flash Eurobarometer 584 survey, conducted between 19 and 24 June 2026 among 25,904 people across all 27 EU Member States, found that 71% of respondents were concerned about cyberbullying and online harassment. Online grooming and sexual exploitation worried 70%, while 69% cited exposure to harmful content such as violence, self-harm and extremism, as well as misuse of children’s personal data.

The survey also highlighted concerns about children’s online habits. Adolescents spend an average of 4.5 hours online on school days and 6.1 hours at weekends, while 14% reported spending more than 10 hours a day on screens.

The findings come as the European Commission prepares new child safety proposals. The Special Panel on Child Safety Online, which met between March and June 2026, will present its recommendations to Commission President Ursula von der Leyen on 13 July. The panel drew on expertise in health, neuroscience, psychology, child rights and digital literacy, with its recommendations expected to inform future EU action.

The European Commission plans to present policy proposals after the summer. The survey also found broader public concern about online risks, with 87% of respondents agreeing that disinformation, foreign interference and AI-generated content threaten democratic processes in the EU.

Why does it matter?

The survey provides strong public backing for stricter EU measures to protect children online. As policymakers consider stronger age assurance, safer platform design and enhanced protections for minors, the findings suggest there is broad public support for more robust regulation of digital services.

The results also reinforce the growing view that online safety is no longer only a technology issue but a public health and child protection challenge. Concerns about cyberbullying, harmful content and excessive screen time are increasingly shaping debates on platform accountability across Europe.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Two in five UK children say they bypass online age checks

Nearly two in five UK children aged 11 to 17 say they have successfully bypassed an online age check, according nationally representative research commissioned by the Department for Science, Innovation and Technology (DSIT).

The study surveyed 2,299 children in May 2026 to examine their experiences with age assurance, VPN use and methods of bypassing age checks. It also included an additional sample of recent VPN users.

Overall, 39% said they had successfully bypassed an age check at least once, while another 14% had tried unsuccessfully. Success rates rose from 28% among 11- to 12-year-olds to 43% among older teenagers.

Many children avoided age checks altogether by choosing websites, apps or games that either had no age verification or appeared easy to bypass. Among those who successfully circumvented checks, 63% said they simply pretended to be older, most commonly by entering a false date of birth.

Most successful circumvention involved simple self-declaration systems such as tick boxes and date-of-birth fields, which children also rated as the least effective.

By contrast, 86% of respondents who had encountered government ID verification considered it effective, while third-party identity services, payment card verification and facial age estimation also received substantially higher ratings.

Privacy was the most common reason for using a VPN. However, 22% of VPN users said they had used one to access age-restricted websites, apps or games, equivalent to 7% of all children surveyed.

Parents were involved in some VPN use. Among children who had used one, 22% received help from a parent to set it up, while 43% of current users said a parent paid for the service. However, older teenagers were more likely to install VPNs without parental knowledge.

Friends were the main source of information about bypassing age checks, cited by half of children who had done so. Practical consequences appeared to be the strongest deterrents, including harder-to-defeat checks, permanent account bans, and notifying parents about circumvention attempts.

The report also found an association between bypassing age checks and exposure to harmful content. Among children who had circumvented age checks, 51% reported later encountering at least one form of harmful material, including explicit content, contact from unknown adults and requests for personal information.

The researchers cautioned that the findings rely on self-reported behaviour and do not establish that VPN use or circumvention directly caused exposure to harmful content.

Why does it matter?

The findings suggest that basic self-declaration systems provide limited protection for children and are easily circumvented. As regulators increasingly require stronger age assurance under frameworks such as the UK’s Online Safety Act, the challenge will be deploying systems that are both effective and proportionate while protecting users’ privacy.

The research also highlights that technology alone is unlikely to solve the problem. Children’s motivations, platform design, parental involvement and digital literacy all influence whether age restrictions are respected, suggesting that meaningful online safety will require a combination of technical safeguards, regulation and education.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission prepares new EU child safety online legislation

The European Commission has received the report of its Special Panel on Child Safety Online, with President Ursula von der Leyen confirming that legislative proposals to strengthen children’s online protection will be presented after the summer.

Von der Leyen described the report as an important evidence base for future policymaking and said its recommendations would inform the Commission’s forthcoming legislative proposals.

The Commission highlighted growing concerns about the impact of social media on children’s mental health and wellbeing, pointing to excessive screen time, addictive platform design, cyberbullying and exposure to harmful content as key risks facing young users.

According to the Commission, online platforms should be responsible for ensuring their services are safe by design, just as manufacturers are responsible for the safety of physical products.

The Commission also stressed the need for stronger age-appropriate protections, highlighting the forthcoming EU age verification application as a privacy-preserving tool that could give parents greater control over children’s access to online services.

Von der Leyen also said Europe should consider introducing a minimum age for access to social media and other digital services with addictive or age-inappropriate features, describing any future approach as gradual and guided by scientific evidence.

The Commission will now examine the panel’s recommendations alongside input from parents, educators, researchers, young people, member states and international partners before preparing legislative proposals aimed at strengthening children’s rights and safety online.

Why does it matter?

The Commission’s announcement signals that child online safety is moving higher up the EU’s digital policy agenda. Beyond enforcing existing rules under the Digital Services Act and AI Act, Brussels is now considering additional legislation that could introduce stronger platform obligations, age verification measures and possible minimum-age requirements for certain online services.

If adopted, these proposals could significantly reshape how platforms design and deliver services for younger users, reinforcing a broader regulatory shift towards safety by design and greater platform accountability across the European Union.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

MIT develops safer way to detect harmful AI models

MIT researchers have developed a new auditing method to detect whether generative AI models have been adapted to produce child sexual abuse material without generating illegal content during testing.

The technique was developed with Thorn, a child safety nonprofit focused on protecting children from sexual abuse and exploitation online.

Traditional AI safety testing often involves prompting a model and checking its outputs, but that approach cannot be used for child sexual abuse material, which is illegal to generate in the US and many other jurisdictions.

MIT said the problem has become more urgent as open-source generative AI models become easier to download, adapt and redistribute.

The researchers’ method examines internal changes during fine-tuning, rather than testing the model by generating images.

In tests, the auditing procedure identified model variants adapted to generate child sexual abuse material with 100% accuracy.

MIT said hosting platforms could use the method to flag unsafe models, block uploads or remove harmful adaptations before they spread more widely online.

The researchers also plan to test whether the approach can detect harmful capabilities in a larger set of model variants and in base models before adaptation.

Why does it matter?

The research addresses a serious AI safety blind spot: some harmful model capabilities cannot be tested safely or legally by generating outputs. A non-generative auditing method could give hosting platforms, auditors and law enforcement a safer way to detect models adapted for child sexual abuse material before they are distributed. It also points to a broader governance challenge around open-source generative AI: platforms may need scalable tools to assess harmful adaptations without exposing reviewers to illegal or traumatic content.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission panel recommends social media restrictions for under-13s

A special panel convened by the European Commission has recommended restricting access to social media and other high-risk digital services for children under 13, arguing that platforms should prove they are safe before minors are allowed to use them.

The report was prepared by the co-chairs of the Special Panel on Child Safety Online, Prof. Dr. Jörg M. Fegert and Dr. Maria Melchior, whom European Commission President Ursula von der Leyen appointed in March 2026 to advise on child safety online and possible age restrictions for social media.

The panel met three times between March and June 2026 to examine scientific evidence on the impact of social media and digital environments on minors, review existing EU and national rules, and develop recommendations to better protect and empower children online.

The report uses the term ‘social media+’ to describe social media and other digital services that expose minors to potentially harmful features, including addictive design, infinite scroll, autoplay, recommender systems, persistent notifications, AI companions, video games and video-sharing platforms.

The co-chairs argue that providers, not children or parents, should bear the burden of demonstrating that their services are safe by design and appropriate for young users. Until then, they recommend restricting access for children under 13, while allowing member states to introduce additional precautionary measures for older adolescents if needed.

The recommendations also call for proportionate age-assurance systems, stronger safety-by-design requirements, limits on addictive platform features, more effective complaints mechanisms for minors and stronger enforcement of existing EU legislation, including the Digital Services Act, GDPR and AI Act.

The report also urges the EU to close legislative gaps on child sexual abuse online by adopting permanent obligations requiring providers to prevent, detect, report and block abuse, including in interpersonal communications.

Beyond restrictions, the report emphasises digital empowerment through stronger media literacy for children, parents, teachers and caregivers, greater participation by young people in policymaking, improved parental guidance, increased support for civil society organisations and helplines, and more investment in offline activities such as sports, arts and youth spaces.

The report concludes that protecting children online requires an ecosystem-wide approach involving regulators, digital service providers, educators, parents, caregivers and children themselves. It argues that children’s rights should apply online just as they do offline, balancing protection with opportunities to learn, participate and communicate.

Why does it matter?

The report could significantly influence future EU policy on children’s access to digital services, platform design and online safety. By recommending a default restriction for children under 13 and placing responsibility on providers to demonstrate that their services are safe, it shifts the debate away from parental responsibility towards platform accountability.

Although the recommendations are not legally binding, they are likely to inform future discussions on the Digital Services Act, the AI Act and wider EU child protection policies. If adopted, they could reshape how online platforms design services for younger users across Europe.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!