Regulation is making digital spaces safer for children, but tech giants’ responses still fall short without strong enforcement
A new report from the Digital Futures for Children centre has found that legislation is having an important impact in driving new norms that benefit children, but that weak enforcement has incentivised poor practice by incumbent tech giants.
Conducted by 5Rights Foundation and London School of Economics through the Digital Futures for Children research centre (DFC), the research analysed changes made by 70 platforms used by children between 2024 and 2026, the period which saw the UK’s Online Safety Act and Digital Services Act come into effect, and the publication by Ofcom and the European Commission of detailed guidelines focused on children. It provided a comparative analysis of measures taken by Meta, Google, TikTok and Snapchat, and further analysed a broad range of services, including social media, gaming and AI.
Comparative analysis with the period 2017 to 2024 shows that the dominant large platforms have pulled back from adding new “by default” safety and privacy protections – the most significant area of change before 2024 – in favour of optional add-on tools, such as parental controls and manual privacy settings. These shift responsibility to users, while leaving default practices that are high risk for children but high profit for companies untouched.
In contrast, a broad range of other social media, video streaming, gaming and AI services are showing the opposite trend with built-in by default protections remaining the predominant form of change, notably with the widespread uptake of age assurance, which is critical to underpin age appropriate design.
On the whole however, the evidence in the report indicates that children’s safety has not yet significantly improved, as the rate of change in the design and governance of platforms has not kept pace with the evidence about risks to children’s privacy and safety in the digital environment, or the rise of AI.
The study further revealed a systematic lack of transparency, independent testing and auditing, as well as patchy and incomplete protections for children using AI chatbots.
In response to the findings, the DFC has put forward 21 recommendations with a focus on making safety by design and default the standard across the full range of platforms. Their proposals include mandatory risk assessments, third-party certification, ongoing testing and independent audits, as well as bringing AI into the scope of child safety laws.
Leanda Barrington-Leach, Executive Director at 5Rights Foundation said,
“This report shows once again the critical importance of holding tech companies accountable for making their services safe by design and default. The law is driving awareness and new norms, which is really positive, but we also see that it has limited impact without robust enforcement. Tech companies must no longer be able to pick and choose which bits of the law they implement, to use children as guinea pigs for untested and risky products, cause harm and then evade accountability by placing the burden on children and families.”
Steve Wood, author of the report, said,
“We are at a pivotal moment for children’s online safety. While regulation has driven some important changes, it is not yet delivering the level of impact needed to address the scale of risks children face online.
“There is a clear need for stronger enforcement, greater transparency, and a renewed focus on safety by design—rather than relying on tools that shift responsibility onto children and parents.”
