EU Commission seeks feedback on guidelines for the protection of minors online under the Digital Services Act

The question

What might the change in the Digital Services Act (DSA) guidelines mean for providers of online platforms that can be used by minors?

The key takeaway

The European Commission (Commission), through the DSA, requires providers of online platforms that can be used by minors to make sure their services offer a high level of privacy, safety, and security to young users. Failure to do so can result in significant fines of up to 6% of a provider's annual global turnover in the previous financial year. The Commission has recently sought public input to continue developing guidelines for providers. Providers should continue to familiarise themselves with the Commission's current and future guidelines to ensure that their policies relating to regulating minors' use of their platforms are compliant with the standards expected by the DSA.

The background

The DSA came into force on 16 November 2022, with most of its operative provisions taking effect across all EU Member States on 17 February 2024. By regulating online platforms, marketplaces, social networks, app stores, and online travel and accommodation platforms, the DSA is aimed at protecting consumer rights and preventing illegal and harmful activities online.

In addition to general consumer protections, the DSA includes provisions designed for the specific purpose of protecting minors online. These provisions require the providers of online platforms that can be used by minors to ensure that their services offer a high level of privacy, safety and security to young users. Providers are expected to address online risks including: minors' inability to understand how the service works, the accessibility of "age-inappropriate content" to minors, and platform design features which could cause addiction.

To assist providers in identifying risks and developing measures to address them, the Commission has developed and shared helpful guidelines.

The development

The current version of the guidelines sets out a non-exhaustive list of measures that the Commission considers effective in meeting the standard of privacy, safety, and security required by the DSA.

As the list of measures is non-exhaustive, the guidelines set out general principles that the Commission recommends providers consider when determining whether their measures, or measures in development, are adequate for achieving the standards of the DSA. The guidelines explicitly state in relation to these general principles:

• Proportionality: 'Since different online platforms may pose different types of risks for minors, it will not always be proportionate for all providers to apply all the measures described in the Guidelines.'
• Children's rights: 'To ensure that online platforms achieve a high level of privacy, safety, and security for minors, it is necessary to consider all children's rights, including their right to protection, non-discrimination, inclusion, participation, privacy, information and freedom of expression, among others.'
• Privacy, safety, and security-by-design: 'Providers should integrate the highest standard of privacy, safety, and security in the design, development, and operation of their services.'
• Age-appropriate design: 'Providers should design their services to align with the developmental and emotional needs of minors, while ensuring their safety, privacy and security.'

The guidelines provide examples of adequate and inadequate measures and explore how each does or does not align with the four general principles. Examples of compliant measures include: (i) risk reviews which are guided by the best interests of the minor; (ii) service design considerations including age assurance protocols, registration gating processes and account setting controls; (iii) effective and child-friendly reporting systems; (iv) user support and tools for guardians; and (v) good governance such as through the use of suitable terms and conditions. Whether a measure meets the necessary standard and is appropriate or not for a particular platform, will depend on the nature of the platform and the way in which the measure is executed.

Recognising the diverse range of interests in the safety of online spaces, the Commission, as part of their public consultation, hosted a workshop of 150 experts from industry, academia, regulators, and youth representatives while also seeking wider public feedback from stakeholders to ensure that the guidelines factored in the broadest possible range of concerns. The guidelines were listed for public consultation from 13 May to 10 June 2025 with the final publication expected by summer 2025. 

Why is this important?

As highlighted in our Winter 2024 edition of Snapshots, the DSA gives the Commission both investigative and sanctioning powers, which the Commission continues to exercise with increased regularity. The importance of adhering to these provisions is evidenced in the Commission launching an investigation in 2024 into TikTok for potential breaches in its duty to protect minors' privacy and safety, and how it provides data to researchers.

With fines capable of totalling 6% of a provider's annual worldwide turnover in the preceding financial year, the penalty for failing to act in accordance with the duty towards ensuring a high level of privacy, safety, and security for minors, could significantly impact providers.

Any practical tips?

The deadline for public contributions to the Commission's guidelines has passed, which marks the beginning of the period for considering the feedback received. Providers should regularly monitor the Commission's website (amongst other publications) to remain up to date with the Commission's evolving expectations.

In the meantime, while awaiting further guidelines, providers would benefit from reviewing the general principles inspiring the Commission's guidelines thus far and evaluate their current policies with these principles in mind. Though the Commission's guidelines will change following their review of the public contributions, it is likely to fill in the gaps of the current Guidelines, rather than overhaul it in its entirety.

Identifying current policies relating to minors' registration and ongoing use of any relevant platforms, and reviewing these measures in line with guidelines' general principles and examples, will enable providers to more easily react to the changes expected this summer.