A second amendment has also been made by the same authors, which aims to prevent people under the age of 16 in the UK from doing a lot of things online.
For this blogpost, I am working from the list of amendments running through December 16, 2025. The section in question is on page 25 of that PDF.
The purpose of this section is, among other things, to “make rules to prevent people under the age of 16 from accessing social media”.
The term “social media” is interesting here, because that’s not what the actual amendment says…
amendment self
(1) Within 12 months after the day on which this Act is passed, the Secretary of State shall, for the purpose of promoting the welfare of children,—
,
(b) all regulated user-to-user services are required to use highly effective age assurance measures to prevent children under the age of 16 from becoming or becoming users in accordance with the rules made by my statutory instrument.
Here are some key points.
The scope of services covered by it is unbelievably Wide
,[All] “Regulated user-to-user services” is broad in scope.
It is much broader than “social media”, and covers a large number of online services every day, including self-hosted services.
This is one of several major flaws in the UK’s Online Security Act 2023.
Do you want to use a closed user group, family-only, self-hosted XMPP service like Signal, or even a closed user group, self-hosted XMPP service like Signal to send messages to your kids? This will be banned. (SMS isn’t in the scope, and neither is email, so you can probably still run DeltaChat Relay and let your kids use it.)
Shared to-do list or family shopping list? Forbidden. You must restrict your own children under the age of 16 from your Service. Paper lists are fine, but the more convenient online lists will not be allowed.
Family photo sharing service? Forbidden.
A game with an integrated messaging service? Forbidden. You can play board games at home and talk with your children, but you cannot run a private game server for your children and yourself, and play games over the Internet and chat with them.
Looking at a forum, or a user-generated content resource like Wikipedia? If the Online Safety Act’s definition of “users” includes “mere viewers” (and it might; this issue hasn’t been settled, which is a terrible situation) then it’s probably also prohibited.
You got the gist.
This measure, if passed, would have the effect of Huge Number of online services.
Given that the objective is about “social media”, I suspect the author may not appreciate how broad the scope of the Online Security Act actually is.
Age assurance for all under sixteen years of age means age assurance for all
If this amendment were to be passed, all in-scope services would be required to introduce “highly effective age assurances” to ensure that they are restricted to those under the age of sixteen.
It means assurance of age EveryoneBecause one cannot enforce age assurance Only For children under sixteen years of age.
And, because – as noted above – the scope of in-scope sites is so incredibly broad, it seems likely that this amendment will lead to a “paper, please” approach for many common online services.
This would represent a massive expansion of the scope of online age assurance (Kerching, Age Assurance Industry…), and would be fundamentally disproportionate to so many small operators.
If you thought malicious compliance “cookie banners” were a nuisance, you ain’t seen nothing yet…
The privacy implications of handing over your identity documents, or otherwise proving your age/identity, to so many sites would be staggering.
I really hope this is a non-starter.
But Neil, why not propose an alternative?
I am in no position to propose any alternative, as I do not know the problem it is trying to deal with.
Or, indeed, the underlying causes of the problem.
If there was a clear problem statement, it would be a start.
<a href