Earlier this week, I wrote about a proposed legislative amendment to attempt to compel VPN services providers to prevent anyone under 18 in the UK from using their VPNs.
There’s a second amendment, by the same authors, to prevent under 16s in the UK from, well, doing an awful lot of things online.
For this blogpost, I am working from the running list of amendments from 16 December 2025. The clause in question is on page 25 of that PDF.
The aim of this clause is, amongst other things, “introducing regulations to prevent under 16s from accessing social media”.
The term “social media” is an interesting one here, because that it is not what the actual amendment says…
The amendment itself
(1) Within 12 months of the day on which this Act is passed, the Secretary of State must, for the purposes of promoting the wellbeing of children—
…
(b) by regulations made my statutory instrument require all regulated user-to-user services to use highly-effective age assurance measures to prevent children under the age of 16 from becoming or being users.
There are a couple of key points here.
The scope of services caught by this is incredibly broad
“[All] regulated user-to-user services” is massively broad.
It is much broader than “social media”, and covers a huge number of every day online services, including self-hosted services.
This is one of a number of key flaws with the UK’s Online Safety Act 2023.
Want to use Signal, or even a closed user group, family-only, self-hosted XMPP service like Snikket, for messaging your children? This would be prohibited. (SMS is not in scope, and nor is email, so you could probably still run a DeltaChat relay and let your children use it.)
A shared chores list or family shopping list? Prohibited. You would have to ban your own under 16 children from your service. A paper list is fine, but a more convenient online one would not be allowed.
Family photo sharing service? Prohibited.
A game with an integrated messaging service? Prohibited. You can play a board game at home and talk with your children, but you could not run a private game server for your children and you, and play games and chat with them over the Internet.
Viewing a forum, or a user-generated content resource like Wikipedia? Quite possibly prohibited too, if the Online Safety Act’s definition of “users” encompasses “mere viewers” (and it might; this point is not settled, which is a dreadful situation).
You get the gist.
This measure, if it were passed, would impact a huge number of online services.
Noting that the aim is about “social media”, I suspect that the authors might not appreciate just how excessively broad the scope of the Online Safety Act really is.
Age assurance for under sixteens means age assurance for everyone
If this amendment were to be passed, all in-scope services would be required to introduce “highly effective age assurance”, to ensure that they banned under sixteens.
This means age assurance for everyone, as one cannot apply age assurance only to children under sixteen.
And, because - as above - the scope of in-scope sites is so incredibly broad, it seems likely that this amendment would lead to a “papers, please” approach to many, many common online services.
This would represent a massive expansion of the scope of age assurance online (kerching, age assurance industry…), and would be fundamentally disproportionate for so many smaller operators.
If you thought that the malicious compliance “cookie banners” were a nuisance, you ain’t seen nothing yet…
The privacy implications of having to hand over one’s identity documents, or otherwise prove one’s age/identify, to so many, many sites would be just staggering.
I really hope that this is a non-starter.
But Neil, why not propose an alternative?
I am not in a position to propose an alternative, because I do not know the problem that this is trying to tackle.
Or, indeed, the underlying causes of the problem.
If there was a clear problem statement, that would be a start.