How the UK Plans to Keep Teens Off Social Media (and What It Means for Adults)

To keep teens off social media, the UK is about to make everyone else prove their age.

On June 15, 2026, UK Prime Minister Keir Starmer announced a plan to bar anyone under 16 from Snapchat, TikTok, YouTube, Instagram, Facebook, and X. (WhatsApp, Signal, and YouTube Kids are exempt.) The penalties run up to £18 million or a tenth of a platform's global revenue. They land on the companies, not the parents. It still has to clear Parliament, which the government wants done before Christmas, with the rules live in early 2027. Australia switched on the same kind of ban in December 2025. Spain, Greece, and Slovenia say they're working on their own. Several US states have tried and mostly lost in court.

There's only one way to check a stranger's age over the internet currently, and every method ends the same: with your face or your ID sitting on someone else's server. The ban is aimed at kids; the age check is on everyone. So how does a website actually prove how old you are?

The age-check ladder

Age verification works as a ladder, and platforms climb only as high as the law forces them.

The bottom rung is inference. The platform guesses your age from what it already knows about you:

• how long you've held the account
• whether there's a card on file
• which servers or groups you belong to
• what you do, and at what hours

Discord says this clears more than 90% of its users with no prompt at all. It feels like nothing happened, which is a selling point. You sail through because the platform is profiling you in the background, and that profile is what vouches for you.

When inference can't make the call, you reach the second rung: a face scan. You record a few seconds of selfie video and an AI estimates your age range from your face. The better versions run entirely on your own device, so the only thing that leaves your phone is a yes-or-no answer, and no image of your face travels anywhere. The on-device version is the privacy-friendly one. The next rung up is where it starts to cost you.

The top rung is the government ID. You photograph your passport or driver's license, sometimes alongside another selfie, and send it to a verification company. That picture, plus your name, birthday, and document number, now lives on a server, even if the policy promises it gets deleted in a few days.

I can tell you what that top rung feels like, because I'm stuck on it right now. When Meta took down Fresh From Cache's Instagram account, getting it back meant climbing this exact ladder. First a photo. Then, when that wasn't enough, a video selfie, turning my head while the app studied my face. Now I'm waiting to learn whether Meta will let me upload a government ID, because the face wasn't enough either. I pay for Meta Verified. I have the blue check. It didn't exempt me. Mine was an account-recovery check rather than an age check, but it runs on the same machinery the UK is about to require. Once a platform decides it needs to confirm who you are, your subscription and your good intentions count for nothing. It wants your face first. Then: papers, please.

Discord already ran the experiment

We don't have to guess how a mandatory version of this lands, because a platform with more than 200 million users tried it in public this year and got mauled.

In February, Discord announced it would drop every account into a teen-safe mode by default unless you proved you were an adult, using the full ladder: inference, then a face scan, then an ID. Users revolted within days. Searches for "Discord alternatives" jumped about 10,000% in 48 hours. A rival voice service, TeamSpeak, said the wave of arrivals overwhelmed its servers.

Two things turned a product rollout into a trust crisis.

The first was the vendor. To run ID checks, Discord tested an outside firm called Persona, which is backed by a venture fund co-founded by Peter Thiel, who also co-founded Palantir, the data company with deep government and immigration-enforcement contracts. There's no evidence Palantir ever touched Discord data, and Persona's CEO flatly denied any link, but the optics alone were enough. When you upload your ID, you aren't only trusting the app on your screen; you're trusting a chain of companies you've never heard of. People did not love what they found when they went looking. Discord ended up dropping Persona, saying it wanted face scans done strictly on-device.

The second was a breach. Four months before the rollout, attackers exposed roughly 70,000 government IDs that Discord users had submitted, and claimed many times more. The leak had nothing to do with the face-scanning AI. The documents spilled from a third-party customer-support contractor handling verification appeals. The breach was attributed to one compromised support login. In almost every breach like this, the front-door locks hold. But somewhere down the chain, a contractor is sitting on a pile of documents, and that pile gets stolen.

Discord backpedaled. Its CTO admitted the company "missed the mark," delayed the global rollout, and promised face scans would stay on-device. But it left the checks running everywhere a law already requires them: the UK, Australia, and now Brazil. A law converts a controversial product choice into a requirement nobody gets to decline.

Does it actually keep kids off?

Australia is the closest thing to real data, and the early results are uncomfortable for both sides.

A few months after Australia's ban took effect, a survey of 12-to-15-year-olds found 61% still had access to at least one banned account. Why? Only about 1 in 20 used a VPN to fake their location. Most kept their accounts for one simple reason: the platforms didn't remove them. The ban worked on paper but fell apart in reality. The failure came down to corporate foot-dragging more than teenage cleverness.

The science behind the urgency isn't quite as alarming as the press conferences suggest. The same week as the UK announcement, researchers told a parliamentary committee there's very little hard proof that social media is rewiring children's brains. One researcher put the measurable effect close to zero. Other scientists, and many grieving parents, point to real harms and to recent court verdicts against Meta. Both of those are true at once. Strong correlations and devastating individual cases are real, and rigorous proof that the apps cause harm across an entire population is thin. A policy this sweeping is being built on worry as much as evidence.

The ban is the least of it

The ban is the least ambitious piece of what the UK is proposing.

The same plan would also:

• restrict AI chatbots that simulate romantic or sexual relationships to adults only, a response to scandals like Elon Musk's Grok generating non-consensual sexual images
• float overnight curfews for under-18s
• force breaks in infinite scroll and autoplay, to interrupt the features designed to keep kids glued
• limit minors using VPNs to slip past the gates

More detail is promised within the month. Strip away the specifics and the direction is clear: governments are moving from "what content is allowed" toward "how the product itself is allowed to behave, and who's allowed to use it." The age check is the gate that makes everything else enforceable.

Could this happen in the US?

Probably not in this exact form, and the First Amendment is why.

US courts keep blocking the state versions of these laws. Florida's under-14 ban is still in litigation. Louisiana's was struck down. The Supreme Court did uphold online age checks in 2025, but only for pornography sites. Legal scholars say that ruling doesn't reach ordinary social media, where the speech is broader and more protected. So a clean UK-style ban is unlikely here any time soon.

The machinery spreads here regardless. App-store age checks, ID prompts on more and more sites, the same face-or-papers gate showing up one platform at a time. We are already hitting it on Reddit, on Roblox, on adult sites in roughly half the states. It arrives by slow adoption rather than by one sweeping law. This makes it easy to miss until it's asking for your ID.

An ID is not a password

Handing a social media site your face might not feel like much. They already know more about you than you'd like: who your friends are, what you read, where you are at eleven at night. One more data point barely moves the needle.

A government ID is different. Your name, your birthday, your document number, your address, all in one upload. That's a starter kit for identity theft. New accounts, loans, even a fake ID built from your real one. When a password leaks, you change it. You can't reissue your face or your date of birth.

It won't stay on social media, either. Adult sites already ask. Gambling sites ask. Anywhere with an age limit, or anywhere that just likes having your details on file, has the same reason to. The privacy people at the EFF put it plainly: within a year, you could have uploaded your ID to half a dozen sites, each one its own vault waiting to be cracked. You only have to be unlucky once.

And once handing over your ID feels normal, a scammer doesn't need to breach anyone. They just put up a page that asks. People send it in, because they think they have to. We spend years teaching people not to type their password into a strange site. This trains the opposite reflex.

Yes, that is a slippery-slope argument. But it is a slope we are already standing on.

What this actually costs you

Every method of "prove your age" is also "prove your identity."

The goal is also sympathetic. Most parents want it, and the platforms have earned their distrust many times over. But the bill for the checkpoint gets paid by every ordinary adult who now has to hand a stranger their face or their license just to read a feed. That data goes to exactly the kind of place that keeps getting breached. Nobody serious disputes that kids deserve protection. The real question is whether routing every adult's identity through a leaky verification chain is the price that actually buys it. Especially when the one country that's tried this watched most kids keep their accounts anyway.

I'll let you know how it turns out for my own account, assuming Meta ever decides I'm me.