Two in five UK children say they bypass online age checks

Nearly two in five UK children aged 11 to 17 say they have successfully bypassed an online age check, according nationally representative research commissioned by the Department for Science, Innovation and Technology (DSIT).

The study surveyed 2,299 children in May 2026 to examine their experiences with age assurance, VPN use and methods of bypassing age checks. It also included an additional sample of recent VPN users.

Overall, 39% said they had successfully bypassed an age check at least once, while another 14% had tried unsuccessfully. Success rates rose from 28% among 11- to 12-year-olds to 43% among older teenagers.

Many children avoided age checks altogether by choosing websites, apps or games that either had no age verification or appeared easy to bypass. Among those who successfully circumvented checks, 63% said they simply pretended to be older, most commonly by entering a false date of birth.

Most successful circumvention involved simple self-declaration systems such as tick boxes and date-of-birth fields, which children also rated as the least effective.

By contrast, 86% of respondents who had encountered government ID verification considered it effective, while third-party identity services, payment card verification and facial age estimation also received substantially higher ratings.

Privacy was the most common reason for using a VPN. However, 22% of VPN users said they had used one to access age-restricted websites, apps or games, equivalent to 7% of all children surveyed.

Parents were involved in some VPN use. Among children who had used one, 22% received help from a parent to set it up, while 43% of current users said a parent paid for the service. However, older teenagers were more likely to install VPNs without parental knowledge.

Friends were the main source of information about bypassing age checks, cited by half of children who had done so. Practical consequences appeared to be the strongest deterrents, including harder-to-defeat checks, permanent account bans, and notifying parents about circumvention attempts.

The report also found an association between bypassing age checks and exposure to harmful content. Among children who had circumvented age checks, 51% reported later encountering at least one form of harmful material, including explicit content, contact from unknown adults and requests for personal information.

The researchers cautioned that the findings rely on self-reported behaviour and do not establish that VPN use or circumvention directly caused exposure to harmful content.

Why does it matter?

The findings suggest that basic self-declaration systems provide limited protection for children and are easily circumvented. As regulators increasingly require stronger age assurance under frameworks such as the UK’s Online Safety Act, the challenge will be deploying systems that are both effective and proportionate while protecting users’ privacy.

The research also highlights that technology alone is unlikely to solve the problem. Children’s motivations, platform design, parental involvement and digital literacy all influence whether age restrictions are respected, suggesting that meaningful online safety will require a combination of technical safeguards, regulation and education.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission prepares new EU child safety online legislation

The European Commission has received the report of its Special Panel on Child Safety Online, with President Ursula von der Leyen confirming that legislative proposals to strengthen children’s online protection will be presented after the summer.

Von der Leyen described the report as an important evidence base for future policymaking and said its recommendations would inform the Commission’s forthcoming legislative proposals.

The Commission highlighted growing concerns about the impact of social media on children’s mental health and wellbeing, pointing to excessive screen time, addictive platform design, cyberbullying and exposure to harmful content as key risks facing young users.

According to the Commission, online platforms should be responsible for ensuring their services are safe by design, just as manufacturers are responsible for the safety of physical products.

The Commission also stressed the need for stronger age-appropriate protections, highlighting the forthcoming EU age verification application as a privacy-preserving tool that could give parents greater control over children’s access to online services.

Von der Leyen also said Europe should consider introducing a minimum age for access to social media and other digital services with addictive or age-inappropriate features, describing any future approach as gradual and guided by scientific evidence.

The Commission will now examine the panel’s recommendations alongside input from parents, educators, researchers, young people, member states and international partners before preparing legislative proposals aimed at strengthening children’s rights and safety online.

Why does it matter?

The Commission’s announcement signals that child online safety is moving higher up the EU’s digital policy agenda. Beyond enforcing existing rules under the Digital Services Act and AI Act, Brussels is now considering additional legislation that could introduce stronger platform obligations, age verification measures and possible minimum-age requirements for certain online services.

If adopted, these proposals could significantly reshape how platforms design and deliver services for younger users, reinforcing a broader regulatory shift towards safety by design and greater platform accountability across the European Union.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

MIT develops safer way to detect harmful AI models

MIT researchers have developed a new auditing method to detect whether generative AI models have been adapted to produce child sexual abuse material without generating illegal content during testing.

The technique was developed with Thorn, a child safety nonprofit focused on protecting children from sexual abuse and exploitation online.

Traditional AI safety testing often involves prompting a model and checking its outputs, but that approach cannot be used for child sexual abuse material, which is illegal to generate in the US and many other jurisdictions.

MIT said the problem has become more urgent as open-source generative AI models become easier to download, adapt and redistribute.

The researchers’ method examines internal changes during fine-tuning, rather than testing the model by generating images.

In tests, the auditing procedure identified model variants adapted to generate child sexual abuse material with 100% accuracy.

MIT said hosting platforms could use the method to flag unsafe models, block uploads or remove harmful adaptations before they spread more widely online.

The researchers also plan to test whether the approach can detect harmful capabilities in a larger set of model variants and in base models before adaptation.

Why does it matter?

The research addresses a serious AI safety blind spot: some harmful model capabilities cannot be tested safely or legally by generating outputs. A non-generative auditing method could give hosting platforms, auditors and law enforcement a safer way to detect models adapted for child sexual abuse material before they are distributed. It also points to a broader governance challenge around open-source generative AI: platforms may need scalable tools to assess harmful adaptations without exposing reviewers to illegal or traumatic content.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Music industry introduces labels for AI-generated songs

Major music industry organisations have announced a voluntary labelling system to help listeners understand when AI has been used in songs.

Groups including the RIAA, IFPI, the Recording Academy, SAG-AFTRA, IMPALA, WIN, A2IM and the Human Artistry Campaign back the initiative.

The labels will distinguish between ‘AI-generated’ and ‘AI-assisted’ music.

An ‘AI-generated’ label will apply when most or nearly all of the creative elements in a recording are artificial, such as an AI-generated lead vocal, instrumental performance or a song created from a prompt.

An ‘AI-assisted’ label will apply when humans mainly create a track but use AI for some expressive elements.

Industry leaders said the aim is to give fans clearer information about how music is made, while protecting human creativity, authorship and artistic intent.

The move comes as streaming platforms face rising volumes of AI-made content and low-quality uploads.

Deezer said in April that AI-generated tracks accounted for 44% of all new music uploaded to its platform each day.

Spotify also removed around 75 million spam tracks in 2025, as platforms increase efforts to identify low-quality, fraudulent or unauthorised content.

Why does it matter?

The labelling initiative shows how the music industry is trying to build transparency around AI use without waiting for formal regulation. Clear labels could help listeners distinguish fully synthetic music from human-led work that uses AI as a tool. They may also support copyright, attribution and platform-governance efforts as streaming services face growing volumes of AI-generated tracks, recycled content and spam uploads.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

European Commission panel recommends social media restrictions for under-13s

A special panel convened by the European Commission has recommended restricting access to social media and other high-risk digital services for children under 13, arguing that platforms should prove they are safe before minors are allowed to use them.

The report was prepared by the co-chairs of the Special Panel on Child Safety Online, Prof. Dr. Jörg M. Fegert and Dr. Maria Melchior, whom European Commission President Ursula von der Leyen appointed in March 2026 to advise on child safety online and possible age restrictions for social media.

The panel met three times between March and June 2026 to examine scientific evidence on the impact of social media and digital environments on minors, review existing EU and national rules, and develop recommendations to better protect and empower children online.

The report uses the term ‘social media+’ to describe social media and other digital services that expose minors to potentially harmful features, including addictive design, infinite scroll, autoplay, recommender systems, persistent notifications, AI companions, video games and video-sharing platforms.

The co-chairs argue that providers, not children or parents, should bear the burden of demonstrating that their services are safe by design and appropriate for young users. Until then, they recommend restricting access for children under 13, while allowing member states to introduce additional precautionary measures for older adolescents if needed.

The recommendations also call for proportionate age-assurance systems, stronger safety-by-design requirements, limits on addictive platform features, more effective complaints mechanisms for minors and stronger enforcement of existing EU legislation, including the Digital Services Act, GDPR and AI Act.

The report also urges the EU to close legislative gaps on child sexual abuse online by adopting permanent obligations requiring providers to prevent, detect, report and block abuse, including in interpersonal communications.

Beyond restrictions, the report emphasises digital empowerment through stronger media literacy for children, parents, teachers and caregivers, greater participation by young people in policymaking, improved parental guidance, increased support for civil society organisations and helplines, and more investment in offline activities such as sports, arts and youth spaces.

The report concludes that protecting children online requires an ecosystem-wide approach involving regulators, digital service providers, educators, parents, caregivers and children themselves. It argues that children’s rights should apply online just as they do offline, balancing protection with opportunities to learn, participate and communicate.

Why does it matter?

The report could significantly influence future EU policy on children’s access to digital services, platform design and online safety. By recommending a default restriction for children under 13 and placing responsibility on providers to demonstrate that their services are safe, it shifts the debate away from parental responsibility towards platform accountability.

Although the recommendations are not legally binding, they are likely to inform future discussions on the Digital Services Act, the AI Act and wider EU child protection policies. If adopted, they could reshape how online platforms design services for younger users across Europe.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission preliminarily finds Meta’s addictive platform design breaches the DSA

The European Commission has issued preliminary findings that Meta’s design of Instagram and Facebook breaches the Digital Services Act (DSA), arguing that features designed to maximise engagement may encourage compulsive use and fail to adequately protect children and other vulnerable users.

The investigation focuses on platform features including infinite scroll, autoplay, push notifications and highly personalised recommender systems.

According to the Commission’s preliminary assessment, Meta failed to properly evaluate the risks these features pose to users’ physical and mental well-being. Investigators found that personalised recommendations, continuous content feeds and engagement-driven formats such as Reels and Stories can encourage excessive use, particularly among younger users.

The Commission also said Meta failed to adequately consider evidence showing that children spend significant time on Instagram and Facebook during nighttime hours.

The Commission also concluded that Meta’s existing mitigation measures are insufficient. Screen time tools, including those enabled by default for teenagers, can easily be dismissed and do not meaningfully reduce usage.

Parental controls were also found to require considerable technical knowledge and active supervision, while educational resources available through Meta’s Safety Centre were considered inadequate to mitigate the risks associated with addictive platform design.

According to the Commission, Meta should redesign several core platform features, including disabling autoplay and infinite scroll by default, introducing more effective screen-time reminders and reducing the engagement-driven nature of its recommender systems.

The findings are preliminary, and Meta now has the opportunity to examine the Commission’s evidence and submit a formal response before a final decision is adopted. If the infringement is ultimately confirmed, the company could face fines of up to 6% of its global annual turnover under the Digital Services Act.

Why does it matter?

The case represents one of the EU’s most significant attempts to regulate platform design rather than online content. If confirmed, it would establish an important precedent for how very large online platforms design recommender systems, engagement mechanisms and user interfaces under the Digital Services Act, particularly where children and vulnerable users are concerned.

More broadly, the case signals that European regulators are increasingly willing to scrutinise the business models underpinning social media platforms, not just the content they host. That could influence how digital platforms design engagement features well beyond the EU.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Google adds labels to AI generated advertisements

Google has introduced a new transparency feature that lets users see whether advertisements on its platforms were created or modified using AI. The company will add a ‘created or edited with AI’ label to the ‘How this ad was made’ section of My Ad Center for ads shown on Google Search, Google Discover and YouTube.

The label will be applied automatically to advertisements generated with Google’s own AI advertising tools. Advertisers using third-party AI systems, however, will be responsible for disclosing AI involvement themselves. In some regions, the disclosure may also appear directly on advertisements to give users clearer information about how promotional content was produced.

The move follows a broader industry push for greater transparency around AI-generated content. Platforms such as Meta have introduced similar disclosure measures, while Google has expanded content authenticity initiatives including SynthID and C2PA support to help identify AI-generated or digitally altered media.

Why does it matter?

Generative AI is making it faster and cheaper to create advertising content, increasing the importance of disclosure mechanisms that help users understand how digital content is produced. AI labels can improve transparency without restricting advertisers’ ability to use AI-powered creative tools.

The initiative also reflects a broader shift towards digital trust and content provenance. As synthetic media becomes more common across advertising, social media and online publishing, consistent labelling and authenticity standards are likely to play an increasingly important role in platform governance, consumer protection and regulatory compliance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

European Parliament advances child safety privacy balance

The European Parliament has adopted amendments to a temporary exemption from the EU’s ePrivacy rules, seeking to preserve voluntary detection of child sexual abuse material while strengthening protections for end-to-end encrypted communications.

MEPs voted to exclude communications protected by end-to-end encryption from the scope of the temporary derogation, reinforcing privacy protections while maintaining support for voluntary detection measures.

The amendments were adopted during Parliament’s second reading of the proposal. Although a simple majority initially voted to reject the Council’s position, the motion failed because it did not reach the required absolute majority of 360 votes. Parliament therefore proceeded to adopt amendments instead.

The amended text now returns to the Council, which has three months to approve or reject Parliament’s changes. If the Council does not accept all of the amendments, the proposal will move to conciliation negotiations.

The temporary derogation is intended to prevent a legal gap following the expiry of the previous exemption in April 2026. It allows electronic communications providers to continue voluntarily detecting, removing and reporting child sexual abuse material while EU institutions negotiate a permanent legal framework.

Earlier negotiations between the European Parliament and the Council failed to produce an agreement, allowing the previous temporary framework to expire before the proposal returned for a second reading.

At the same time, Parliament and the Council continue negotiations on a permanent legislative framework to combat child sexual abuse online. Most elements have already been agreed, with discussions continuing on issues such as the balance between child protection and fundamental rights, including privacy and secure communications.

Why does it matter?

The vote highlights the EU’s continuing effort to balance child protection with fundamental rights. By excluding end-to-end encrypted communications from the temporary derogation, Parliament is signalling that stronger safeguards against child sexual abuse should not come at the expense of weakening secure communications.

The decision also keeps voluntary detection measures in place while negotiations continue on a permanent framework. The outcome of those talks is likely to shape how the EU reconciles online safety, privacy and encryption in future digital regulation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ofcom fines adult platform over Online Safety Act age check failures

The UK communications regulator, Ofcom, has fined the operator of Fapello.com £630,000 for breaching the Online Safety Act, marking one of its most significant enforcement actions under the new regime.

The penalty includes £600,000 for failing to implement legally required age assurance measures to prevent children from accessing pornographic content, and a further £30,000 for failing to comply with a legally binding information request. Following Ofcom’s action, Fapello.com geoblocked users in the UK, although the regulator said it will continue monitoring compliance.

Ofcom also confirmed it has opened a new investigation into Bit Hive, operator of Eporner.com, to assess whether its age verification measures meet the Act’s requirement for ‘highly effective’ age assurance.

Separately, the regulator expanded its existing investigation into Kemono.cr to examine whether the platform failed to comply with statutory information requests.

Ofcom said robust age verification is a core requirement of the Online Safety Act and warned that providers failing to implement effective protections or cooperate with regulatory investigations should expect enforcement action, including substantial financial penalties.

The regulator added that it prioritises investigations according to user reach and will continue monitoring compliance across online pornography services.

Why does it matter?

The case demonstrates that the UK’s Online Safety Act has entered a new phase of active enforcement. Rather than focusing solely on guidance and compliance deadlines, Ofcom is now imposing financial penalties and investigating platforms that fail to implement effective child protection measures.

The decision also shows that enforcement extends beyond age verification itself. Companies that fail to cooperate with regulatory investigations or provide required information may face additional sanctions, reinforcing the regulator’s ability to oversee compliance across online platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Google rolls out AI video editing in Google Photos

Google is rolling out Google Photos Video Remix for Google Photos, a new AI-powered editing feature that transforms videos using ready-made templates and generative effects.

Powered by Gemini Omni, Google’s multimodal AI model, the feature is designed to help users create stylised video clips without professional editing skills or dedicated video software.

Available through the Create tab in Google Photos, Video Remix lets users apply effects such as cinematic relighting, background changes and artistic styles including watercolour, raw sketchbook and oil painting.

Google says users can, for example, make a video appear as though it was filmed in a greenhouse, add a morning glow to a dark clip, or transform footage into a watercolour-style animation.

The launch forms part of Google’s broader effort to integrate generative AI across its consumer products. In Google Photos, the company has also introduced AI-powered editing tools and features that generate outfit ideas from photos of clothing.

Video Remix is rolling out to eligible Google AI Plus, Pro and Ultra subscribers in selected countries, including the United States, Argentina, Brazil, India, Japan, Mexico, South Korea and Türkiye.

Why does it matter?

Video Remix reflects how generative AI video editing is becoming a mainstream consumer feature rather than a specialist capability. By embedding AI-powered creative tools directly into Google Photos, Google is lowering the barrier to producing stylised video content while further integrating generative AI into everyday digital experiences.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!