UAE misinformation takedown laws

UAE Cabinet Resolution 106 Shifts Child Social Media Liability to Platforms — and Demands Biometrics to Enforce It

UAE Cabinet Resolution 106 bans under-15s from social media and requires platforms to deploy biometric age verification within 12 months or face blocking.

UAE's Social Media Age Wall People of Internet Research · UAE 12 months Platform Compliance Window Deadline for TikTok, Meta, Snap an… 15 years UAE Age Minimum One year below Australia's and UK'… 7%→11% Problematic Social Media Use WHO Europe: adolescent problematic… peopleofinternet.com

Key Takeaways

What Resolution 106 Actually Does

Cabinet Resolution No. 106, approved on June 17, 2026, is the implementing regulation for the UAE's Federal Decree-Law No. 26 of 2025 on Child Digital Safety — the parent statute that came into force on January 1, 2026. The resolution does something structurally significant beyond its headline prohibition: it transforms child online safety from a parental responsibility into a platform compliance obligation, backed by the threat of TDRA-ordered blocking.

The core ban is clear. Children under 15 are prohibited from creating, using, or operating personal accounts on any service enabling public profiles, social interaction, content dissemination, or algorithmic content ranking — a definition that captures TikTok, Instagram, Snapchat, Facebook, and X. Children who are 15 but not yet 16 may access platforms, but only with mandatory safeguards: screen-time controls, restrictions on contact from unknown users, curbs on live-streaming and messaging features, and limits on algorithmic recommendations. Platforms have 12 months from the Official Gazette publication to implement compliant systems, with graduated enforcement thereafter — warnings, administrative penalties, partial blocking, or full removal from UAE networks by the TDRA and the National Media Authority.

The most consequential single provision: parental consent cannot override the age restriction. This is not a detail. It encodes a structural reality that earlier UAE frameworks, including Wadeema's Law (Federal Law No. 3 of 2016), did not — that in digital environments where platforms hold asymmetric information about children's behaviour, placing compliance on caregivers is insufficient. The resolution places the legal duty where the technical leverage actually sits.

The Case for the Intervention

Regulators have a credible evidence base. The World Health Organization's Health Behaviour in School-aged Children study, surveying nearly 280,000 adolescents across 44 countries in 2021–2022, found problematic social media use rose from 7% in 2018 to 11% in 2022 — with girls at 13% and boys at 9%. UAE officials explicitly cited measurable negative impacts on children's mental health and academic performance as the legislative rationale. These are not speculative claims manufactured to justify overreach.

The liability shift is also analytically sound. Frameworks that rely on parental monitoring fail precisely at the margins that matter most — households where oversight is limited or where platforms are deliberately designed to minimise adult visibility. By making platforms the compliance actor, Resolution 106 introduces a structural check that Wadeema's Law never had. As legal analyst Byron James observed, the child's right to privacy existed in UAE law for years; what's new is a duty to enforce it with real penalties attached.

The UAE is also the first Arab state to establish a minimum social media age, giving the resolution outsized regional significance. Gulf and MENA governments will watch the implementation closely. The template matters as much as the rule.

Where the Prescription Creates New Risks

The tension in Resolution 106 emerges directly from its verification mandate. To confirm that a user is 15 or older without accepting self-declaration — which the resolution explicitly prohibits — platforms must implement at least one of: scanning of official identity documents, official documents combined with biometric facial recognition, or AI-powered age estimation. The UAE government digital identity system is the lead approved method.

This creates a structural paradox: to protect children's data, the regulation requires platforms to collect biometric or identity data from every new user. The resolution contains a data-minimisation clause — platforms cannot store verification data beyond the process itself — but it does not resolve who performs that verification. If platforms outsource to approved third-party providers, those intermediaries become high-value aggregators of identity and biometric data for the UAE's entire online population. A breach or state access to that dataset would produce harms potentially larger than those the regulation is designed to prevent.

Australia's Online Safety Amendment (Social Media Minimum Age) Act 2024, which took effect for major platforms on December 10, 2025, made the opposite choice on this specific point: it explicitly prohibits requiring government-issued ID and mandates that alternative verification paths always remain available. The UAE's framework, by leading with government digital identity, prioritises verifiability over privacy-preserving alternatives such as behavioural inference or device-level parental controls.

The 12-Month Test and Enforcement Credibility

The compliance timeline is ambitious. Australia's equivalent law is still negotiating what "reasonable steps" means technically, months after implementation. The UAE's prescriptive approach — named modalities, hard prohibition on self-declaration — is more certain but also less adaptable. If approved verification methods prove unreliable or easily circumvented, platforms face legal exposure even from good-faith efforts.

Enforcement credibility, at least, is not in question. The TDRA and National Media Authority have demonstrated genuine willingness to pressure major platforms. Access Now documented in May 2026 that Meta restricted over 100 Facebook and Instagram accounts in the UAE and Saudi Arabia at government request. TikTok, Snapchat, and X face a credible compliance signal, not a paper rule.

What remains technically unspecified is how platforms should detect and disable accounts where under-15 children re-register through a sibling's profile or a parent's device. UAE officials have stated VPN circumvention will not create platform liability, but the gap between legal compliance and genuine underage exclusion will be substantial without further technical guidance.

The Proportionality Question

Resolution 106 asks a legitimate question: should platforms designed for adults be freely accessible to nine-year-olds? The answer is credibly no, and the resolution's 15-year threshold — one year below Australia's and the UK's 16-year minimum — is defensible on child development grounds.

The harder question is whether mandatory biometrics at national scale is the proportionate instrument to enforce it. The regulation prohibits data retention but does not yet describe a technical architecture that makes that prohibition auditable. In a jurisdiction without a fully independent data protection authority with EU-style enforcement powers, the data-minimisation promise depends on platform good faith and regulatory vigilance not yet tested at this scale.

The goal is right. The verification instrument carries real risks that have not been designed out. The 12-month transition window is when those risks need to be addressed — not discovered after the infrastructure is already built.

Sources & Citations

  1. UAE Government Portal — Children's Rights (Wadeema's Law)
  2. Australia Online Safety Amendment (Social Media Minimum Age) Act 2024
  3. Pinsent Masons — UAE under-15 social media ban analysis
  4. Khaleej Times — UAE ban shifts liability to tech platforms
  5. Biometric Update — UAE joins nations with age restrictions
  6. Access Now — Meta geo-blocks human rights accounts in UAE and Saudi Arabia