How will EUs age verification for social media work, according to the latest proposal?
Executive summary
The latest European Parliament proposal seeks an EU-harmonised “digital minimum age” of 16 for free access to social media, with an exemption allowing 13–16 year‑olds to use services if authorised by parents, and proposes technical age‑assurance tools tied to the European Digital Identity ecosystem and a Commission “mini‑wallet” pilot [1] [2] [3]. The plan combines identity-linked age checks (onboarding with ID documents or national eIDs), cryptographic attribute disclosure, and regulatory enforcement under the Digital Services Act — while sparking privacy and civil‑liberties objections from groups like the EFF and claims that some digital‑wallet designs may not meet required privacy safeguards [4] [5] [6].
1. What the proposal sets as the age rules
MEPs are backing a harmonised floor: 16 as the default minimum age to access social media, video‑sharing platforms and AI companions across the EU, with a parallel rule that no one under about 13 could access such services even with consent; practically, 13–16‑year‑olds could access platforms only with parental authorisation under the resolution [1] [2] [7].
2. The technical mechanism: mini‑wallets, EUDI Wallet and pilots
Age assurance is expected to be carried out through an EU age verification app or “mini‑wallet” built to the same technical specs as the European Digital Identity (EUDI) Wallet, with five member states piloting the mini‑wallet approach in 2025 and full wallet rollout targeted by end‑2026 — the mini‑wallet supports onboarding via passports/ID cards and the Digital Credentials API to enable selective disclosure of an age attribute [4] [3] [8].
3. How verification would actually work on platforms
The Commission’s design envisions a two‑step process of identification and authentication: a user’s age is asserted by cryptographic credentials or an age token emitted by the mini‑wallet/EUDI system, enabling platforms to confirm an age threshold without obtaining unnecessary personal data, and thereby authenticate an account holder’s age before granting access [9] [3].
4. Enforcement, platform obligations and possible liabilities
Age assurance is being tied to existing EU online safety enforcement: platforms would still be required to design safer services for minors and could face fines or other DSA enforcement for non‑compliance, with MEPs even proposing measures that could hold senior managers personally liable for persistent failures to protect children [1] [10].
5. Privacy, security and civil‑liberties pushback
Civil‑liberties and privacy advocates warn that identity‑based age checks risk creating persistent identifiers, tracking and exclusion of marginalized groups; the EFF and others argue that while child safety is important, the proposed systems could undermine digital access and may not sufficiently safeguard anonymity or meet “double‑blind” privacy requirements flagged by privacy advocates like AVPA [11] [5] [6].
6. Timelines, national variation and political drivers
Member states are already pursuing national experiments and some want faster or tougher rules — France and several others have signalled national bills and pilot schemes — and the Commission’s work programme aims at Q3–end‑2026 deliverables; however, implementation timing and specific age thresholds may vary as national proposals (e.g., France’s draft and some members’ pushes for 15) intersect with the EU framework and the country‑of‑origin rules [12] [13] [7].
7. What remains unclear or contested
Reporting shows broad contours — age thresholds, mini‑wallets, cryptographic selective disclosure and DSA enforcement — but key operational details remain open: how exactly parental consent will be validated, how the “double‑blind” privacy guarantee will be enforced across different wallet implementations, how enforcement will handle VPNs or cross‑border circumvention, and whether the EUDI Wallet will be adapted to meet all privacy critiques [6] [4] [5].