The UK government's ambition is clear: by Spring 2027, six of the world's most popular social platforms—Instagram, TikTok, Facebook, YouTube, Snapchat, and X—will be legally inaccessible to anyone under 16 in the United Kingdom. The Children's Wellbeing and Schools Act 2026, which received Royal Assent on 29 April 2026, is the statutory basis. In the weeks following, the government detailed specific implementation plans: platforms must deploy "highly-effective age assurance," Ofcom will enforce with fines up to 10% of global annual turnover, and the Secretary of State holds new powers under Section 70 to impose ISP-level daily or time-of-day access restrictions—including potential overnight curfews—through secondary legislation.
There is a genuine case for the intervention. Algorithmic social feeds are engineered for engagement, and the evidence base linking them to adolescent mental health harms—while contested at the margins—is substantial. Prime Minister Keir Starmer's framing, that tech platforms "had their chance and failed," reflects a real frustration: voluntary measures, platform safety features, and the earlier Online Safety Act 2023 demonstrably have not prevented harmful content from reaching children at scale. A national consultation drew over 116,000 responses, and nine in ten parents expressed support for the ban. That is not a manufactured consensus.
What the Law Actually Does
The Act creates a tiered regime. Under-16s are barred from the named social platforms entirely. Under-18s face additional restrictions on live-streaming features and stranger-initiated contact. AI romantic companion chatbots require users to be 18 or older. Exempted are messaging services (WhatsApp, Signal), YouTube Kids, educational platforms, e-commerce, and music streaming—distinctions sensible in principle but certain to generate contested edge cases in implementation.
The enforcement architecture is Ofcom-led. Platforms must implement "highly-effective age assurance" or risk fines of up to 10% of global annual turnover. Ofcom and the ICO have identified approved verification methods: open banking verification, photo ID matching with biometric comparison, facial age estimation using AI, mobile network operator account checks, and digital identity wallets. Self-declaration—a tick-box confirming age—is explicitly excluded.
Section 70 goes further, granting the Secretary of State powers to restrict access through secondary legislation. The affirmative procedure applies: any draft regulations must be approved by both Houses of Parliament, giving legislators a further opportunity to scrutinise scope and proportionality before Spring 2027.
The Technology Problem
Here is the crux: every approved age assurance method involves a serious trade-off between accuracy and privacy, and no system yet combines reliability, privacy preservation, and circumvention-resistance at scale.
Photo ID matching and facial age estimation collect biometric data. Open banking verification routes financial information through third-party processors. Digital identity wallets remain nascent infrastructure in the UK. In early 2026, over 438 scientists and researchers signed an open letter warning that current age assurance systems are "easily circumvented, privacy-invasive, and error-prone." Earlier deployments reinforce the concern: Yoti, a leading age verification provider, was fined €950,000 by Irish regulators over data handling failures.
The Electronic Frontier Foundation's June 2026 analysis stated directly that "there remains no reliable, privacy-preserving method" of age verification capable of meeting the statutory standard while protecting users' personal data. For a government that also enacted the UK GDPR framework, there is a real tension between mandating intrusive biometric or financial data collection for age checks and its own data protection obligations. Requiring platforms to build high-confidence verification infrastructure also creates honeypots—centralised stores of identity data that will attract breach attempts.
Australia as the Warning Sign
The UK has watched Australia closely. Australia's social media minimum age legislation took effect in early 2026. Six months in, research suggests roughly 70% of Australian under-16s still maintain active accounts on the restricted platforms. Enforcement action shifted toward platforms—Australian regulator eSafety issued enforcement notices in April 2026—but the underlying dynamic has been platform-hopping and VPN adoption, not genuine withdrawal from social spaces. Young people migrated toward Roblox, Discord, and Steam: platforms with fewer protections, not more.
Three of the UK's four Children's Commissioners—those for Scotland, Northern Ireland, and Wales—have explicitly opposed the blanket ban, warning it pushes children "toward more dangerous, unregulated online spaces." Only England's Commissioner supported the measure, and argued for extending it to age 18. The NSPCC, historically among the most vocal advocates for online child protection legislation, stopped short of endorsing the ban, calling instead for a "risk-based response, not a blunt one-age ban."
What Proportionate Regulation Would Look Like
The proportionality objection is not that child safety online doesn't matter—it plainly does—but that a blanket platform ban is the wrong instrument for the right concern.
The evidence points toward algorithmic amplification of harmful content, not social connection per se, as the primary risk mechanism. A regulation requiring platforms to disable recommendation feeds for users under 16 by default—as France has explored—or mandating "safe mode" as the default for minor accounts with parental opt-out, would target the actual harm vector without severing access to educational content on YouTube, civic discussion, or communication with distant family.
Section 70's ISP-level time limits are an even blunter instrument. South Korea operated a mandatory curfew law blocking teenage users from online platforms between midnight and 6am for nearly a decade before scrapping it in 2022. Research found it was largely ineffective and may have displaced online activity to later hours or to unblocked services.
The government has committed £500 million alongside £132.5 million for offline enrichment alternatives. But the enforcement mechanism risks building surveillance infrastructure to achieve what targeted platform design choices could accomplish less invasively—while driving the very teenagers it aims to protect toward corners of the internet where no age assurance, no algorithmic safety, and no moderation operates at all.