European Commission President Ursula von der Leyen announced Monday that the EU will pursue age-appropriate restrictions on social media access for minors across the 27-member bloc, drawing on an expert panel the Commission convened earlier this year.
The panel, co-chaired by Prof. Dr. Jörg M. Fegert and Dr. Maria Melchior and established in March 2026, recommended that children under 13 be allowed only time-limited social media access under parental or caregiver supervision, with restrictions easing gradually as teenagers get older. Von der Leyen said formal proposals would go to member states after the summer.
“It is very clear that we need age-appropriate restrictions to platforms,” von der Leyen said in Brussels. “The issue is not whether children can access social media, but whether and when social media can access our children.”
We need age-appropriate restrictions on platforms.
This is not about whether children can access social media.
It is about when social media can access our children.
For a safer start online for every child ↓ https://t.co/QheuC3gFzx
— Ursula von der Leyen (@vonderleyen) July 13, 2026
The announcement comes as the EU’s own enforcement infrastructure faces unresolved questions. The Commission’s age verification app, launched April 15 as part of its minors-online protection strategy, was bypassed by UK security consultant Paul Moore in under two minutes on April 16, just one day after von der Leyen publicly declared it technically ready. The app’s GitHub repository carried an explicit warning at launch that the code was not suitable for real-world use.
Bypassing the #EU #ageVerification app – part 2.
This time, it’s v2026.04-2 – which won’t run on rooted devices & has encrypted shared preferences.
If we ignore the fact they’ve used a 6 year old deprecated library, they haven’t actually solved the problem at all. An attacker… https://t.co/7PHMkeoBaT pic.twitter.com/b7H5TBBvCr
— Paul Moore – Security Consultant (@Paul_Reviews) April 23, 2026
On April 29, the Commission separately found Meta’s Instagram and Facebook in preliminary breach of the Digital Services Act (DSA) for failing to prevent children under 13 from creating accounts. The finding noted that minors could enter false birth dates with no effective controls in place.
The European Parliamentary Research Service (EPRS) warned in May that virtual private networks (VPNs) represent “a loophole in the legislation that needs closing,” citing surging VPN adoption following age verification enforcement in the UK and several U.S. states.






