Age Limits and Platform Policies — What the Law Requires

When parents hear that a platform has a minimum age of 13, they often assume this means something enforceable — that a meaningful gate exists, that platforms verify age, that children under 13 are in some meaningful sense protected from content and data collection designed for adults. The reality, as documented across three major legal frameworks, is considerably more complicated.

Three distinct legal regimes address different aspects of children's online protection: COPPA addresses children's data privacy; the UK Children's Code addresses data-protection design; the DSA addresses platform obligations and advertising to online platforms and their personal data: the United States' Children's Online Privacy Protection Act (COPPA), the United Kingdom's Age-Appropriate Design Code (informally known as the Children's Code), and the European Union's Digital Services Act (DSA) — supplemented by national implementations including stricter German rules and France's emerging age verification legislation. Each takes a different approach, each has different enforcement mechanisms, and all three share a common challenge: platforms cannot reliably verify age without mechanisms that raise serious privacy concerns of their own.

This topic examines what each framework actually requires — not what headlines claim they require — how enforcement has worked in practice, and what the gap looks like between the legal obligations platforms carry and what actually happens when a ten-year-old creates an account.

Why this matters for parents

Understanding the legal frameworks does not tell you what to do as a parent. But it does tell you what protection the law currently provides — and, crucially, where it does not. Parents who believe that regulatory regimes provide meaningful backstop protection for children will make different decisions than those who understand the actual enforcement record. The evidence presented here is not intended to alarm or to reassure; it is intended to be accurate.

A secondary reason this topic matters is that the debate about children's online safety is increasingly a policy debate as well as a parenting debate. The UK Online Safety Act, the US Kids Online Safety Act (KOSA), France's age verification pilots, and European DSA enforcement actions are all live political issues. Understanding the evidence base for what current law requires and achieves is essential to following that debate critically.

The age-13 threshold: where it comes from

The minimum age of 13 on most major social media platforms is not an arbitrary choice — it is a direct response to COPPA, which applies specifically to children under 13 in the US. Platforms set their minimum age at 13 to avoid triggering COPPA's requirements. This means the 13-threshold is a legal compliance strategy, not a developmental judgement about what age is appropriate for social media participation. The American Academy of Paediatrics, developmental psychologists, and most paediatric bodies have consistently noted that 13 has no special developmental significance as a threshold (Council on Communications and Media, AAP, 2016).

The UK's Children's Code and EU's DSA both take a different approach, extending protections to all children under 18 — recognising that the 13-threshold addresses a narrow slice of the population.