Brazil takes bold stance with wide-reaching online safety law

If the 2026 Global Age Assurance Standards Summit had to name a headlining nation, the title might go to Brazil. The speed and scope of its online safety program came up in many discussions, as an admirable bit of efficiency, and also an experiment on a scale that dwarfs what has occurred in Australia.

With around 213.5 million people, Brazil accounts for about 2.6 percent of the global population. It is also the fifth largest in total area (one place above Australia). Regulating anything across a country of that size and scale is a tall order.

Brazil’s lawmakers, however, are undaunted. Since the online safety law was signed in September 2025, the country’s National Data Protection Agency (ANPD) has published its Technology Radar on age assurance mechanisms; the Ministry of Justice has conducted a public consultation and held more than 100 meetings with the private sector, civil society and government, and the ECA Digital Statute for Children and Adolescents (Digital ECA) has come into effect.

According to a government release, requirements under the law include “robust age verification systems,” restrictions on addictive design, and new obligations for companies to prevent digital crime. Age verification must be carried out by app stores and operating systems at account creation, and sites and services that pose a higher risk, such as porn sites and social media companies that allow prohibited content or advertising of prohibited products, also must adopt age verification mechanisms on the platform level.

President Luiz Inácio Lula da Silva calls it “one of the most advanced laws in the world for the protection of children and adolescents in the digital environment,” intended to “give Brazilian families peace of mind.”

Prohibited category content requires age assurance  

In a keynote at the 2026 GAASS, Ricardo Horta, director of digital safety and risk prevention at the Ministry of Justice, broke down how Brazil’s scheme defines and classifies risk. He also made a point of mentioning that Brazil’s attendance at the 2025 summit was instrumental in developing the legislation.

Brazil’s scheme labels content as Inappropriate, Prohibited or Illegal. Inappropriate content must have an age rating, parental supervision mechanisms and security by default and by design. Prohibited content must have an “effective impediment to access,” such as age verification. The scheme imposes removal obligations on Illegal content, which includes child sexual abuse and exploitation material, incitement to suicide, hate speech, terrorism, violence against women and more.

The idea, Horta says, is that protection should be proportional to risk. A list of “Principles for the Adoption of Age Assurance Mechanisms” lists proportionality, accuracy, data minimization, protecting user privacy, data security and auditability, among others.

Though it has moved quickly to put its laws into effect, Brazil still has work ahead of it. Phase II of its rollout is pegged for August 2026, with the publication of formal guidelines and regulatory parameters on age assurance mechanisms. Late 2026 will be an adaptation period. From January 2027, enforcement will begin.

Some have understandable doubts about the realistic potential to enforce rigorous online safety laws across such a huge swath of people and industries. What’s for certain is that, whether Brazil’s law fails or succeeds, it will do so in a big way.

Article Topics

Age Assurance Standards Summit (2026)  |  age verification  |  ANPD  |  Brazil  |  children  |  data protection  |  Digital ECA