DSA protection of minors guidelines
The European Commission published these guidelines in July 2025 under Article 28 of the Digital Services Act (DSA). They explain how online platforms accessible to minors can provide a high level of privacy, safety, and security.
Preserved official guidelines PDF
The guidelines organize risks into five categories:
- content risks, including harmful and illegal content;
- conduct risks, including cyberbullying and dangerous challenges;
- contact risks, including grooming, coercion, and sexual extortion;
- consumer risks, including profiling, deceptive design, gambling-like features, and unwanted spending;
- cross-cutting risks, including effects involving artificial intelligence (AI), health, privacy, location, and security.
They also recognize that online platforms can support education, expression, connection, community, creativity, critical thinking, agency, and entertainment. Their proportionality analysis therefore asks platforms to consider children’s rights and the positive effects of a service, not merely its possible risks.
Age assurance is one measure among many
The guidelines recommend age verification for services that present high risks to minors, such as pornography and gambling, and where EU or national law sets a minimum age. For other services, they contemplate age estimation or self-declaration where a platform needs an age range to apply graduated protections.
Age restrictions should be used only where the relevant risks cannot be mitigated as effectively through less intrusive measures. The document repeatedly presents age assurance alongside privacy-by-design, safer defaults, recommender changes, contact controls, moderation, reporting, and commercial safeguards. It also encourages platforms to make protective measures available to all users where appropriate, which can remove the need to classify a user by age.
Product changes proposed by the Commission
The guidelines recommend measures including:
- private accounts and the highest safety settings by default;
- restrictions on who may contact, tag, mention, or add a minor to a group;
- location, camera, microphone, contact synchronization, and behavioral tracking switched off by default;
- autoplay, live streaming, push notifications, streaks, public reaction counts, read receipts, and account recommendations switched off by default;
- friction before viewing or posting potentially harmful material;
- meaningful controls over recommender systems, including signals such as “show me less”;
- confidential reporting, blocking, muting, effective moderation, and urgent human response;
- limits on profiling, disguised advertising, manipulative spending, loot boxes, and commercial AI nudging;
- participation by children in product design and governance.
These are recommendations rather than a closed compliance checklist. Their effectiveness depends on implementation, testing against real outcomes, and enforcement under the DSA. The Commission’s separate proceedings against large platforms remain relevant evidence about whether voluntary mitigations change the underlying service design.
The guidelines provide the main EU policy framework for Alternatives to age verification and the design proposals in Less harmful social media.