Original text
European Commission - Press release Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook Brussels, 29 April 2026 The European Commission has preliminarily found Meta's Instagram and Facebook in breach of the Digital Services Act (DSA) for failing to diligently identify, assess and mitigate the risks of minors under 13 years old ...
European Commission - Press release Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook Brussels, 29 April 2026 The European Commission has preliminarily found Meta's Instagram and Facebook in breach of the Digital Services Act (DSA) for failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services. Despite Meta's own terms and conditions setting the minimum age to access Instagram and Facebook safely at 13, the measures put in place by the company to enforce these restrictions do not seem to be effective. The measures do not adequately prevent minors under the age of 13 from accessing their services nor promptly identify and remove them, if they already gained access. For example, when creating an account, minors below 13 can enter a false birth date that makes them at least 13 years old, with no effective controls in place to check the correctness of the self- declared date of birth. Meta's tool for reporting minors under 13 on the platform is difficult to use and not effective, requiring up to seven clicks just to access the reporting form, which is not automatically pre-filled with the user's information. Even when a minor under 13 is reported for being under the age threshold, there often is no proper follow-up, and the reported minor can simply continue to use the service without any type of check. This builds on an incomplete and arbitrary risk assessment, which inadequately identifies the risk of minors under 13 accessing Instagram and Facebook and being exposed to age-inappropriate experiences. Meta's assessment contradicts large bodies of evidence from all over the European Union indicating that roughly 10-12% of children under 13 are accessing Instagram and/or Facebook. Moreover, Meta seems to have disregarded readily available scientific evidence indicating that younger children are more vulnerable to potential harms caused by services like Facebook and Instagram. At this stage, the Commission considers that Instagram and Facebook must change their risk assessment methodology, in order to evaluate which risks arise on Instagram and Facebook in the European Union, and how they manifest. Moreover, Instagram and Facebook need to strengthen their measures to prevent, detect and remove minors under the age of 13 from their service. Meta must effectively counter and mitigate risks that minors under the age of 13 could experience on the platforms, which must ensure a high level of privacy, safety and security for minors. Next steps In exercising their right of defence, Instagram and Facebook now have the possibility to examine the documents in the Commission's investigation files and reply in writing to the Commission's preliminary findings. The platforms can take measures to remedy the breaches, in line with the 2025 DSA Guidelines on the protection of minors . In parallel, the European Board for Digital Services will be consulted. If the Commission's views are ultimately confirmed, the Commission may issue a non-compliance decision, which can trigger a fine proportionate to the infringement which shall in no case exceed 6% of the total worldwide annual turnover of the provider. The Commission can also impose periodic penalty payments to compel a platform to comply. These findings do not prejudge the final outcome of the investigation. Background These preliminary findings are part of the Commission's formal proceedings launched against Instagram and Facebook under the DSA on 16 May 2024. The preliminary findings are based on an in-depth investigation that included an analysis of Instagram's and Facebook's risk assessment reports, internal data and documents, as well as the platforms' replies to requests for information. In the course of these investigations, the Commission's work has been supported by many civil society organisations and experts on the protection of minors across the Union. The Commission used the 2025 DSA Guidelines on the protection of minors as a benchmark to evaluate Instagram's and Facebook's compliance with the obligation to ensure a high level of privacy, safety and security for minors. The DSA guidelines identify age estimation and age verification as an appropriate and proportionate way of ensuring a high level of privacy, safety and security for minors. To be effective, all age-assurance technologies must be accurate, reliable, robust, non-intrusive, and non-discriminatory. The Commission developed a blueprint for an EU Age Verification app , which can serve as a reference framework for age verification with a user-friendly and privacy-preserving age verification method. The Commission continues its investigation into other potential breaches that are part of these ongoing proceedings, including Meta's compliance with DSA obligations to protect minors and the physical and mental well-being of users of all ages. This investigation covers also the assessment and mitigation of risks arising from the design of Facebook's and Instagram's online interfaces, which may exploit the vulnerabilities and inexperience of minors, leading to addictive behaviour and reinforcing the so-called ‘rabbit hole' effects. IP/26/920 Quote(s): "Meta’s own general conditions indicate their services are not intended for minors under 13. Yet, our preliminary findings show that Instagram and Facebook are doing very little to prevent children below this age from accessing their services. The DSA requires platforms to enforce their own rules: terms and conditions should not be mere written statements, but rather the basis for concrete action to protect users – including children." Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy - 29/04/2026 Press contacts: Thomas REGNIER (+32 2 29 91099) Patricia POROPAT (+32 2 29 80485) General public inquiries: Europe Direct by phone 00 800 67 89 10 11 or by email
Speech Brief