January 2025 – July 2025: Focus on children’s safety duties. Ofcom issued guidance on age assurance for pornography and on conducting “children’s access assessments” (to determine if a service is likely accessed by children). By April 2025, services had to assess if their platform is likely used by under-18s. Child protection codes of practice were laid in Parliament in April, and by 24 July 2025, any service deemed likely accessed by kids must have completed a detailed child risk assessment. Summer 2025 marks the point at which the child safety regime is in effect, with requirements like age verification for adult content kicking in.Late 2025 – 2026: Ofcom will publish the register of which services fall into Category 1, 2A, 2B (expected in late 2025) and develop further codes for those additional Category 1 duties. By early 2026, we expect new rules on transparency reports and adult user empowerment tools to become operational for the largest platforms. Enforcement activity will ramp up accordingly as all phases of the Act come into play.
Apparently that time is coming close and we now have an example to look at what implementing the new law looks like in practice: Discord.
We first see how Discord first attempted to follow the Online Safety Act in an article posted on 21 July 2025.
The United Kingdom's Online Safety Act (“OSA”) introduces new responsibilities for online platforms to reduce safety risks and provide age-appropriate experiences for users, especially teens. As this legislation comes into effect, we want to outline the changes that all UK users will see across Discord starting today.While the UK Online Safety Act calls for new requirements specifically for UK users, these changes build on our existing safety architecture and represent our ongoing commitment to age-appropriate experiences worldwide.Starting today, all UK users will experience new default settings designed to create a teen-appropriate experience by default while preserving Discord's community magic. These defaults include automatic content filtering (which is already on for teens everywhere) as well as privacy settings that can help limit exposure to potentially harmful materials and interactions. UK users who wish to access content flagged by our filters or customize certain settings can do so by completing a one-time age verification process to confirm they are 18 or older. Our new privacy-forward age verification experience is required in specific scenarios that meet the OSA’s requirements (more details below), while building on our commitment to fostering genuine connections and a positive online experience.
Apparently U.K. users chose the obvious path to avoidance and the Starmer government initiated a rather unique response.
The first week of implementation for the U.K.'s Online Safety Act (OSA) has been anything but smooth. Upon going into effect on July 25, popular online services ranging from X to Discord and even Spotify, requiring users to show ID before engaging with content on their platforms. Users turned in droves to downloading virtual private network (VPN) apps to avoid the requirements of the law and browse with their privacy intact. It's a very American response to the imposition of the British government's age verification rules, and it led the U.K.'s Secretary for Science and Technology Peter Kyle to suggest on live TV that every time an adult uses a VPN, it leads to the harm of a child online. U.S. advocates of similar digital regulations should take notice of how badly this is going.
I found the claim so extraordinary I decided to post the video below.
Every time you use a VPN
— Callum (@AkkadSecretary) July 29, 2025
A child dies pic.twitter.com/9wfJMPxbnF
Oh, and did I mention the penalties for violating the Online Safety Act?
- Financial penalties – Companies can face fines of up to £18 million or 10% of their annual global turnover, whichever is higher. For the largest tech companies, this could amount to billions of pounds.
- Service restrictions – Ofcom has the power to block access to non-compliant platforms and services in the UK, effectively cutting them off from the British market.
- Criminal liability – In the most serious cases, senior managers and executives may face criminal charges if they repeatedly and willfully fail to comply with the law.
Needless to say, the news that Discord was making the age restriction changes global should have been half-way expected. What apparently came as a surprise was Discord's solution of choice: Persona.
I'm not sure exactly how shocking the choice of Persona truly was. After all, Persona is used for age and user verification by platforms such as Door Dash, OpenAI, Roblox, and Reddit. Instead, what raised eyebrows was the company's connections to noted Trump supporter Peter Thiel.
Thiel is the co-founder of Founders Fund, a venture capital fund founded back in 2005. Following Thiel's disillusionment with social media companies, the Founders Fund turned into "a primary backer of hard tech and defense technology." Founders Fund was a primary contributor to Persona's third and fourth rounds of venture capital funding. I know a lot of people like to make the issue specific to issues of the day. Personally, I think the link to Thiel doing something nefarious is a bit of a stretch. I think the link is made in the hopes of throwing enough mud that some of it sticks and makes Discord change its mind about adding age verification as a requirement to use all of the application's services.
But while the move to make age verification global currently is voluntary, for how much longer will that remain true? Complying with the Online Safety Act will probably also satisfy the age verification requirements in the EU's Digital Services Act (I'll hold off on the digital wallet regulations coming up in the future. In December, Discord extended age verification to users in Australia to head off calls to require the app to be in full compliance with the Social Media Minimum Age requirements.
In the United States on 1 January 2027 Discord will need to comply with California's Digital Age Assurance Act (AB1043). From reading the text I believe Discord putting in age verification at least for California users is prudent. Over 20 U.S. states require some sort of age verification, usually for sites featuring adult content. I'm not sure how many of those laws would apply to an app like Discord.
One only needs to watch and read the storm of criticism Discord is receiving to understand not everyone thinks the company is doing the correct thing. Some, like the Electronic Freedom Foundation, want the company to fight.
Discord reports over 200 million monthly active users, and is one of the largest platforms used by gamers to chat. The video game industry is larger than movies, TV, and music combined, and Discord represents an almost-default option for gamers looking to host communities.Many communities, including open-source projects, sports teams, fandoms, friend groups, and families, use Discord to stay connected. If communities or individuals are wrongly flagged as minors, or asked to complete the age verification process, they may face a difficult choice: submit to facial scans or ID checks, or accept a more restricted “teen” experience. For those who decline to go through the process, the result can mean reduced functionality, limited communication tools, and the chilling effects that follow.Most importantly, Discord did not have to “comply in advance” by requiring age verification for all users, whether or not they live in a jurisdiction that mandates it. Other social media platforms and their trade groups have fought back against more than a dozen age verification laws in the U.S., and Reddit has now taken the legal fight internationally. For a platform with as much market power as Discord, voluntarily imposing age verification is unacceptable.
Two years ago I could have ended the post here. But we are living in interesting times. Online laws and regulations out of Europe are a major source of friction between the current U.S. administration, the European Union, and the United Kingdom. Tensions may have peaked in December with the State Department announcing the banning of 5 Europeans who the U.S. says "[led] efforts to pressure U.S. tech firms to censor or suppress American viewpoints." A December article in The Week expounded on the situation.
The barred Europeans, all of whom have been involved in organizations promoting digital rights and countering disinformation, are “part of a Trump administration campaign against foreign influence over online speech” that focuses on “immigration law rather than platform regulations or sanctions,” said The Associated Press. The move is the “latest in a series of warning shots volleyed by the U.S. at allies” for what the administration has deemed “unfair efforts to regulate American social media and tech giants,” said Politico.European tech regulation, including the EU’s Digital Services Act and the U.K.’s Online Safety Act, has hit MAGA figures hard in two respects, said The Guardian: the “economic interests of Silicon Valley,” as well as their “view of free speech.” Already this month, X owner and onetime Trump administration official Elon Musk faces a $140 million fine for breaching the DSA in one of the “prime examples” of what Republicans in the U.S. view as an “anti-free speech culture on the other side of the Atlantic.” Under President Donald Trump, the “America First foreign policy rejects violations of American sovereignty,” said Rubio in a State Department press release. “Extraterritorial overreach by foreign censors targeting American speech is no exception.”
The mercurial Trump, known for holding grudges, may not let the issues fall away. One of the impacted Europeans is Thierry Breton, a former EU commissioner who was responsible for supervising social media rules. Breton warned Musk of a possible “amplification of harmful content” under the DSA by broadcasting his livestream interview with Trump in August 2024 when he was running for president.
So with the presence of geopolitics in the air, I get to conclude this post with words from a French diplomat.
French Foreign Minister Jean-Noël Barrot said France condemns the visa restrictions on Breton and the four others. Also posting on X, he said the DSA was adopted to ensure that “what is illegal offline is also illegal online.” He said it “has absolutely no extraterritorial reach and in no way concerns the United States.”
I don't believe what Barrot says is true about any online law coming out of the European Union or U.K. Especially if a U.S. tech company takes the path of least resistance and complies with the laws ahead of time.
No comments:
Post a Comment