European Commission guidelines on the protection of minors

IRIS 2025-7:1/3

Amélie Lacourt

European Audiovisual Observatory

On 14 July 2025, the European Commission published the final version of its guidelines on the protection of minors, following the publication of a draft in May 2025 (IRIS 2025-6:1/13). The guidelines aim to safeguard minors and ensure their privacy, safety, security and well-being on digital platforms under the Digital Services Act (DSA). They address the risks that children face online, including grooming, exposure to harmful content, problematic and addictive behaviours, cyberbullying, and harmful commercial practices. The development of the guidelines involved consultation with youth, civil society, regulators, online platform providers and the Better Internet for Kids (BIK+) initiative.

The guidelines will apply to all online platforms accessible to minors, meaning any service under-18s are likely to access, regardless of the stated minimum age in the platform’s terms and conditions. The only exception is for micro and small enterprises.

The guidelines include a non-exhaustive list of measures to protect minors, including regarding:

- Age assurance methods: Encouragement to adopt robust, reliable, and non-intrusive age verification tools, using the upcoming EU Digital Identity Wallet or the blueprint for age verification as a reference standard

- Content moderation: Strengthened moderation and reporting tools and improved parental control systems

- Recommender systems: Adapting algorithms to reduce exposure to harmful content by prioritising explicit user signals over behavioral data, and empowering children to control their feeds

- Well-being: Disabling by default features that promote excessive use (e.g., communication “streaks”,  “read-receipts”, autoplay) and introducing safeguards around AI chatbots

An important principle from the guidelines is the integration of privacy-, safety- and security-by-design in the design, development and operation of the services. In light of this, providers are required to:

- Set minors’ accounts to private by default, reducing exposure to unsolicited contact by strangers

- Limit visibility of minors’ content and prevent download or screenshotting by other users, reducing risks of unwanted distribution of sexualized or intimate content and sexual extortion

- Restrict features that exploit minors’ lack of commercial literacy, (manipulative advertising, loot boxes, or certain virtual currencies

The guidelines further require online platforms to carry out periodic risk reviews, identifying risks faced by minors on their services and the effectiveness of the existing measures. These reviews should in particular consider:

- The likelihood of children accessing the platform

- Potential impact on privacy, safety, and security

- The impact of any additional new protective measures on children’s rights

While voluntary, the guidelines will serve as a reference for assessing compliance with Article 28(1) of the DSA.