Australia is moving to toughen its under-16 social media law with higher penalties and stronger evidence-gathering powers, turning a world-first age restriction into a more direct compliance test for the platforms that run the feeds.
The Albanese government announced on June 28 that it will seek legislation to double the maximum penalty for systematic breaches of the social media minimum age law from A$49.5 million to A$99 million. The same package would give the eSafety Commissioner broader authority to demand information and documents from social media companies and, importantly, from third parties such as age-assurance vendors and app-store providers.
The timing matters. Australia’s minimum-age rules started on December 10, 2025, requiring designated platforms to take reasonable steps to stop Australians under 16 from holding accounts. Six months later, the government says more than 5 million under-16 accounts have been removed, deactivated, or restricted, but it also says too many young users remain active. eSafety is investigating possible non-compliance involving Facebook, Instagram, Snapchat, TikTok, and YouTube.
The New Demand Is Evidence, Not Just Account Takedowns
The proposed change would push platforms beyond periodic progress claims. Under the plan, the eSafety Commissioner could compel companies to show what they have actually done to prevent under-16s from creating or keeping accounts. That could include internal compliance records, age-checking performance data, information about how platforms detect repeat sign-ups, and documentation from third-party vendors involved in age assurance or app distribution.
That distinction is important because Australia’s law does not punish children or parents for access. eSafety describes the measure as a delay to having social media accounts, with penalties aimed at age-restricted platforms that fail to take reasonable steps. The law applies to services whose purpose includes online social interaction, user-to-user linking or interaction, user posting, and recommender or logged-in features, while online gaming and standalone messaging apps are among excluded service types.
That makes the enforcement question technical as much as legal. Platforms need to identify users likely to be under 16, decide when to ask for stronger checks, handle appeals and mistakes, stop obvious re-registration loops, and avoid pushing unnecessary identity or biometric collection onto users who should not need it. The government’s new focus on third parties suggests regulators also want to test whether vendors and app-store controls can validate platform claims rather than leaving compliance as a black box.
Why Australia Is Escalating Now
The government’s case is that voluntary platform updates have not moved fast enough. Communications Minister Anika Wells said in a June 29 Parliament House doorstop that the first phase has shown two places to strengthen the law: larger fines and more power for eSafety to obtain evidence.
Independent research has also complicated the policy story. A University of Newcastle study published in The BMJ examined survey responses from 408 Australian adolescents aged 12 to 17 before the restrictions took effect and again three months later. The researchers found little early evidence that the law had reduced under-16 social media use, while warning that current age-verification checks were inadequate and frequently bypassed.
The details point to the enforcement gap. The Guardian reported, citing the BMJ study, that only 5% of 12- to 13-year-olds and 11% of 14- to 15-year-olds surveyed had been asked to provide a photo of official ID, even though many teenagers had encountered some form of age check. Some teens reported using fake accounts, and a smaller share reported using VPNs.
Those figures do not prove the law can never work. They do show why an account-count headline is not enough. A platform can remove millions of accounts and still leave enough weak points for adolescents to return through age self-declaration, shared accounts, repeat sign-ups, location workarounds, or inconsistent checks across devices and app stores.
What Platforms May Have To Prove
The next phase is likely to revolve around evidence of system design. Regulators will want to know which signals platforms use, how often checks are triggered, how vendors verify age without over-collecting sensitive data, and how companies measure false positives and false negatives. A system that blocks underage users but wrongly locks out adults creates a different trust problem. A system that preserves privacy but relies mostly on self-declared birthdays may fail the law’s central purpose.
Age assurance is not a single technology. It can involve age estimation from a face scan, document checks, payment-card signals, mobile-account or app-store signals, parental approval flows, behavioral inference, device-level controls, and account-history analysis. Each method has tradeoffs. Stronger identity checks may be harder to bypass but increase privacy, security, and exclusion risks. Softer checks may protect anonymity but do less to stop determined teenagers.
That is why third-party information powers could be consequential. If eSafety can request documents from age-assurance providers or app-store operators, platforms may have to substantiate how their systems actually perform across enrollment, daily use, account recovery, and repeated attempts to rejoin. The compliance burden shifts from “we removed accounts” to “we can show how the control works.”
A Global Test Case For Platform Regulation
Australia’s enforcement push is being watched well beyond Australia. Governments in Europe and Asia are weighing or advancing age-based social media rules, while the United Kingdom has been studying Australia’s approach as it prepares tougher online safety measures. The practical lesson so far is that minimum-age laws are only as strong as the compliance machinery around them.
For platforms, that machinery will be expensive and politically sensitive. Facebook, Instagram, TikTok, Snapchat, YouTube, Reddit, Twitch, X, and similar services do not operate as simple websites with one front door. They are cross-device, algorithmic, identity-light services built for low-friction sign-up and engagement. A serious under-16 restriction cuts against the growth logic of those products and forces companies to build new verification, logging, audit, and appeals systems into the account layer.
For users, the stakes are not limited to whether teenagers can open an account. The systems built for age enforcement may shape how much identity proof people need to use the internet, how platforms handle sensitive data, whether app stores become gatekeepers for age signals, and how regulators audit recommender-driven services without getting full visibility into their ranking systems.
Australia’s latest proposal does not settle those questions. It does make one thing clearer: the next fight over youth social media rules will be less about announcing bans and more about proving, with inspectable systems and records, that platforms can enforce them without creating a new set of privacy and access problems.
