EU Finds Meta Falls Short on Blocking Under-13s from Facebook and Instagram

The European Commission has delivered a sharp rebuke to Meta, issuing preliminary findings that the company is violating the European Union’s Digital Services Act by failing to keep children under 13 off Facebook and Instagram. The decision, announced Wednesday after a nearly two-year investigation, underscores long-standing concerns that the social media giant has treated age verification and child safety as afterthoughts while its platforms continue to expose young users to potential harm.

According to the Commission, Meta’s own terms of service state that its platforms are not intended for minors under 13. Yet investigators found that children can easily bypass this restriction simply by entering a false birth date during account creation, with no meaningful verification systems in place to confirm their actual age. The reporting tools designed to flag underage accounts were described as cumbersome and ineffective, often requiring up to seven clicks to even access the proper form. Even when reports are submitted, the Commission said, Meta frequently fails to follow through with appropriate action to remove the children from the platforms.

EU tech policy chief Henna Virkkunen emphasized the disconnect between Meta’s stated policies and its actual practices. “Meta’s own general conditions indicate their services are not intended for minors under 13,” she said in a statement. “Yet our preliminary findings show that Instagram and Facebook are doing very little to prevent children below this age from accessing their services.”

The Commission also criticized Meta’s internal risk assessments for protecting minors as “incomplete and arbitrary.” These assessments, the EU said, fail to properly evaluate the specific risks faced by young users in Europe and appear to contradict substantial evidence from across the bloc showing that significant numbers of children between the ages of 10 and 12 are routinely accessing the platforms and encountering age-inappropriate content or experiences.

This latest action against Meta fits a broader pattern of European regulators attempting to hold powerful American technology companies accountable under the Digital Services Act, landmark legislation designed to force platforms to more aggressively identify and mitigate systemic risks. The DSA explicitly requires companies like Meta to diligently assess and address harms to vulnerable users, including children who may be exposed to bullying, predatory behavior, or harmful material before they are developmentally prepared to navigate social media.

In response, Meta pushed back against the preliminary findings while acknowledging the challenge of age verification. A company spokesperson told reporters that Instagram and Facebook are intended for users 13 and older and that Meta has systems in place to detect and remove underage accounts. “We disagree with these preliminary findings,” the spokesperson said. “We continue to invest in technologies to find and remove underage users and will have more to share next week about additional measures rolling out soon. Understanding age is an industry-wide challenge, which requires an industry-wide solution, and we will continue to engage constructively with the European Commission on this important issue.”

The company’s defense echoes arguments it has made in other jurisdictions, including the United States, where it has faced mounting criticism and lawsuits over its platforms’ effects on young people’s mental health. Advocates have long argued that Meta’s business model depends on maximizing engagement and user growth, creating perverse incentives that discourage rigorous age gates or content moderation that might reduce time spent on the apps.

European officials appear unconvinced by Meta’s claims of good faith. The Commission has ordered the company to overhaul its risk assessment methodology specifically for the European Union, demanding a more evidence-based approach that takes into account the documented presence of young children on its services and the particular ways risks manifest for them.

The preliminary findings mark a significant escalation in EU scrutiny of Meta’s child safety practices. If upheld after Meta’s opportunity to respond and review the evidence, the company could face substantial fines and requirements to fundamentally change how it operates in Europe. The Commission’s action also sends a signal to other tech platforms that regulators are prepared to move beyond voluntary commitments and enforce stricter standards when it comes to protecting children online.

For years, Meta has faced accusations from parents, researchers, and lawmakers that it has profited from the attention of young users while doing the bare minimum to shield them from harm. Internal documents leaked in previous years have shown company executives aware of these risks yet slow to implement robust solutions. Wednesday’s announcement from Brussels adds fresh ammunition to those criticisms, suggesting that even in one of the world’s most stringent regulatory environments, Meta has not treated child protection with the seriousness the law demands.

The company now has the opportunity to present counter-evidence and propose changes before the Commission reaches a final decision. Whether Meta will treat this as a genuine call to reform its practices or simply another regulatory hurdle to manage remains to be seen. For European officials and child safety advocates, the preliminary findings confirm what many have suspected: that Facebook and Instagram have become too easy for children to access, with too few real barriers standing between young users and the often-unregulated corners of Meta’s digital empire.