The Age-Gated Internet Is Becoming an Enforcement Problem

Byron Kaye reported for Reuters on June 26 that Australia’s prime minister vowed to strengthen the country’s social media ban for under-16s as evidence accumulated that the law, now six months old, has had little measurable impact on teen use. The government plans to stress-test the legislation banning platforms including Meta’s Instagram and Google’s YouTube from giving accounts to users under 16, with particular focus on empowering the eSafety Commission to enforce it.

The law’s failure to change teen behavior is not a surprise. It is the predictable result of pushing identity enforcement onto platforms that were not built for it. A BMJ study found that 85% of Australian 12-to-15-year-olds are still actively using social media. Age verification systems are being bypassed with elementary workarounds: one teenager told Reuters that holding a black-and-white image of a historical figure in front of a webcam passed an age check. Another clicked through an “I am over 18” prompt after being logged out. The systems were designed around the assumption that platforms would build meaningful gates. They have not.

The enforcement gap reveals what age-gating legislation often conceals: the burden of compliance was never well-defined. Platforms were told to prohibit underage accounts, but no mandatory identity verification standard was specified. Without that, platforms deployed friction rather than verification — opt-in declarations, camera checks, self-attested ages — and teens absorbed the friction without stopping.

Australia is not alone in this position. Britain announced this month that it plans restrictions extending further to gaming and live-streaming platforms. The U.S. has produced a patchwork of state laws pursuing the same goal through different mechanisms. Each adds to a growing body of age-gate legislation that assumes identity enforcement is an engineering problem platforms can be ordered to solve, rather than a structural access problem requiring a different architecture altogether.

The harder question the enforcement failure raises is about who actually carries the verification burden at scale. A universal identity system would require collecting biometric or government ID data on a population-scale basis, including from people who have never misrepresented their age. The cost of that infrastructure — in data risk, exclusion of undocumented users, and civil liberties exposure — does not appear in the legislation that demands it.

Power moved from household norms and platform discretion toward state-backed identity enforcement. The next phase of this fight will not be about whether governments can pass age-gate laws. They clearly can. It will be about whether enforcement mechanisms can be designed that do not trade one access problem for another — and whether the populations already least equipped to navigate identity systems pay the highest price for a law written to protect them.