4/22/2026
The European Union (EU) has been developing an application to verify user age, which is almost ready to be released publicly. This follows suit from Australia’s teen social media ban last December. Australia was the first country to impose an age restriction on social media, leaving children under 16 without access. This was a controversial move, supported by parenting advocacy groups and opposed by technology and free speech advocacy groups. Major social media apps on the list include TikTok, YouTube, Instagram, and Facebook. Violation of the ban could result in a penalty of $33 million (USD).
The ban was initiated in October of 2024 when the EU opened a €4 million tender to “develop an age verification solution” in service to the Digital Services Act and the Better Internet for Kids (BIK+) strategy. Scytáles, a Swedish digital identity company, and Deutsche Telekom, a German telecommunications company, won the tender and began developing the age verification app.
The EU age verification app will verify user age by looking at anonymously uploaded forms of identification such as passports and ID cards. It is accessible from any device and open source, allowing other countries to easily adopt it. Although it won’t be forced onto social media companies, they will be required to use the age verification app or an equivalent to block out children.
Shortly after Ursula von der Leyen, President of the EU Commission, claimed the open-source app to be release-ready, it was proven otherwise. Cybersecurity specialists checked the (publicly available) code and found many flaws. Paul Moore, an information security consultant, claimed it can easily be hacked within 2 minutes. Baptiste Robert and Olivier Blazy seconded this claim, pointing out how a child can simply take an adult’s phone after the adult has verified their age and freely access all social media platforms. The EU responded to these claims, saying that the hackers were looking at a demo version, which lacks security features from the release candidate. Thomas Lohninger, executive director of epicenter.works, an Austrian privacy NGO, in a criticism of the code, called for the EU to focus on tightening the EU’s content laws instead of verifying the user’s age.
Other critics also questioned how the app can retain the user’s anonymity while verifying their age. Supposedly, the app will use zero-knowledge proofs–a cryptography method–to categorize the user as either a child or an adult to protect their specific age from being transmitted to social media companies.
Cyprus, Denmark, France, Greece, Italy, Ireland, and Spain, among other European countries, are adopting the ban, typically restricting children below a certain age. The age threshold ranges from 13 to 16 years old, depending on the country. Some social media entities estimate the user’s age based on selfies, browsing activity, and other identification documents. Due to the significant reduction in users, companies had to face losses and redirect their business plans for older demographics. Some companies, such as X, had been reluctant to enforce it for this reason. Undoubtedly, children will find ways around the ban, especially those who can pass for ages 16 and older. Since the app relies on IP addresses, it is subject to the VPN trick. There have been many VPN downloads since the ban was announced. Combined with the poor design and ethical concerns of the app, there is a long way to go before reasonable age checks can be set in place. Still, these measures are a great effort to reduce cyberbullying, negative influences on body image, misinformation, and other risks to physical and mental health.