EU charges Meta over under-13 access

Meta’s problem here is not abstract child safety. It is product design. The European Commission said on April 29 that Facebook and Instagram still do not do enough to stop children under 13 from getting onto the platforms, even though Meta’s own rules set 13 as the minimum age. That turns this from a values debate into a systems debate — what checks exist, how easy they are to evade, and whether a giant platform can keep saying “users lied” when regulators think the setup practically invites it. (digital-strategy.ec.europa.eu) ### What did the EU actually do? The Commission issued a preliminary finding that Meta’s Instagram and Facebook are in breach of the Digital Services Act, or DSA. “Preliminary” matters — this is not the final penalty stage yet. But it is a formal charge in the EU sense, and it means the Commission thinks Meta failed to identify, assess, and reduce the risks created when under-13 users get access. (digital-strategy.ec.europa.eu) ### What is the specific failure? The core complaint is blunt: age gates that rely on self-declared birthdays are too easy to beat. The Commission said a child under 13 could simply type in a false date of birth showing they were older, with no effective control checking whether that claim was real. Regulators also pointed to Meta’s tool for reporting underage accounts as hard to use and not effective enough. (digital-strategy.ec.europa.eu) ### Why does that matter so much? Because the rule is not just “have a minimum age in your terms.” The DSA expects very large platforms to manage foreseeable risks. If a loophole is obvious and cheap — basically just changing a birthday field — Brussels can argue the company never built a serious barrier in the first place. The issue is less one fake birthday than a whole signup flow that regulators think was not designed to catch a predictable problem. (digital-strategy.ec.europa.eu) ### Is this about the Digital Markets Act too? Not directly. The Meta case is under the DSA, which is the EU’s online-safety law. But the timing overlaps with a separate Brussels push under the Digital Markets Act, or DMA, which is about competition and gatekeeper power. Two days earlier, on April 28, the Commission said its first DMA review found the law still “fit for purpose” and signaled more scrutiny for cloud and some AI services. (digital-strategy.ec.europa.eu) ### So why mention cloud and AI at all? Because it shows the broader direction of travel. Brussels is not stepping back from digital regulation. It is getting more comfortable turning high-level principles into technical obligations — for child protection under the DSA, and for market fairne(digital-strategy.ec.europa.eu)ng at whether some AI services belong inside existing DMA categories. (digital-markets-act.ec.europa.eu) ### What could happen to Meta now? Meta gets a chance to respond before any final decision. If the Commission sticks with its view, the case can end in remedies, fines, or both. One widely cited upper bound under the DSA is fines of up to 6% of global annual turnover, though that is the ceiling, not the default outcome. The immediate pressure point is simpler: Meta now has to show that its age checks and reporting tools are not just nominal, but actually work. (forbes.com) ### Why is this the bigger story? Because regulators are moving past “protect kids better” as a slogan. They are starting to ask whether the interface, the defaults, and the reporting paths make underage access easy or hard. That is a much tougher standard for platforms — and a much more enforceable one. (digital-strategy.ec.europa.eu) ### Bottom line? The EU is telling Meta that a birthday box is not an age-verification strategy. And at the same time, Brussels is showing it plans to apply that same design-and-enforcement mindset across the next layer of digital power — cloud, AI, and whatever comes after. (digital-strategy.ec.europa.eu)