Meta preliminarily found in breach of the DSA over addictive design
5Rights welcomes the European Commission’s preliminary findings that Meta may be in breach of the Digital Services Act (DSA) due to the addictive design of Instagram and Facebook.

5Rights welcomes the European Commission’s preliminary findings that Meta may be in breach of the Digital Services Act (DSA) due to the addictive design of Instagram and Facebook.
These preliminary findings are the latest development in the European Commission’s broader DSA investigation into Meta, launched in May 2024. That investigation examines a range of risks to children, including the promotion of harmful content through engagement-driven systems and concerns about ineffective age assurance.
Today’s findings specifically address the role of addictive design in amplifying those risks, focusing on design features including infinite scrolling, autoplay, push notifications and highly personalised recommender systems that can encourage excessive use by children and young people.
The Commission’s conclusions are consistent with evidence gathered by 5Rights through its research on persuasive and manipulative design, and notably its recent case study examining Instagram’s Teen Accounts. Our testing found that, despite the introduction of some new safety features, many of the core engagement-driven design elements remained unchanged.
During the study, teenage test accounts continued to encounter persistent notifications, autoplay, infinite scrolling, and repeated prompts to engage with recommended content. While screen time reminders were present, they did not meaningfully alter the underlying design features that drive prolonged use.
The case study also raised concerns about the effectiveness of Meta’s age assurance measures and the opacity of its recommendation systems, echoing issues already under examination by the European Commission.
The findings reinforce a growing body of evidence showing that time-management and parental controls tools are unfair and ineffective to address addictive design. Such measures place responsibility on children and guardians to manage risks that are embedded in the design of the service itself. If many parents support these tools in theory, evidence shows that only a small fraction actually use them. Protection must be built into products by default, rather than relying on individual users to navigate complex settings and safeguards.
The European Union has powerful regulatory tools to hold platforms accountable for the risks their products create. Effective enforcement of the Digital Services Act is essential if children’s rights are to be meaningfully protected online.
However, enforcement alone is not enough. To truly protect children, services likely to be accessed by minors must adopt a safety-by-design approach from the outset. Digital products should be designed to be age-appropriate and safe before they reach children, rather than relying on remedial measures introduced after harms have emerged. This principle should be supported through stronger ex-ante requirements, including the pre-certification of products and services accessible to children.
Leanda Barrington-Leach, Executive Director of at 5Rights Foundation said,
“Young people deserve digital services that are safe by design, not with half-measures bolted on afterwards. There is now a substantial body of evidence – including from 5Rights and from Meta’s own leaked documents – which shows that tools requiring children and parents to manage digital use cannot compete with products that are deliberately designed to maximise engagement.
“The encouraging news is that millions of ordinary Europeans want greater transparency and stronger protections. Effective enforcement of existing laws reinforced by new regulations can shift incentives away from attention at any cost and towards products that are pre-certified to be safe before they reach children.”
