Across Europe, governments are increasingly pushing for age verification systems and social media restrictions designed to protect children from harmful online experiences.
The concern is understandable: young people today are accessing algorithm-driven platforms that often prioritize engagement over wellbeing. But once governments begin restricting access to parts of the internet based on age, difficult technical and political questions quickly follow.
Research on the effectiveness of age-based restrictions remains limited and contested, while critics argue that restricting access alone may not address the underlying systems that make online environments harmful in the first place. And then comes the practical challenge: what happens when users bypass age verification systems with VPNs?
That question may ultimately push the debate far beyond social media restrictions and toward much broader questions about privacy, enforcement, and the future of internet access itself.
Why Governments Are Pursuing Age Verification
Children can encounter genuinely harmful experiences online. Young people are exposed to distressing content, cyber crime, radicalization, predatory market practices, and online grooming at a scale that would have been difficult to imagine a generation ago.
In turn, governments across Europe are increasingly responding with social media restrictions and age verification proposals aimed at limiting children's exposure to harmful online environments. Denmark, Spain, and France are among the countries moving toward stricter age-based rules for social media access, particularly for teenagers under 15 or 16 years of age.
The concern itself is legitimate — a lot needs to be done to make the internet safer for children. In particular, platforms built around recommendation algorithms should prioritize safer, less polarizing, and more age-appropriate experiences for younger users. At the same time, questions remain about whether age restrictions address the deeper causes of harm online.
Critics Say Restrictions Don't Address the Root Causes
Limiting access to online services risks treating children as the problem to be managed, rather than addressing the systems and incentives that make online platforms unsafe in the first place.
UNICEF, for example, has stated that age-based social media restrictions should "not be a substitute for platforms investing in child safety," and that online services should be designed with child safety at the center.
From this perspective, restricting access alone risks shifting responsibility away from social media platforms and bad actors, while placing the burden primarily on younger users themselves.
The EU's Age Verification Plans Raise Technical Questions
Despite ongoing concerns, the European Union (EU) is moving ahead with plans for an age verification app, with the open-source code already published on GitHub. Researchers claimed they were able to hack the app within two minutes and identified several security issues in the published code, which the European Commission later described as a "demo version" rather than the final implementation.
Software bugs in new apps — including security vulnerabilities — are not unusual. Still, more was expected from a high-stakes system that could become part of the infrastructure governing access to online services for many young Europeans. In hindsight, labeling the release as a prototype might have better reflected its early-stage nature.
Critics argue that privacy-preserving age verification technology is still too immature, particularly for systems expected to operate on a large scale while handling sensitive user data. But beyond the technical issues, attention will likely shift toward how easily users can bypass age verification systems with a VPN once the app is released.
VPNs Could Become the Next Policy Debate
By routing internet traffic through servers in other countries, VPNs can make users appear to access websites from outside Europe, bypassing region-specific restrictions and verification requirements.
At the same time, many VPN server IP addresses are already publicly known, which is why some streaming services — including platforms such as Netflix and Hulu — already attempt to block VPN traffic altogether. However, these systems are rarely fully effective as new VPN providers regularly emerge and existing services change IP addresses.
Mandatory age verification would first require online services to detect VPN usage and then determine whether users fall under European age verification requirements. For globally used platforms, implementing and enforcing such checks may become technically complex and commercially undesirable.
VPNs are also widely used for legitimate purposes. In corporate environments, they often provide an additional layer of security. They can also help users access information that might otherwise be unavailable due to censorship or regional restrictions.
Therefore, if age verification systems are widely bypassed, political attention could shift toward VPN regulation itself — potentially affecting not only users seeking to avoid age restrictions, but also those relying on VPNs for security, privacy, and access to information.
Restricting VPNs Would Raise Bigger Questions
Software restrictions often become a game of whack-a-mole. When one service is blocked, users typically move to alternatives, creating ongoing enforcement challenges.
Some authoritarian governments have addressed this problem by criminalizing the use of certain software tools altogether. In democratic societies, however, enforcing restrictions on personal software usage would raise significant legal and privacy concerns.
The push for age verification and potential VPN restrictions both stem from legitimate concerns about online safety, but the broader question is what kind of internet infrastructure these systems create over time. Systems designed to restrict access for specific groups can also create a foundation for wider controls over online information and services.
The Real Goal Is What Kind of Internet We Want to Build
Ultimately, the core challenge is not just how to restrict access to harmful online experiences, but how to create healthier online environments in the first place.
The aim behind age verification proposals is understandable: protecting children from harmful content, exploitation, and predatory online systems. But restricting access to social media alone may not necessarily make the internet safer for younger users.
A better long-term solution may be an internet where online platforms — especially those built around algorithmic recommendations and personalized content — are designed with safety, dignity, and user wellbeing as core principles, rather than engagement at all costs.
The real goal here is not simply deciding who should be allowed online. It's deciding what kind of online environments we are building for everyone.