Irish online safety regulator promises to prosecute noncompliance on age checks

There has been more noise about the UK’s online safety codes, but Ireland’s new Online Safety Code also comes into effect this month. The incoming law requires platforms hosting pornographic or “extremely violent content” to implement age assurance to prevent children from gaining access to said content. Noncompliance can result in fines of up to €20 million (about US$23.4 million) or 10 percent of annual turnover.

Ireland’s media and online safety regulator, Coimisiún na Meán (CnM), was established in 2023, and is beginning the process of overhauling legislation to align with global principles – notably, Global Digital Compact Objective 3, which aims to foster an “open, safe and secure digital space that respects, protects and promotes human rights.”

In a presentation to the International Governance Forum, Commissioner of Digital Services John Evans says the regulator has “a pretty broad mandate covering online safety, with a particular emphasis on Irish culture.” He also notes how Ireland has “an outsized role in the European setting, because so many of the very large online platforms and the large big tech companies are established in Ireland,” where taxation policy has historically been favorable.

In developing its strategic framework, CnM has identified six areas of emphasis: children, democracy, trust, Irish culture and media, diversity and inclusion, and public safety. The cultural element is a key priority, as are maintaining electoral integrity and democratic processes, and enforcing age verification requirements to protect kids.

Evans “says children’s rights and protection online has become an issue of concern worldwide.”

“In Ireland and within Europe we see this problem as having two dimensions,” he says. “First is a content dimension and second is systems. The legislative instruments that we have are our Digital Services Act, which, we feel, addresses principally the systems aspect, and then our Online Safety Code, which comes from the audiovisual media services directive as part of the transposition of that directive into national law.”

Evans says that, while the DSA is a “content neutral instrument,” the Online Safety Code is clear on the kinds of content that are considered potentially harmful to kids. He quotes from the text: “regulated platforms must preclude the uploading and sharing of content that promotes self harm or suicide, eating and feeding disorders and cyber bullying. They also require the use of age assurance to ensure that children are not normally exposed to videos that contain pornography or depictions of gross gratuitous violence.”

Evans is promising to hold regulated entities to account, and move beyond a self-regulatory model that hasn’t worked. Accordingly, CnM has already ended up in a fight. In June, it issued a statutory Information Notice to X, the social media platform once beloved as Twitter and now run as X by former White House staffer Elon Musk.

The notice from the regulator says “information provided by X so far is not sufficient to assess whether X’s current measures are sufficient to protect children using the service. An Coimisiún is therefore using its statutory powers to seek further information. X is obliged to respond by 22 July 2025. Failure to comply with the Notice by the provider can result in criminal liability, including a fine of up to €500 thousand (~$586 thousand).

The code classifies X as a video-sharing platform service (VSPS), which makes it subject to the  Online Safety Code. Musk’s platform has argued that CnM is guilty of “regulatory overreach,” and says it shouldn’t have to follow the rules.

In regulating Big Tech tenants, Ireland bears the weight of Europe

Evans doesn’t buy it. “The challenges that we face as digital regulators, whether it’s promoting children’s welfare or safeguarding democracy, they’re not isolated issues,” he says. “They’re interconnected challenges that require a coordinated and innovative response that puts fundamental rights at the center.” He says playing host to so many names in Big Tech means Ireland has “quite a heavy responsibility – but also an opportunity.”

“We’re not just regulating for Ireland. In many respects we’re also regulating for European citizens.”

Yoti has a helpful breakdown of what kinds of content the incoming law covers, and what CnM says about specific age assurance methods. They require platforms to use “effective age assurance measures,” and “focus on minimal data collection by not asking users to share more information than necessary.” The guidelines stop there, but Yoti notes the availability of qualifying solutions that make use of facial age estimation, verified age attributes in the Yoti app, and digital ID.

Article Topics

age verification  |  biometric age estimation  |  biometrics  |  children  |  Coimisiún na Meán (CnM)  |  Digital Services Act  |  Ireland  |  Online Safety Code  |  regulation