The **UK government** has announced a landmark decision to ban under-16s from accessing social media platforms, with regulations expected before Christmas and full implementation by spring 2027. This move, spearheaded by Prime Minister **Keir Starmer**, follows a national consultation and is framed as an effort to "give kids their childhood back." To enforce this ban, social media companies will be required to implement robust age verification for new accounts. This will likely involve users uploading an ID or undergoing a facial age scan, similar to checks already in place for adult sites serving UK visitors under the **Online Safety Act** since July 2025. ### The Enforcement Mechanism: Age Checks for All New Accounts While existing accounts will largely be grandfathered in, any new social media account created in the UK after the rules take effect will trigger age verification. This effectively ends anonymous account creation for all new users, regardless of age. Technology Secretary **Liz Kendall** stated, "Tech companies have had countless opportunities to keep children safe, yet they have failed to act. That is why we are taking power away from the tech giants and putting it back in parents' hands." ### Scope of the Ban The ban targets user-to-user platforms designed for social interaction with algorithmic feeds, explicitly naming **Instagram**, **YouTube**, **TikTok**, **Snapchat**, **Facebook**, and **X**. Messaging services like **WhatsApp** and **Signal**, as well as **YouTube Kids**, are excluded. A narrow exemption list covers educational services, e-commerce, and music streaming. Beyond the ban, high-risk features such as livestreaming and direct contact from strangers will be restricted across a broader range of services, including gaming platforms like **Roblox**. These restrictions will also apply by default to 16- and 17-year-olds to avoid a "cliff-edge at 16." Additionally, **AI** "romantic companion" chatbots simulating sexual or roleplay relationships will require an 18+ minimum age, with intimate functions restricted for under-18s on other AI chatbots. ### The Catch for Adults: New Account Verification The government assures that most existing adult accounts will not face new checks. Accounts open for over 16 years, linked to a credit card, or tied to an already age-verified email are considered low-risk. However, this grandfather clause does not apply to new accounts. Any adult creating a new social media account will be subject to the same verification methods: a facial recognition check or an ID upload. This quietly transforms a child protection measure into a universal age-gating requirement for new accounts. While currently a lighter touch than the **Online Safety Act**'s "highly effective" age checks for adult content, the new social media regime normalizes similar verification plumbing. **Ofcom**, the UK's communications regulator, has been tasked with studying how to verify users are over 16, with a fact sheet suggesting facial recognition as a simple method.  ### The VPN Loophole and Circumvention Concerns A significant weakness highlighted by experts is the ease with which **VPNs** can circumvent these age restrictions. The **Online Safety Act** targets sites, not users, meaning connecting via a server outside the UK bypasses the checks. Reports from **VPN** providers indicate massive signup spikes when adult-site enforcement began. Australia's similar ban, implemented in December 2025, saw over 60% of children still using social media months after the ban. The UK government has ruled out a blanket **VPN** ban for the entire population due to legitimate uses, though a children-specific clampdown on **VPN** use has been debated in Parliament. ### Cybersecurity and Privacy Implications Cybersecurity and privacy experts are raising alarms. **Dr. Siamak Shahandashti**, a senior lecturer in cyber security and privacy at the **University of York**, points to recent empirical work demonstrating that age verification methods currently deployed on adult sites are easily circumvented. Beyond circumvention, the mandatory collection of ID and biometric data from millions of users, including adults, presents a substantial data breach risk. The rushed implementation with limited political scrutiny further exacerbates these concerns, creating new vulnerabilities while failing to provide a robust solution to the intended problem.