UK rejects VPN restrictions, demands platforms police underage users
The UK has abandoned plans to restrict VPNs after government research showed they are rarely used to bypass age checks, shifting the enforcement burden directly onto social media platforms.
The UK government will not restrict virtual private networks, opting instead to force social media companies to shoulder the responsibility for keeping minors off adult platforms. Online Safety Minister Kanishka Narayan confirmed the reversal on the BBC. “We decided not to limit VPNs,” he said.
The announcement arrived alongside a new midnight social-media curfew for 16 and 17-year-olds. Technology Secretary Liz Kendall justified the VPN exemption in a written statement, noting the tools have “legitimate privacy and security uses.”
Internal government research heavily influenced the shift. A study of more than 2,000 children found that while about a quarter of 11 to 17-year-olds have used a VPN, only around 7% did so to access age-restricted content. The data revealed that nearly half of children who bypass age checks simply enter a false date of birth, making the VPN a secondary problem.
For tech companies operating in Europe, the decision transforms a potential infrastructure headache into a direct and costly compliance mandate. Rather than banning the workaround tools, the government now expects platforms to take “robust steps” to independently spot and block minors using VPNs to evade age gates. This pushes the technical and financial burden of age verification squarely onto the private sector.
The regulatory timeline is now set. Ofcom must report by October to define exactly what constitutes a robust over-16 age check. Separately, Ofcom and the data regulator are studying how platforms can better detect VPN traffic. Meanwhile, ministers are pursuing voluntary agreements with VPN providers and say they will “keep this area under close review.”
Digital-rights groups claimed a clear victory. A coalition of more than 20 tech firms and campaigners, including Proton and Mozilla, had lobbied against restrictions. Mozilla had warned that age-gating VPNs would create a cybersecurity mess while failing to protect children.
Critics note the broader strategy remains flawed because the new curfew and feature limits can be manually switched off by users. One analyst described the government's approach as “leaving the side door open.” Still, the UK’s reliance on internal evidence over a blanket tool ban distinguishes it from other global regulators navigating the same issues. Australia’s teen social-media ban has been heavily dogged by VPN workarounds, New Zealand recently abandoned its own proposed limits entirely, and US courts are currently battling over who controls the internet’s age gates.