UK Government Abandons VPN Restrictions for Age-Gating Amid New Digital Safety Measures
The UK government has officially abandoned plans to restrict Facebook and VPN software in its broader social media safety overhaul, marking a significant policy reversal that preserves digital privacy tools while introducing new protective measures. The change follows widespread criticism from cybersecurity experts warning that mandatory age verification systems could force VPNs to implement invasive data collection mechanisms.
Social media curfews and algorithmic controls represent novel components of the updated strategy. They will take effect starting early 2027 with the phased implementation of the UK’s social media age ban. Minister Kanishka Narayan emphasized the reconsideration was necessary to balance safety with practical privacy protections.
Tech Secretary Liz Kendall explicitly ruled out VPN limitations in a parliamentary statement. She stated that eliminating many privacy-focused digital tools was essential due to their various lawful purposes.
“VPNs offer legitimate security and privacy protections for everyday users,” said Technology Secretary Liz Kendall. “Our focus remains on addressing actual harms rather than imposing restrictions on tools that serve valid societal functions.”
This marks a substantial policy reversal from earlier drafts of the Online Safety Act, which had proposed mandatory age-gating systems for VPNs. Internet freedom groups welcomed the shift, noting that requiring VPNs to verify ages would compel users to surrender sensitive personal data or abandon privacy protections entirely.
The policy change emerged after government-commissioned research showed only 7-10% of teenagers use VPNs specifically to circumvent social media age checks. The cabinet identified supposed widespread age rule violations, with most teenagers simply entering false birthdates rather than utilizing VPNs. However, the algorithmic adjustments now shift responsibility to platforms rather than privacy tools.
Parliamentary documentation confirms the new direction: “This government recognizes VPNs have lawful uses and will not impose age verification requirements. Platforms themselves must implement stronger age assurance systems.” The updated white paper explicitly states that VPNs will remain unregulated as part of any social media safety framework.
The redesigned approach includes new responsibilities for content moderation systems like the UK’s ICO and communications regulators Ofcom. They must present age-verification technical solutions before October 2026. The government has also announced voluntary engagement with major VPN providers to assess potential effectiveness measures.
Privacy advocates remain cautious about the shifted focus. While appreciating the VPN protection, they point out that effective platform-level age verification still requires careful implementation to avoid overblocking or excessive data collection. The effects to tech companies like Meta and Google regarding the new rules will be significant.
Concurrently with the privacy protections, the government is intensifying targeted interventions for older teens. The withdrawal of proposals is complemented by introducing social media curfews for under-18s and limiting addictive algorithmic features. Mandatory break requirements will apply to under-18s using ChatGPT and the like.
The emerging regulatory pressure on social platforms coincides with government investigations into content moderation effectiveness. As part of continued reforms, online safety education programs and a digital literacy taskforce are planned for 2027 deployment nationwide.

