Over the past year, the protection of minors online has become a central regulatory dilemma across liberal democracies. From Australia’s landmark ban on social media for under-16s to ongoing legislative debates in Spain, France, Denmark and the United Kingdom, governments are increasingly asking whether age-based prohibitions are the only viable response to mounting evidence of harm. Within the European Union, this turn toward national bans represents a shift in perspective compared to existing regulations, and reveals a deeper tension. The EU has built its child protection architecture not around age-based prohibitions, but around the risk-based logic of the Digital Services Act (DSA). The Commission’s recent Guidelines on the protection of minors have further clarified expectations around child rights impact assessments, proportionate age assurance, data minimisation, privacy by default, and the avoidance of dark patterns. At the same time, growing calls for stricter age verification potentially relying on biometric technologies raise complex questions about proportionality, fundamental rights, and the long-term implications of embedding identity checks at the level of platform access. The fact that Member States are now reaching for outright bans raises an uncomfortable question: is the DSA's framework ambitious enough, or are national governments effectively signalling that risk-based regulation, as currently implemented, is failing to protect minors?

Meanwhile, in the United States, a landmark trial against Meta and YouTube is for the first time asking a jury to weigh platform liability for the mental health harms suffered by young users—the first of hundreds of similar cases to go to trial. As a recent report highlighted, these two processes represent a critical opportunity: While the Digital Services Act requires platforms to identify and mitigate systemic risks, early risk assessments remain largely descriptive; by contrast, US litigation—though reactive and case-specific—is bringing to light internal data, metrics, and experimental evidence that could inform a more rigorous, outcome-oriented approach to risk mitigation. This workshop therefore takes place at a pivotal moment, as the EU seeks to refine its risk-based logic into more granular and effective mitigation practices, turning the protection of minors into a benchmark for the success of the Digital Services Act.

The discussion will be structured in two sessions. The first session will examine the current evidence and policy approaches to the protection of minors on social media, with particular attention to platform design, engagement-driven features, algorithmic recommendation systems, and patterns of exposure to harmful content. A central objective will be to assess the gap between platform self-reporting and independent empirical evidence, and to explore the implications of this gap for the enforcement of the DSA. The second session will turn to the enforcement architecture at both EU and national levels. It will analyse the role of Digital Services Coordinators, the European Board for Digital Services, and national regulators, focusing on how existing institutional mechanisms can address the limitations and challenges identified in the first session.