If you run a platform with user accounts, user-generated content, or social features, you’ve probably felt the shift: laws are moving from “encouraging child safety” to requiring specific social media age verification controls.
And the big change isn’t just that legislators want kids protected—it’s how they expect platforms to prove they’re doing it.
Across multiple regions, regulators are converging on a few ideas:
- Platforms must know (or reliably infer) whether a user is a minor
- Platforms must enforce age limits consistently
- High-risk features (adult content, DMs with strangers, addictive feeds, targeted ads to minors) are increasingly being restricted unless age is verified
- “Just ask for a birthdate” is no longer seen as enough
Below is a practical, merchant-friendly breakdown of what’s changing, what counts as “social media,” and who actually has to comply.
What Qualifies as a “Social Media Platform”?
This is the part that trips up a lot of teams. Many laws don’t use the phrase “social media” in a casual way—they define it.
A common U.S. definition (example: Utah)
Utah’s law defines a “social media platform” as an online forum that lets an account holder create a profile, upload posts, view other users’ posts, and interact with others.
That definition captures obvious social apps—but it can also pull in:
- community features inside a larger product
- creator / “fan” features
- marketplaces with robust feeds and user posting
- comment-forward or follower-based communities
A federal proposal definition (example: Kids Off Social Media Act)
A U.S. federal bill proposal defines “social media platform” in a more ad-driven way: consumer-facing services that collect personal data, primarily monetize via advertising or sale of data, and whose primary function is a community forum for user-generated content and resharing/endorsement/comment.
UK framing (Online Safety Act)
The UK often talks less about “social media” and more about services in scope—especially those likely to be accessed by children. The government explainer emphasizes that in-scope services must assess risks to children, protect them from harmful content, and enforce age limits consistently when they exist.
Australia’s approach: “age-restricted social media platforms”
Australia’s regulator (eSafety) publishes guidance on what it considers “age-restricted social media platforms” and notes that some services (like online gaming and standalone messaging apps) can be excluded—while messaging with social-media-style features may still be included.
Takeaway: If users can create accounts, post content, follow/engage with others, and consume a feed—you should assume you’re in the conversation, even if you don’t call yourself “social media.”
What’s Changing Globally: The Three “New Rules” Trend
Even though details vary by jurisdiction, most recent social media age verification laws and proposals cluster around:
1) Age assurance becomes a real requirement (not a checkbox)
The UK’s Online Safety Act requires “highly effective” age checks for certain content categories (with enforcement dates that have already begun for some services).
2) Platforms must treat minors differently by design
The EU’s Digital Services Act (DSA) includes an obligation for online platforms accessible to minors to implement appropriate measures to ensure a high level of minors’ privacy, safety, and security.
3) The compliance target expands beyond “adult sites”
We’re seeing age assurance expand into:
- mainstream social platforms
- creator platforms
- app distribution (app stores)
- algorithmic feeds and notifications for teens
For example, Utah passed a law requiring app stores to verify ages and obtain parental consent for minors downloading apps—showing a regulatory trend toward pushing age checks “upstream.”
Who Has to Abide by the New Rules?
This depends on where you operate and where your users are. The simplest way to think about it:
You are likely in scope if you are any of the following:
- A platform operator offering accounts + user-generated content + social interaction (classic social media, communities, creator platforms)
- A service “likely to be accessed by children” (common UK/EU framing)
- A platform explicitly listed or captured by “age-restricted platform” rules (Australia’s model)
- An app store / gatekeeper (in some U.S. states, the burden is shifting)
You may be out of scope if your “social” features are incidental
Many social media age verification laws carve out services where the primary function is, for example, email, cloud storage, encyclopedias, or certain types of content publishing. (This is explicit in some U.S. proposals.)
Practical merchant advice: Don’t rely on your product category label (“we’re not social media”). Regulators increasingly look at functionality.
A Few Concrete Examples of “Changing Legislation” Right Now
Australia: Under-16 social media age restrictions (in effect)
Australia’s eSafety guidance states that as of 10 December 2025, age-restricted platforms must take “reasonable steps” to prevent under-16s from having accounts, and it lists major platforms it views as age-restricted.
United Kingdom: Online Safety Act enforcement is real
The UK regulator has published guidance about age checks and enforcement timelines for preventing children from accessing certain content categories.
And platforms are actively rolling out age assurance flows to comply.
European Union: DSA obligations + continued political pressure
The European Commission published guidelines to support compliance with DSA Article 28(1) for platforms accessible to minors.
Separately, EU lawmakers have pushed for even stronger, harmonized age thresholds (not yet binding, but directionally important).
United States: a patchwork accelerating toward age assurance
Many U.S. states have introduced or enacted laws involving age verification / parental consent for minors on social media, and national groups track hundreds of bills.
At the federal level, proposals like the Kids Off Social Media Act show how Congress is defining “social media platform” and restricting under-13 access (still a bill, not a universal rule).
The Merchant Reality: Age Assurance Without Becoming a Data Vault
Here’s the tension merchants feel immediately:
“If we have to verify age, do we need to collect IDs and store all that PII?”
In many jurisdictions, the direction of privacy law pushes the opposite way: verify the requirement, not the identity—and keep what you store to the minimum needed for compliance.
That’s why more frameworks are moving toward:
- privacy-preserving age checks
- proportionality (collect the minimum)
- reduced retention
- third-party or tokenized approaches where appropriate
(Which is also why regulators and platforms are arguing about where age checks should happen—at the platform level vs. app store level vs. third parties.)
What You Should Do Next
If minors could realistically access your service, a good next step is to audit:
- Where age matters (account creation, feed access, DMs, adult content, recommendations, ads)
- What jurisdictions you touch (user locations, not just company HQ)
- What you collect and store (especially if you’re currently asking users to upload IDs)
- Whether your approach is proportional (can you comply without holding sensitive documents?)
Want a Privacy-First Approach to Age Assurance?
Age rules are evolving quickly—but the best long-term strategy stays the same:
Meet your compliance obligation without collecting more sensitive data than you need.
AgeWallet is built to support privacy-first age verification that helps merchants implement age assurance while reducing the need to store unnecessary PII.
Learn more about AgeWallet’s privacy-first age verification and how it can fit into your platform’s minor-protection requirements.