UK bans under-16s from social media, requires ID for new accounts

Key Takeaways

• New UK rules require ID or facial age scans for anyone creating a social media account from spring 2027
• Existing accounts are largely exempt, but anonymous account creation effectively ends for new users
• Privacy experts warn the checks are easy to bypass with VPNs and create massive biometric data breach risks

The UK government will ban under-16s from social media platforms starting spring 2027, with new regulations requiring anyone opening a fresh account to verify their age through ID uploads or facial recognition scans. Prime Minister Keir Starmer announced the plan on June 15, calling it a response to tech giants' failure to protect children online.

The catch: while the policy targets children, it also eliminates anonymous account creation for adults. If you want to open a new Instagram, TikTok, or X account after the rules take effect, you'll need to prove you're over 16.

Which platforms face UK age verification requirements?

The ban covers user-to-user platforms designed for social interaction that use algorithmic feeds. The government explicitly names Instagram, YouTube, TikTok, Snapchat, Facebook, and X. Ten major platforms in total fall under the mandate.

Messaging services like WhatsApp and Signal are excluded, as is YouTube Kids. There's a narrow exemption list for educational services, e-commerce, and music streaming.

The UK says it will go further than Australia's similar ban, which took effect in December 2025. High-risk features like livestreaming and stranger contact will be restricted across a wider range of services, including gaming platforms like Roblox. The game stays accessible, but features like chat get locked down for minors.

To prevent what the government calls a "cliff-edge at 16," stranger-contact and livestreaming restrictions will apply by default for 16 and 17-year-olds too. AI "romantic companion" chatbots that simulate sexual or roleplay relationships must enforce an 18+ minimum.

How will age verification actually work?

According to a government fact sheet, existing accounts get a pass. An account is treated as low-risk if it's been open for more than 16 years, has a credit card attached, or is linked to an email already age-verified elsewhere. Anyone who verified under the existing Online Safety Act won't need to do it again.

But that grandfather clause does nothing for new accounts. Create a social media account from scratch after the rules land and none of those passive signals apply. The fallback is what the fact sheet describes: a facial recognition check or an ID upload.

This mirrors the regime already in place for adult content sites. Since July 2025, the Online Safety Act has required adult sites serving UK visitors to run "highly effective" age checks for every user. Enforcement has been aggressive. By February 2026, Ofcom had opened investigations into more than 90 platforms and issued six fines.

The government has asked Ofcom to conduct a rapid study on how to verify whether someone is over 16. The fact sheet notes that proving you're over 18 "could be as simple as a facial recognition check." The same approach will likely extend to the under-16 ban.

What the critics are saying

Elon Musk, whose platform X falls under the mandate, responded with characteristic bluntness: "The UK is a police state." Shopify CEO Tobi Lütke warned about the "slippery slope" of global digital identity enforcement.

Security and privacy experts point to several problems. The checks are easy to circumvent. A VPN defeats all of it since the restrictions only apply to users connecting from UK IP addresses. VPN usage in the UK has already doubled since 2025 as users sought to bypass similar age-verification requirements on other sites.

The bigger concern is data security. Centralizing ID and biometric data with third-party age-assurance providers creates what critics call a massive honeypot for hackers. Every verification system becomes a target.

Discussion on Reddit and Hacker News has been overwhelmingly critical, focusing on "mission creep" and the privacy risks of third-party biometric storage. Many users doubt the measures will actually protect children, pointing to the ease of using VPNs or shared accounts.

The political context

Starmer framed the announcement as a direct confrontation with tech companies. "Tech giants had their chance and failed," he said. The government claims a national consultation drew more than 116,000 responses, with nine in ten parents backing an under-16 ban and two-thirds of young people agreeing that under-16s should be kept off at least some platforms.

Technology Secretary Liz Kendall echoed the combative tone: "Tech companies have had countless opportunities to keep children safe, yet they have failed to act. That is why we are taking power away from the tech giants and putting it back in parents' hands."

Critics argue the policy was rushed with little political scrutiny. The regulations are due before Christmas, giving platforms just months to implement verification systems that will affect millions of users.

What comes next

The government is also consulting on overnight curfews and breaks in infinite scrolling for under-18s, with details promised in July. The regulations themselves are expected before Christmas, with enforcement beginning in spring 2027.

The open question is whether this marks the start of broader digital identity requirements across the web. The infrastructure being built for child protection can easily extend to other purposes. Once platforms have verification systems in place, the temptation for governments to require their use for other policy goals becomes harder to resist.

Frequently Asked Questions

Will existing social media accounts need age verification in the UK?

No. Accounts open for more than 16 years, those with credit cards attached, or those linked to previously verified emails are exempt. Only new accounts face mandatory verification.

Can UK users bypass social media age checks with a VPN?

Yes. The restrictions only apply to users connecting from UK IP addresses. VPN usage in the UK has already doubled since 2025 as users circumvent similar requirements on adult sites.

Which apps are exempt from the UK under-16 social media ban?

WhatsApp, Signal, and YouTube Kids are explicitly excluded. Educational services, e-commerce platforms, and music streaming services also receive exemptions.

When do UK social media age verification rules take effect?

Regulations are due before Christmas 2026, with enforcement beginning in spring 2027.

Source: BleepingComputer