The UK social media ban and other measures
The Government has announced the first stage of his response to the “Growing up in the Online World” consultation, with the headlines including the proposal to ban children under-16 from accessing social media platforms. Further detail will follow on other measures responding to the consultation in July. We have rounded-up initial responses from civil society organisations within our Network and beyond here.
This explainer sets out the legislative context for the next steps in implementing the measures, what we know about what’s been announced, some gaps and the remaining decisions for the Secretary of State.
Background
In January 2026, the Government announced that there would be a consultation on a social media ban. This was partly triggered by the Grok images (including sexualised images of children) but also by a successful parent-led campaign to influence MPs, including many Labour backbenchers, to call for one. The consultation - Growing up in the online world: a national consultation – was published on 2 March 2026 with an end date of 26 May 2026. You can read our full response to the consultation here, and those from other organisations in our Network, here.
While the main focus of the consultation may have been to gauge wider public opinion on a ban on social media for under-16s, the consultation covered other issues as well with the scope of the consultation related to ensuring that children have “healthy online experiences”. As the Secretary of State said in her announcement (press release here), the consultation covered questions around the ban, raising the digital age of consent from 13 and the ability of companies to use children’s data as well as:
whether there should be curfews overnight or breaks to stop excessive use or doomscrolling; how we ensure more rigorous enforcement of existing laws around age verification; and action to address concerns about the use of virtual private networks to get around important protections.
The consultation also covered use of chatbots, age verification and media literacy initiatives, as well as considering the impact of VPNs (and other mechanisms for circumvention) and the desirability of putting phone policies for schools on a statutory footing. This took place against the development of guidance on screen use for 0-5 year olds (the Government has recently announced it will now develop guidance for 5-16 year olds) and indicates a shift in policy from early 2025, when – in response to an e-petition and in its handling of the Josh MacAlister PMB – the Government said it was not minded to support a ban.
While the consultation was under way, Lord Nash tabled amendments to the Children’s Wellbeing and Schools Bill, introducing a ban on social media for under-16s. The Government experienced successive defeats in the Lords and in response announced that it would take powers in the Children’s Wellbeing and Schools Bill (now Act) to introduce a regime implementing the outcome of the consultation, rather than use primary legislation – this use of Henry VIII powers was said to be necessary in the interests of speed. In addition to the powers in the Children’s Wellbeing and Schools Bill, the Government also took powers to extend the illegal content duties in the Online Safety Act to certain AI tools via the Crime and Policing Act in response to the “abhorrent non-consensual intimate images being shared on Grok”. For more on the Crime and Policing Act see here.
The Statutory Framework
Section 70 Children’s Wellbeing and Schools Act adds a new provision to the Online Safety Act: s 214A. Section 214A(1) gives a power to the Secretary of State to act – the word used is “may”. On the surface, this looks like the Secretary of State could therefore choose not to exercise the power; however, s. 214A(9) states that the Secretary of State must exercise the power in response to the consultation, after the consultation closes. Moreover, in doing so, the Secretary of State must “have regard to the responses to that consultation (s 214A(9)(b))”. While there is no timescale in the Online Safety Act for the Secretary of State to act, s 71 Schools and Wellbeing Act requires the Secretary of State to lay a progress report before parliament within 3 months of Royal Assent (end July 2026) and to set down a timeline for bringing in the first set of Regulations before 12 months has elapsed (July 2027). If the Regulations are not laid in this time period, the Secretary of State must explain why; the Secretary of State then has a further 6 months within which the Regulations must be laid (s 71(4)(b)). It is also open to the Secretary of State to use the power multiple times (note s 71 Children’s Wellbeing and Schools Act and the fact sheet refers to the “first set of Regulations…”), though the constraints on timing would not apply here. Any regulations must be approved by both Houses of Parliament.
When the power is used it must be for the purpose of “protecting relevant children” from a risk of harm. Section 214A(2) clarifies that the Secretary of State may distinguish between groups of children by age (but seemingly not other particular types of vulnerability) that action could target sub-groups of children as well as mechanisms to protect all children. As this provision is now sitting in the Online Safety Act, the definition of “harm” there applies. Section 234(1) Online Safety Act states that ‘“Harm” means physical or psychological harm’, thus excluding societal harms. The phrasing in s 214A(1) makes clear that harms can be content-based harms, but it seems that from the phrasing that while harm includes such types of harm, it is not limited to them. In principle, the Secretary of State could use her powers her to tackle non-content-based harms – this is important if the Government is hoping to tackle concerns around addiction.
The sorts of services that could be subject to regulation is broad – s 214A(1) refers to “specified internet services”. Internet services are defined in s 228 Online Safety Act as “a service that is made available by means of the internet” and includes those based outside the UK which still have a link with the UK. “Specified” means that the Secretary of State can choose which services within this overarching class is affected.
Section 214A envisages two levels of control: either prevention of access or restriction of access. This control can relate either to a type of service, or to particular features or functionalities. Section 214A(4) gives an indicative list of the sorts of restrictions that could be introduced including curfews and time limits on service use. In addition to taking into account the responses to the consultation, already noted, the Secretary of State when making the regulations must take into account:
the different ways in which an internet service of a particular kind is used, including functionalities or other features of the service that affect how much children use the service, and the impact of such use on the level of risk of harm that might be suffered by children (s 214A(6)(a))
and the differential impact of such services/features by age.
Section 214A does not say much about enforcement; it does expressly provide that obligations under s 214A can be “enforceable obligations” under the Online Safety Act, essentially bringing in Ofcom as regulator with all its information gathering and enforcement tools. Significantly, the Secretary of State does not have to choose this route. However, in her statement to Parliament announcing the Government’s response, she appeared to confirm that it is the existing OSA framework and Ofcom’s existing powers that will be in play here:
“people worry that a ban would push children on to riskier, less regulated sites, and that is something that I take extremely seriously. I have had a long conversation with Ofcom and its new chair, and have written to them to stress once again that enforcement of the Online Safety Act 2023 and our new ban must be a top priority.”
Later in the debate, in response to a question from Helen Maguire MP about how to enforce the ban:
“That is why I have specifically asked the new incoming chair of Ofcom to hold an urgent review of its capabilities, to ensure that it focuses rigorously on enforcement—including on riskier sites, in case children go off the main platforms and go further underground—and to publish a clear strategy and a proper report to Parliament on how that enforcement is going. In the end, the proof of the pudding is in the eating”.
The Children’s Wellbeing and Schools Act gives the Secretary of State the power to amend the age of digital consent found in the GDPR (s 72). Currently it sits at 13. The power allows the Secretary of State to raise the age limit, but no higher than 16. Enforcement of this, as part of the data protection regime, would fall to the ICO. The ICO responded to the Government consultation, discussing the digital age of consent and how it differs from a ban (pp8-9).
The Announcement
The Government announced its initial response to the consultation, together with the June progress statement on Monday 15 June. It also wrote to Ofcom. The response will consist of a number of elements:
- social media ban
- blocks on harmful features beyond the ban
- bans on “romantic chatbots”
- curfews and time limits
- and as a necessary factor in implementation of these, strengthened age verification.
In addition to regulator measures, the Government also aims to give children access to more educational and positive content and experiences, both online and offline.
These measures sit on top of the provisions in the Online Safety Act which will continue to be relevant to all user-to-user services as regards children over 16, and services that lie outside the ban as regards under 16s. Obviously, the Online Safety Act remains the only mechanism of protection for adults. The Online Safety Act also includes a media literacy remit for Ofcom and it plans shortly to publish a Media Literacy Statement of Recommendations aimed at services.
The Government’s announcement does not provide a complete picture; further announcements will be made in July. In addition, Ofcom has been tasked with carrying out work on HEAA reporting in October, along with a review of its enforcement capabilities which its new Chair, Sir Ian Cheshire, has been tasked to undertake. This two-stage process of response to the consultation is a somewhat bitty approach, perhaps dictated by the timeline in s 72 Children’s Wellbeing and Schools Act.
The Ban
The headline news was that the Government is planning a ban on social media services, its scope reflecting that of the Australian ban (s 63C Online Safety Act 2021 (Aus), which refers to “age restricted social media platforms” and given more detail in the Online Safety (Age‑Restricted Social Media Platforms) Rules 2025). This means that the ban will affect a sub-set of user-to-user services as defined in the Online Safety Act. The Government has tried to identify the scope as follows:
user-to-user platforms, whose purpose is to enable social interaction and which allow users to post material, alongside algorithms
and referring to specific services, which are large mainstream services. This definition will need tidying up: the criteria (with the exception to the reference of user-to-user) are taken from the Australian legislation and overlap somewhat with the existing definition of user-to-user service
The announcement is clear that messaging services lie outside the proposed ban. . In the debate on her statement, the Secretary of State confirmed, in a response to Damian Hinds MP, “the messaging services are not covered by the ban” and later “we are not including things like WhatsApp in this policy. Parents have been clear that they want to be able to contact their children.” As currently stated however, messaging services are not clearly excluded from the ambit of the proposed ban (they are user-to-user services under OSA), so there is some work to do to draw a boundary between the two categories of service. It is unclear whether functionally it is easy to draw a clear line between messaging apps and social media. It is also unclear how one might assess when the purpose of social interaction is satisfied. Would YouTube, which seems to be more about broadcasting to audiences, be determined to be a service whose purpose is social interaction? It has appeared in the list of services that the Government wants to catch in the ban (See June progress Statement, p 18).
An obvious question here is what happens to small but high harm services. In addition to the direct harm from these services, there are questions about the role they play in the overall online ecosystem. Moreover, how will the Government deal with services that allow users to see content without logging in, such as YouTube and Reddit? When asked about this in the Commons by the LibDem’s Munira Wilson, the Secretary of State avoided the question and was rather flippant about the issue:
“We will bring in highly effective age-verification measures, because we want to ensure that we learn the lessons from what has happened in Australia. The Under-Secretary of State for Science, Innovation and Technology, my hon. Friend the Member for Vale of Glamorgan (Kanishka Narayan), who has responsibility for online safety, went to learn all those lessons. There is much more that we will be saying as we draft the regulations and take this forward, but in my view that is one of the big lessons. However, I want to be honest about this: kids will get around this. Kids have always got around smoking and drinking—we have all done it. Maybe not! [Laughter.] That is what kids do.”
The Government is also considering a “narrow” list of exceptions – educational services, e-commerce platforms and music streaming. In general, the definitions will need to be scrutinised carefully to ensure that it is too easy to restructure a service to avoid the ban, and to make sure that the boundary between banned services and those that are not banned are clearly defined. Ofcom’s letter to DSIT noted:
“A clear lesson from the first year of implementing the Online Safety Act has been that clarity in the law facilitates successful compliance and enforcement. We would encourage the Government’s regulations to be as clear and specific as possible, including about the services these restrictions will and will not apply to”.
The legal framework could leave it for services to self-identify and comply, or it could impose the task of identifying services to a specified body (including but not necessarily Ofcom), or even the Secretary of State. A list could be indicative (so informing services they are definitely covered but not exhaustively so) or state that the rules only apply to those services identified. We see Ofcom being given the role of applying criteria to determine which of the services regulated under the Online Safety Act are categorised services (s 96 Online Safety Act (UK)); their register of categorised services, specifying which companies are in which category, is due to be published in July this year. This second approach would narrow the scope of the ban. It would also give significant power to the body drawing up the list and, of course, be amenable to judicial review on grounds of fairness particularly.
It is unlikely that the Regulations will list services but rather specify criteria to identify relevant services. Writing a list of services into legislation seems to contradict the idea that all are equal before the law – a fundamental constitutional principle. However achieved, such a list would have to be kept updated, and is open to manipulation (eg through phoenix companies and mirror sites). While the Australian legislation does not propose such a register, the e-Safety Commissioner has produced a list of services she thinks fall within the Australian statutory definition and this has been used frequently in the media this week to show which services are likely to be in the UK version of the ban.
In terms of justifying the scope of the ban, beyond referring to the Australian model, the Government states that Ofcom’s research shows that the mainstream social media services are where most of the harms arise – although WhatsApp and Roblox heavily used by children. Of course there are concerns about content on messaging apps, with large groups and real-time video contact possible. Moreover, there are some suggestions that messaging apps can also be addictive (eg through the read receipt feature, push notifications and group chats) Indeed it is arguable that the smart phone itself – with all the services it carries – is part of the problem. Perhaps this is why the Government also intends to look at risky features across the board.
While the Government states companies should be responsible for making their products safe for children, banning them from those products hardly seems to incentivise services to make safety changes. It is unclear how a ban, in the words of the progress statement is “welcom[ing] and support[ing] websites and online services that put children first and treat them responsibly” (p 9).
Harmful Features
There is a second level of rules – those restricting access to features rather than preventing access to services. As the Government notes,
“[w]hile social media services pose a unique risk due to the combination of their design features, there are also other services that children access that have many of the same harmful functions”. (June Statement p 25)
and the Secretary of State said in Parliament that messaging services with risky features and functionalities may still face interventions (“if they have features and functions—as they do—that allow strangers to communicate with children, we want to deal with that. We will be coming forward with further detail”). The consultation asked about location sharing, disappearing content, live streaming, talking to strangers and sending nude media, as well as addictive design features such as infinite scroll. It did not address endorphin-triggering features such as push notifications and popularity metrics. The Government has made decisions on some features, seemingly, but is still considering options in relation to others. Note the restriction on taking and sending nudes is be being dealt with separately (potentially requiring primary legislation) rather than as a function under this regime. In Parliament, the Secretary of State divided the action underway into three parts:
“We need to keep the implementation of the Online Safety Act 2023, we need to tackle devices to stop kids taking, sharing and seeing nude pictures, and we need to put restrictions on AI chatbots and social media platforms, because that is how we will keep kids safe.”
This division between the ban and restrictions on risky features on the one hand and device level control on nudes on the other may be because the obligations are addressed to phone manufacturers or the providers of operating systems rather than internet service providers. A decision has not yet been made about overnight curfews and infinite scrolling. Details about other functionalities are expected in the July announcements.
The Government has distinguished between preventing under-16s accessing these features on any service (so those services not caught by the ban) and requiring services (ie those caught by the ban and those not) providing those features to make sure they are default off for 16 and 17 year olds. The press release also states expressly that these functionality obligations will apply to gaming sites for under-16s as well as those over-16; in Parliament, the Secretary of State said that the reason gaming sites were not included in the blanket ban is because “we have a brilliant, fantastic, world-leading gaming industry in this country” . It is unclear whether they will apply to all user-to-user services. So far the features the Government has identified are:
- livestreaming; and
- stranger communication with children.
The Government confirmed that the livestreaming ban applies across all services and that, while the stranger communication ban would apply to gaming platforms it would not affect children’s ability to participate in multiplayer games online. It is unclear how the definitions will deal with the difference between live streaming and live videocalls (and whether it matters if you are on a call to one person or multiple people).
Chatbots
One specific type of feature is a chatbot, which can be freestanding or part of a user-to-user or search service. Those parts of a regulated service will be regulated as such but there has been a gap as regards freestanding bots. Concerns have arisen about the impact of these bots in terms of hallucinations, manipulation, facilitating cognitive offloading, “AI psychosis” and addiction, especially when used in place of conversations with appropriately qualified or caring people. (See our research brief here.) There are also societal concerns arising out of the widespread deployment of chatbots. The Government has chosen to focus on romantic companion apps, which are often sexualised, requiring them to be age-gated. While it acknowledged concerns around mental health issues and manipulative design features, the Government has decided to “continu[e] to look” at these risks (June Statement, pp 32-33), with the aim at some point in the indefinite future of acting.
Note the Children’s Wellbeing and Schools Act is not the only place that potentially deals with chatbots: the Crime and Policing Act does too. The Crime and Policing Act provisions cannot deal with the issues around mental health and addiction because of the focus of the Act: it will deal with illegal matters.
Enforcement
One of the concerns surrounding the Australian regime was how easy it was to bypass the rules, either because age verification was not in place or was ineffective, or by using VPNs. The Secretary of State referred to this in her response so questions in Parliament: “The Minister for Online Safety spent a week in Australia learning the lessons, including about how kids are getting around the ban. That is why we have already said that we want more highly effective age-assurance measures.”
Age Verification
The Online Safety Act already requires highly effective age assurance for some purpose, and Ofcom has produced guidance on what this means. An early strand of its compliance programme focussed on pornographic websites, ensuring that they implemented appropriate technology. Many, however, dealt with the issue by geo-blocking the UK instead. There are clearly some sites that have not complied with the Online Safety Act requirements.
In its letter to Ofcom, the Government asked it to carry out a “rapid assessment of what highly effective age assurance looks like for determining whether someone is over 16”. Ofcom has confirmed that by the end of October it will provide the requested technical assessment. It had the following initial observations:
- 16 is harder than 18 because things like credit card checks and the like will not be available
- there will be challenges is how to deal with the “ageing” of child accounts (and age verification will have to deal with 18+ and 16+ plus boundaries effectively)
- the Australian model suggests that age inference techniques are not sufficient to deliver an effective privacy preserving solution
- age checks should be built into multiple stages of the journey – so a whole-of-system approach is the most effective.
The Secretary of State also stated:
that this ban must be rigorously enforced from the outset. Visible, credible enforcement will be essential to building confidence that these protections are real and effective in practice and you continue to have my full support to use the full range of enforcement powers at your disposal.
As confirmed by Melanie Dawes in her response, Ofcom will publish a report on the impact of the ban within a year of it coming into force.
VPNs
One of the common themes arising in relation to both the Australian rules and the UK’s is the extent to which they are circumvented by the use of VPNs – and questions have been asked about control on VPNs in Parliament. VPNs, of course, have legitimate uses. Ofcom has stated that VPNs are not contrary to the Online Safety Act, though sites encouraging users to circumvent UK rules through the use of VPNs would be. The consultation noted the possible impact of VPNs (p 41), though the June Progress Statement was silent on what, if anything, the Government planned to do.
The Secretary of State told the Commons:
“We will come back to VPNs in July; I have commissioned further research about their usage. There are really important issues to balance here. Many people want to use VPNs for privacy—that is important—but we know that some children use them to get around restrictions. I will come back to that in July in our response to the consultation”.
Further commentary on the policy decisions the Government has made and its handling of the evidence it received during the consultation will follow shortly.
