On Monday, Prime Minister Keir Starmer announced that the United Kingdom will ban children under 16 from using TikTok, YouTube, Instagram, Snapchat, Facebook, and X. The ban is expected to take effect early next year. Anyone who violates it — meaning the platforms, not the children — faces multimillion-dollar fines.
The announcement sounds clean. The enforcement mechanism is the part nobody in the press conference explained.
What Starmer Actually Said
Starmer told a news conference he will fight back if technology companies resist the move, and acknowledged that some teens would try to find their way around the ban. He framed the policy as part of a global movement — Australia, Canada, Brazil, and Indonesia have all introduced legislation or announced age-based restrictions, with France, Spain, Denmark, Thailand, and South Korea studying similar approaches.
The UK plans to follow the same model as Australia, which last year became the first country to bar under-16s from holding social media accounts. Platforms that fail to take reasonable steps to exclude children younger than 16 could be punished with multimillion-dollar fines.
The list of excluded platforms is where things get interesting. The ban will not apply to YouTube Kids, or messaging services like WhatsApp and Signal. Discord is also not on the restricted list. Neither is GitHub, Pinterest, Steam, or Roblox — the last of which currently faces more than 150 child safety suits in federal court and has been attempting to move those cases into closed-door arbitration.
The Question Nobody Asked at the Press Conference
To ban under-16s from social media at scale, platforms need to verify that the person creating an account is over 16. There are three ways to do this: ID checks, facial scanning, or bank card verification. Ofcom — the UK’s communications regulator — has been tasked with a “rapid study” on what constitutes effective age assurance.
The Open Rights Group, a civil liberties organization, put the problem directly: a ban of this scope would require platforms to verify age at scale, which drags millions of adults and older teenagers into proving their identity to private corporations simply to post, message, or read online. James Baker, the ORG’s Platform Power and Free Expression programme manager, pointed to last year’s breach of sensitive age-verification data collected by Discord as a cautionary example of how personal information collected at this scale gets mishandled.
Signal’s position is equally direct: the organization has warned that “safeguards claiming the technology would operate solely on device do not eliminate the broader privacy risks,” and that future governments could expand the scope of content detection systems beyond nudity to monitor additional categories of material. That is not a hypothetical. It is Signal’s institutional assessment of the trajectory of these laws once enforcement infrastructure exists.
What Apple and Google Already Built — and Why the Government Ignored It
Here is the part of this story that has been almost entirely absent from the political coverage: the child safety tools Starmer is legislating for already exist, built into every iPhone and Android device sold in the UK.
Apple’s Communication Safety feature, built into iOS and available to any parent who sets up Screen Time with a child account, blurs photos and videos containing nudity before a child can view them, presents multiple intervention screens before a child can send sensitive content, and requires parental permission for children under 13 to view flagged material. The feature runs locally on the device — it doesn’t report to a server. Google Messages does the same thing on Android, turned on by default for supervised users and signed-in unsupervised teens. Apple’s WWDC this year previewed further child safety features including granular app controls, communication monitoring by contact, and screen time limits by application.
None of this requires a government database. None of it requires a teenager to prove their age to a third-party vendor. It exists right now, requires roughly 15 minutes to configure, and is free.
The UK government’s response to these existing tools has been, essentially, to ignore them and legislate anyway.
What Actually Happened in Australia
Australia implemented its under-16 social media ban in December 2025. The data from its own e-Safety Commissioner’s report is worth reading carefully.
Despite the reduction in account ownership for people under 16, a substantial proportion of children retained accounts on age-restricted platforms. Of parents who reported their child had a social media account before the December ban, around seven in ten reported their child still had a Facebook account afterward. Instagram, Snapchat, and TikTok retention rates hovered around 63.6%. One in two parents reported their child still had a YouTube account following age restrictions.
The bypass mechanism is not technically sophisticated. A VPN set to a server in Italy or Poland removes the geographic geographic enforcement entirely. When the UK implemented its Online Safety Act age verification for adult websites, Proton VPN downloads surged by 1,800% over the weekend the rules took effect. Children routed their way around the restrictions faster than Ofcom could process its first enforcement notice.
The CEPA policy research organization flagged an additional unintended consequence: under current British law, social media companies are required to provide children with stronger safety protections than adults. Should a ban come into effect, companies will likely retreat from offering those enhanced protections on the assumption that age gates will keep children off platforms entirely. The ban could end up removing the very protections it claims to be enforcing.
The Enforcement Problem Stated Plainly
There is no technically coherent way to implement age verification at the scale this ban requires without building infrastructure that also verifies the age and identity of every adult on the same platforms. That is not a civil liberties argument. It is a technical constraint.
Third-party age verification vendors like Yoti and Persona — the companies most likely to be contracted for this kind of work — have received seed funding from firms with documented links to mass surveillance infrastructure. The data collected by those vendors to verify a 15-year-old’s age is the same data collected to build a profile of a 35-year-old’s online behavior. The database does not distinguish between its purposes.
Nigel Farage, the Reform UK leader, broke from his usual position to say something technically accurate for once: the ban amounts to “the introduction of Digital ID via the back door.” The Green Party welcomed the action. The Children’s Commissioner wants the age limit raised to 18. Nobody at Monday’s press conference was asked to explain, in operational terms, how the verification works without also creating a national registry of internet users tied to real-world identity.
What This Is Actually About
Social media platforms have caused documentable harm to adolescent mental health. That is not contested. The research linking heavy social media use to depression, anxiety, and body image issues in teenage girls specifically is robust enough that even the platforms’ own internal research — as leaked from Meta in 2021 — confirmed it.
None of that makes mass age verification the correct policy response. The tools to protect children online exist, are free, run locally on devices already owned by families, and require parental engagement rather than government databases. The choice to legislate a ban rather than fund a public education campaign about those tools is a policy choice, not a technical necessity. It is also a choice that produces surveillance infrastructure as a side effect, regardless of whether that was the stated intention.
The UK ban takes effect early next year. Ofcom’s age assurance study has not been completed. The verification method has not been specified. The privacy implications have not been publicly modeled. The Australian data showing roughly 70% of children retained their accounts has not been addressed.
The children are going to use VPNs. The adults are going to hand over their IDs. The database will exist.
Sources
- Australian Government: eSafety Commissioner Report on Social Media Ban Outcomes
About the Author
Your 37-year-old tech-privacy cousin who has been running GrapheneOS since 2021, donates monthly to the Tor Project, and sends every family group chat member a VPN guide every time a government announces it’s “protecting the children.”
