Australia is set to double the maximum penalty for social media platforms that violate its controversial ban on under-16s using certain services, a move that has drawn explicit backing from the UK government. The escalation reflects a growing international appetite for aggressive tech regulation, but raises fundamental questions about enforcement, privacy, and the unintended consequences of legislative armoury.
Under proposed amendments to Australia's Online Safety Act, the maximum fine for failing to comply with the age-restriction ban would rise from 50 million Australian dollars to 100 million. The ban, introduced late last year, prohibits children under 16 from accessing platforms including TikTok, Instagram, and Snapchat, and requires companies to take 'reasonable steps' to prevent access. Critics have pointed out that the law is vague on what constitutes reasonable, potentially pushing platforms towards invasive age-verification technologies such as biometric scanning or digital ID checks.
The UK government has expressed strong support for Australia's approach. A spokesperson for the Department for Science, Innovation and Technology said: 'We welcome Australia's leadership in holding social media companies accountable. The UK's own Online Safety Act provides robust tools to protect children, and we are always learning from international partners.' That endorsement signals a possible hardening of the UK's stance as it begins to enforce its own regime, which includes a new duty of care for platforms and the threat of significant fines.
From a purely regulatory perspective, this feels like a natural escalation. The initial penalties were designed to be eye-watering, but if companies treat them as a cost of doing business, the logic goes that you need to raise the stakes. However, I worry we are sleepwalking into a technological panopticon. The requirement to 'reasonably' prevent access sounds benign, but in practice it forces platforms to either guess ages based on dubious behavioural analysis or demand government-issued identification. Neither is good for privacy. We may end up with a system where a child's online activities are tracked from birth, creating a permanent surveillance scaffold that follows them into adulthood.
There is also the question of effectiveness. Younger users are adept at circumventing restrictions, often with the help of older siblings or by using emulators and VPNs. A year on from Australia's initial ban, early data suggests that while platform sign-ups by under-16s have dropped, many children are simply migrating to less regulated platforms or accessing services through accounts registered to parents. The penalty increase may make for a powerful headline, but without a clear enforcement mechanism it risks being performative.
What is more interesting is the geopolitical signalling. The UK's vocal support aligns with a broader trend of Western democracies adopting similar stances. France and Germany have introduced their own age-verification requirements, and the European Union's Digital Services Act includes obligations to assess systemic risks to minors. These efforts are often described in the language of child protection, but they also represent a struggle for digital sovereignty. Governments are tired of having their social policies dictated by Silicon Valley's product decisions.
We must also consider the user experience of society. The Australia model creates a two-tier internet: one for adults and one for children, with the dividing line drawn at 16. Yet adolescence is a spectrum, not a binary switch. A 15-year-old is not the same as a 5-year-old, yet both are subject to the same blanket ban. This infantilises teenagers and ignores the rich educational and social benefits of online communities for young people. The risk is that in our haste to protect, we design a system that is more restrictive than it needs to be.
Looking ahead, the doubling of penalties in Australia is likely to be the first of many such ratchets. As failing to comply becomes prohibitively expensive, platforms will face intense pressure to deploy age-verification tools that are cheap and scalable, even if they are invasive. The UK's endorsement suggests it may follow suit with its own penalty hikes. But there is another path: instead of focusing on bans, regulators could mandate transparency in algorithmic recommendations, require safety-by-design in product development, and invest in digital literacy. That would be harder to measure, but perhaps more effective in the long run.
For now, the message is clear: governments are done with self-regulation. But the code they are writing comes with its own bugs, and we will all have to live with them.
