EU regulators say Meta failed to properly stop under-13s accessing Facebook and Instagram under the Digital Services Act. Meta disputes the finding and faces potential fines.
A preliminary EU finding has put Meta’s child-safety systems under sharp scrutiny, arguing the company did not adequately prevent under-13 users from accessing Facebook and Instagram.
The European Commission says Meta breached the EU’s Digital Services Act (DSA) by not “diligently identify[ing] and mitigat[ing]” risks to children below the platform age limit.. The commission’s assessment follows the regulator’s view that Meta did not meet its own terms and conditions, which set 13 as the minimum age for safer use.
The focus is not simply on whether accounts exist, but on how reliably Meta can detect and block them.. According to the commission, children under 13 can create accounts using a fake birthdate, with no meaningful checks on their self-declaration.. The watchdog also criticised Meta’s tools for reporting underage use, describing them as “difficult to use and not effective”, with insufficient follow-up—leaving underage users able to continue using the service.
The Commission stressed that its conclusions are preliminary and do not prejudge the final outcome of the broader investigation.. Meta now has the right to examine the investigation file and build a defence.. Still, the regulatory signal is clear: the EU expects more than written rules, especially where child safety is concerned.
Meta disputes the commission’s preliminary findings.. A company spokesperson said Instagram and Facebook are intended for people aged 13 and older and that it has measures to detect and remove accounts belonging to users under that age.. Meta also said it continues to invest in technologies to find and remove underage users and plans to share additional measures next week.
Why this matters for Meta is also why the EU is pushing the question harder across Europe.. Under the DSA, if the Commission’s finding is upheld, Meta could face a fine of up to 6% of its global annual turnover.. That’s a financial lever designed to ensure compliance, but it also reflects a wider policy shift: regulators are no longer satisfied with “best efforts” language when risks affect minors.
For families and young users, the practical impact is straightforward.. A platform that relies on self-reported age—even when an age floor is clearly stated—creates an opening for abuse.. The Commission argues the gaps it has identified expose children below 13 to risks such as cyberbullying, grooming, and “age-inappropriate experiences”.. Those are not abstract harms; they connect to everyday online interactions—messaging, recommendations, and comment sections—that can shape what children see and how they respond.
The Commission estimates that about 12% of children under 13 in the EU use Instagram and Facebook.. It also pointed to a wider concern about what algorithms can do once a young user is on the platform, including the potential for “rabbit hole” effects—where recommendation systems keep feeding users negative or extreme content.
This is part of a larger EU posture on big tech and children.. Spain has backed a social media ban for under-16s, citing the “digital wild west” risk, while French lawmakers voted for restrictions for under-15s.. The UK has said it is looking at “age or functionality restrictions” for children under 16.. Even with different thresholds and policy models, the direction is similar: Europe wants clearer guardrails, not just privacy policies and community guidelines.
At the center of the Commission’s next phase is whether better age verification can become real-world infrastructure.. In a related development, EU officials urged member states to have an EU age verification app in operation by the end of the year.. The proposal is designed so users can prove their age without handing over extra personal details to the platform they want to access, potentially working as a standalone app or within national “digital ID wallets.”
Some governments are hesitant, preferring national solutions instead of the EU app. There have also been concerns from security experts about how quickly a demo version might be exploited, though the Commission says a vulnerability has been fixed and the app is not yet publicly available.
As Meta prepares its defence, the case is likely to continue to reverberate beyond one company.. The DSA was built to force platforms to actively manage systemic risk, and this preliminary decision tests whether that obligation applies in a concrete way to age gating—when children can bypass it with a fake birthdate and when reporting tools don’t promptly remove the problem.