FTC guidance sets out platform duties under Take It Down Act

The US Federal Trade Commission has issued guidance for online platforms on compliance with Section 3 of the Take It Down Act, which takes effect on 19 May 2026 and requires covered platforms to remove non-consensual intimate photos or videos within 48 hours of receiving a valid request.

The FTC says the law applies to a broad range of online platforms, including websites, apps, social media, messaging, image and video sharing, and gaming services. Platforms may fall under the law if they primarily provide a forum for user-generated content or regularly publish, curate, host, or furnish intimate content shared without consent.

Covered platforms must provide clear and conspicuous plain-language information about how people can submit removal requests for intimate photos or videos shared without consent. The FTC says platforms should make the process easy to use, including for people who do not have an account on the service.

The law also covers ‘digital forgeries’, including intimate images that were digitally created or altered using software, apps, or AI. Platforms that receive a valid request must remove the reported content and make reasonable efforts to locate and remove known identical copies within 48 hours.

The FTC also encourages platforms to help prevent removed images from spreading further, including through hashing technology and, where appropriate, by sharing hashes with services such as the National Center for Missing and Exploited Children’s Take It Down service or StopNCII.org.

Violations of the Take It Down Act will be enforced by the FTC and treated as violations of an FTC rule. The agency says platforms that breach the law may face civil penalties of $53,088 per violation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Canada issues age assurance guidance

The Office of the Privacy Commissioner of Canada has issued guidance on how organisations should assess and implement age assurance tools for websites and online services.

The OPC states that age assurance should only be used where there is a clear legal requirement or a demonstrable risk of harm to children. It emphasises that organisations must evaluate whether alternative, less intrusive measures could address these risks before adopting such systems.

The guidance highlights that any age assurance approach, including those that use AI, must be proportionate, limit personal data collection, and operate in a privacy-protective manner. It also warns against using collected data for other purposes or linking user activity across sessions.

The OPC adds that organisations must provide user choice with respect to the type of personal information they would prefer to use in an age-assurance process, provide appeal mechanisms, and minimise repeated verification. The framework aims to balance child protection with privacy rights, with the guidance applying to online services in Canada.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ireland and the EU intensify DSA pressure on Meta

Coimisiún na Meán, the media regulator of Ireland, has launched two formal investigations into Meta over the design of recommender systems on Facebook and Instagram under the Digital Services Act. The investigations focus on whether users are prevented from choosing recommendation feeds that are not based on the profiling of their personal data.

Coimisiún na Meán said concerns emerged following platform supervision reviews and complaints linked to potential ‘dark patterns’ and deceptive interface designs. Regulators are examining whether users can easily access and modify non-profiled recommendation feeds as required under Article 27 of the DSA, alongside whether interface designs may improperly influence user choices under Article 25.

John Evans, Digital Services Commissioner at Coimisiún na Meán, said recommender systems can repeatedly push harmful material into user feeds, particularly affecting children and younger users. The regulator also warned that Very Large Online Platforms (VLOPs) must ensure users can exercise their rights under the DSA without manipulation or unnecessary barriers.

EU investigates Meta over under-13 access on Instagram and Facebook

At the same time, the European Commission has preliminarily found Meta in potential breach of the DSA over failures to adequately prevent children under 13 from accessing Instagram and Facebook. Regulators said Meta’s age verification and reporting systems may be ineffective, while the company’s risk assessments allegedly failed to properly address harms faced by underage users.

Why does it matter?

These investigations are critical because they could shape how the DSA is enforced across Europe, particularly in cases involving children and algorithmic recommendation systems. If regulators conclude that Meta failed to properly protect minors or used manipulative interface designs that discouraged users from choosing non-profiled feeds, the case may set a wider precedent for how large online platforms handle age assurance, user consent, privacy protections, and recommender system transparency under EU law.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Online Safety Act brings progress, but UK children still face harm online

A new report from Internet Matters suggests the UK’s Online Safety Act has introduced more visible safety measures for children, but has not yet delivered the step change needed to make their online lives meaningfully safer. Drawing on surveys and focus groups with children and parents, the report presents an early view of how the law is affecting families in practice.

The findings point to some clear signs of progress. Parents and children report seeing more safety features, including improved reporting tools, content filters, restrictions on certain functions, and stronger parental controls. Many children also say the content they encounter online is becoming more age-appropriate.

At the same time, the report argues that important weaknesses remain. Children continue to encounter harmful content at high rates, while age verification is widely seen as easy to bypass. Internet Matters also says that some of the issues families care most about, including excessive screen time and the risks linked to AI-generated content, are still not adequately addressed under the current framework.

The report concludes that parents are still carrying too much of the burden of keeping children safe online. It calls for stronger enforcement, more effective age assurance, tighter limits on harmful features, and a broader safety-by-design approach to digital services used by children in the UK.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

China closes consultation on digital virtual human services

The Cyberspace Administration of China has closed its public consultation on the draft Administrative Measures for Digital Virtual Human Information Services, which set out proposed rules for digital virtual human services provided to the public in China.

The notice states that the consultation opened in April 2026 and that comments were accepted until 6 May 2026. According to the draft, the measures would apply to internet information services delivered to the public within China through digital virtual humans.

The draft says providers and users must process data for lawful purposes and within a lawful scope, use data from legal sources, and fulfil their data security responsibilities. It also requires technical and other necessary measures to protect data storage and transmission and to prevent leaks or improper use.

The text further requires digital virtual human service providers and users to establish security risk monitoring, warning, emergency response, anti-addiction mechanisms, and stronger content-direction management, while also retaining logs. Providers whose services have public opinion attributes or social mobilisation capacity would also be required to complete algorithm filing procedures and security assessments in line with existing national rules.

Beyond cybersecurity and data protection, the draft includes provisions on personal information, personality rights, intellectual property, content controls, labelling requirements, and protections for minors. It defines digital virtual humans as virtual figures in the non-physical world that simulate human appearance and may have voice, behaviour, interaction abilities, or personality traits, using graphics, digital image processing, or AI technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New Meta age assurance system aims to prevent underage access

Meta has expanded its use of AI to strengthen age assurance and improve enforcement of underage account policies across its platforms. The systems are designed to detect users under 13 for removal and to place suspected teens into protected Teen Account settings on Instagram and Facebook in regions including the EU, Brazil, and the US.

The technology analyses a range of signals, including profile information, user activity, and other contextual indicators, to estimate age more accurately. Automated systems are also being used to support faster and more consistent review of reports related to underage use.

Visual analysis has also become part of Meta’s broader detection approach, with the company saying its systems look for general age-related indicators rather than attempting to identify specific individuals. Reporting tools have been simplified, and AI-assisted moderation is being used to improve the speed and reliability of enforcement decisions.

Alongside these enforcement measures, Meta is increasing parental engagement through notifications and guidance to encourage more accurate age reporting and safer online behaviour. The wider effort reflects growing pressure on platforms to move beyond self-declared age checks and to build stronger systems to protect younger users.

Why does it matter?

The significance of the move lies in the fact that age assurance is becoming a core platform governance issue rather than a secondary moderation tool. Meta is trying to show that large social platforms can use AI not only to recommend or personalise content, but also to enforce minimum age rules at scale. That matters because regulators are increasingly questioning whether self-declared age data is enough to protect minors online. It also points to a broader shift in which platforms are expected to combine safety obligations, automated detection, and parental tools into a more active system of child protection.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

MEPs consider stronger EU measures on cyberbullying and online harassment

The European Parliament has voted on a resolution on targeted criminal provisions and platform responsibility to address cyberbullying and online harassment, following a debate with the Commission.

The debate focused on whether EU law should go further in addressing harmful online behaviour, including through targeted criminal provisions and stronger obligations for platforms. Parliament’s plenary briefing said MEPs were expected to press the Commission on what more can be done beyond existing Digital Services Act protections.

Draft resolution texts tabled in Parliament say MEPs want the Commission to consider making cyberbullying a criminal offence under EU law and to address legal gaps in the current framework.

The vote followed the Commission’s recent action plan against cyberbullying, which Parliament said is built around a support app, coordination of national approaches, and the promotion of safer digital practices.

The debate also comes after MEPs heard testimony earlier this year from Jackie Fox, whose daughter Coco’s case led to Ireland’s Harassment, Harmful Communications and Related Offences Act 2020, known as Coco’s Law. Parliament’s briefing notes that while EU initiatives address parts of the issue, there is still no EU-wide anti-online bullying law or commonly agreed definition at the European or international level.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission urges fast rollout of EU age verification app

The European Commission has adopted a recommendation urging member states to accelerate the rollout of the EU age verification app and make it available by the end of the year. The recommendation says the app can be deployed either as a standalone solution or integrated into a European Digital Identity Wallet.

According to the Commission, the app is intended to let users prove they meet a required age threshold without disclosing their exact age, identity, or other personal details. The Commission has also published a blueprint for the system, leaving it to member states to customise and produce the app for their citizens.

The recommendation sets out actions for member states to support rapid availability and interoperability, including implementation plans and coordination to ensure the swift rollout of the solution across the EU.

The measure forms part of the EU’s wider approach to protecting minors online under the Digital Services Act, which requires online platforms to ensure a high level of privacy, safety, and security for minors.

Executive Vice-President Henna Virkkunen said: ‘Effective and privacy-preserving age verification is the next piece of the puzzle that we are getting closer to completing, as we work towards an online space where our children are safe and empowered to use positively and responsibly without restricting the rights of adults.’

Why does it matter?

The move takes age verification in the EU from a general policy objective to a more concrete implementation phase. Rather than leaving platforms and member states to develop separate solutions, the Commission is trying to steer the bloc towards a common privacy-preserving model that can work across borders.

That matters for both child protection and regulatory coherence, because if countries adopt incompatible systems or move at very different speeds, enforcement under the Digital Services Act could become uneven in practice.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK House of Commons backs amendments in lieu on Children’s Wellbeing Bill with online safety provisions

The UK House of Commons has backed government amendments instead of the Children’s Wellbeing and Schools Bill, after insisting on its disagreement with the Lords’ amendments and proposing its own amendments in lieu. In the debate, ministers said the Children’s Wellbeing and Schools Bill will place a statutory duty on the Secretary of State to act following the consultation, changing the wording from ‘may’ to ‘must’.

Education minister Olivia Bailey told MPs that the government is consulting on the mechanism, but that ‘under any outcome’ it will impose ‘some form of age or functionality restrictions for children under 16’. She added that curfews would be considered in addition to, not instead of, those restrictions.

Bailey said the Children’s Wellbeing and Schools Bill now requires a statutory progress report three months after Royal Assent, with regulations to be laid within 12 months after that. She said the government intends to move faster and aims to lay the regulations by the end of the year, while describing any further six-month extension as a backstop for ‘exceptional and unforeseen circumstances’ only.

Opposition MPs and Liberal Democrats argued that the timetable remained too slow. Conservative frontbencher Laura Trott said the revised proposal was ‘a huge step forward’ but warned that ‘every month of delay just leaves children more exposed to the harms of social media online’.

Liberal Democrat spokesperson Munira Wilson said the overall timeline could still amount to 21 months before action. The House later voted by 272 to 64 to insist on its disagreement with the Lords’ amendments and to approve the government’s amendments in lieu. Lords amendment 105C was also agreed to, allowing the Children’s Wellbeing and Schools Bill to move forward with the revised online safety provisions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Meta faces EU Digital Services Act breach finding over under-13 access

The European Commission has preliminarily found Meta’s Instagram and Facebook in breach of the Digital Services Act over failures to adequately prevent children under 13 from accessing the platforms. The finding remains provisional and does not prejudge the outcome of the investigation.

According to the Commission, Meta’s existing measures do not effectively enforce its own minimum age requirement of 13. The preliminary findings say children below that age can still create accounts by entering false birth dates, while the company’s reporting tool for underage users is difficult to use and often does not result in effective follow-up.

The Commission also considers Meta’s risk assessment to be incomplete and arbitrary. It says the company failed to identify and assess the risks properly posed to children under 13 who access Instagram and Facebook, despite evidence from across the EU suggesting that a significant share of children under 13 use one or both services. This wording is best kept cautious unless you are quoting the exact percentage directly from the Commission text.

At this stage, the Commission says Meta must revise its risk assessment methodology and strengthen its measures to prevent, detect, and remove children under 13 from the platforms. It also says the company must better counter and mitigate the risks those children may face and ensure a high level of privacy, safety, and security for minors.

The preliminary findings form part of formal proceedings opened against Meta in May 2024 under the DSA. The Commission says the investigation has included analysis of Meta’s risk assessment reports, internal data and documents, and the company’s responses to requests for information, with support from civil society organisations and child protection experts across the EU.

If the Commission’s preliminary view is confirmed, it may adopt a non-compliance decision and impose a fine of up to 6% of the provider’s total worldwide annual turnover, as well as periodic penalty payments. Meta now has the opportunity to reply before any final decision is taken.

Henna Virkkunen, Executive Vice President for Tech Sovereignty, Security and Democracy, said Meta’s own terms and conditions already state that its services are not intended for children under 13, but that the company appears to be doing too little in practice to prevent them from gaining access.

Why does it matter?

The case matters because it goes to the heart of how the Digital Services Act is expected to work in practice: not only by requiring large platforms to set rules for child safety, but by obliging them to enforce those rules effectively. If the Commission’s preliminary view is confirmed, the Meta case could become an important benchmark for how the EU treats age assurance, risk assessments, and platform accountability in cases involving minors, with wider implications for other services that rely on self-declared age checks and weak reporting tools.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!