Recent assessments by the European Commission have indicated that Meta’s Instagram and Facebook have contravened the Digital Services Act due to insufficient age verification measures.
Despite the platforms’ user agreement stipulating a minimum access age of 13, the regulatory body found that current safeguards against underage users are inadequate. During account creation, young individuals under 13 can falsify their date of birth without encountering robust validation checks on self-reported data. Moreover, the process for addressing suspected underage accounts requires several steps to initiate, lacks pre-filled user information, and often results in no action, thereby allowing reported minors continued access.
Risk Assessment and Regulatory Context
The preliminary findings also highlight gaps in Meta’s risk assessment approach. The Commission noted that the methodology failed to adequately address the risks associated with minor users under 13 accessing these platforms. Furthermore, there is evidence that a substantial percentage of children below 13—estimates ranging from 10% to 12% across the EU—are actively engaging with Instagram and Facebook.
A formal investigation was initiated against both services on May 16, 2024, drawing upon detailed risk assessments, internal company documentation, data requests, and input from child protection advocates and civil society organizations within the European Union. The Digital Services Act mandates comprehensive risk evaluations for large online platforms to protect minors. The Commission used its 2025 guidelines on minor protection as a benchmark, recognizing age estimation and verification methods as key strategies for ensuring user safety.
Next Steps
Meta is afforded the opportunity to review the investigation file and provide a written response to the preliminary findings. Concurrently, the European Board for Digital Services will also be involved. If the Commission’s initial assessment stands, it could issue a non-compliance notice, potentially leading to fines not exceeding 6% of Meta’s total worldwide annual revenue. The Commission may also impose ongoing penalties to enforce compliance.
The investigation continues into other possible violations related to user well-being and platform design factors that might exacerbate the vulnerabilities of minors, contributing to addictive behaviors and ‘rabbit hole’ phenomena.
It is important to note that these preliminary findings do not definitively determine the outcome of the case.
