Meta Faces Up to 6% Global Turnover Fine as European Commission Confirms Instagram and Facebook Breach Digital Services Act on Minors

The European Commission has preliminarily found that Meta’s Instagram and Facebook systematically breach the Digital Services Act by failing to prevent children under 13 from accessing their platforms, with the company now facing potential fines of up to 6% of its global annual turnover. In its most significant enforcement action since activating DSA protections for minors, the Commission on 29 April 2026 concluded that Meta’s age verification mechanisms are ineffective, allowing roughly 10-12% of EU children under 13 to maintain active accounts despite the platforms’ own terms of service setting the minimum age at 13. The preliminary finding marks the third major regulatory action against Meta in 18 months and reflects an accelerating enforcement pattern that is reshaping the operational landscape for Europe’s largest social media platforms.

Age Verification Failures and Systemic Vulnerabilities

At the heart of the Commission’s case lies a deceptively simple vulnerability: when users create accounts on Instagram and Facebook, those under 13 can enter false dates of birth with no meaningful verification. The Commission’s investigation found that Meta’s self-declaration mechanism contains no effective safeguards to prevent minors from misrepresenting their age, a fundamental gap in platform architecture that regulators argue should have been addressed years ago.

The reporting mechanisms available to users who encounter underage accounts are equally deficient. The Commission documented that the tool for flagging suspected minor users requires up to seven clicks to access, is not pre-filled with user information, and frequently generates no follow-up action—effectively allowing reported underage users to continue accessing the service without interruption. These procedural barriers transform what should be a straightforward child protection function into an opaque and ineffectual process.

Meta’s Risk Assessment Found Inadequate Under 2025 DSA Guidelines

The Commission concluded that Meta’s risk assessment methodology fundamentally fails to identify, assess and mitigate the risks posed by minors under 13 accessing Instagram and Facebook. According to the preliminary findings, Meta “disregarded readily available scientific evidence” indicating that younger children face greater harm from these services—a framing that suggests not technical incapacity but institutional indifference to available child protection research.

The 2025 DSA Guidelines on the protection of minors now establish the regulatory benchmark, requiring that age estimation and verification methods be “accurate, reliable, robust, non-intrusive and non-discriminatory.” Meta’s current approach fails across multiple dimensions of this framework. The Commission has simultaneously developed a blueprint for an EU age verification application as a reference model, demonstrating that compliant solutions are technically feasible and available for platforms to implement.

10-12% of Under-13s Currently Using Meta Platforms in EU

The Commission’s assessment indicates that approximately one in ten children under 13 currently hold active accounts on Instagram and Facebook across the EU—a figure that “contradicts Meta’s internal assessments.” This prevalence data challenges Meta’s longstanding position that its platform restrictions are adequate and enforcement is effective, presenting instead a picture of systematic non-compliance with the company’s own age policies.

Independent evidence from across member states corroborates the Commission’s findings. The scale of underage user penetration suggests not isolated failures but institutional design choices that prioritize user growth over age enforcement, allowing Meta to benefit from increased engagement metrics even as minors access services from which they are contractually excluded.

Meta Responds and Third Major Enforcement Action in 18 Months

Meta has rejected the Commission’s findings, claiming the company already implements measures to detect and remove underage accounts. The company now has the right to examine the full investigation file and submit a written response to the preliminary findings. The European Board for Digital Services will be consulted in parallel before the Commission issues a final decision.

This action represents the third major EU enforcement operation against Meta in rapid succession: an April 2025 fine under the Digital Markets Act, an October 2025 DSA transparency finding, and now this preliminary breach determination on minors. In December 2025, the Commission issued its first DSA non-compliance fine against X (formerly Twitter) at €120 million, establishing concrete precedent for enforcement escalation. The pattern reflects systematic Commission case-building since 2024, with enforcement accelerating particularly on minor protection and platform transparency.

Compounding Regulatory Pressure: EU and US Proceedings in Parallel

Meta faces compounding operational pressure from simultaneous regulatory action across continents. The company is currently considering shutting down Facebook, Instagram, and WhatsApp services in New Mexico following a landmark ruling that found Meta liable for misleading users over child safety. This transatlantic enforcement convergence creates structural risks for Meta’s business model and investor confidence.

Timeline to Final Decision and Implications for Digital Ecosystem

The preliminary finding is not yet a final decision. Following Meta’s written response and consultation with the European Board for Digital Services, the Commission will determine whether to issue a final ruling and impose the threatened fine of up to 6% of global annual turnover. For digital advertisers and content creators dependent on Meta platforms, the regulatory uncertainty represents a structural business risk. While no concrete platform changes are expected in the short term through August 2026, significant structural alternatives may require planning if the Commission issues a final adverse decision in Q3.

The case underscores a broader DSA enforcement momentum. In the same week Meta faced preliminary findings, TikTok published its sixth DSA transparency report covering the second half of 2025, documenting 178 million EU users and 112 million removed items—a juxtaposition that highlights divergent platform approaches to regulatory compliance. The Commission’s escalating enforcement pattern suggests that European platform regulation is moving from framework-building to systematic implementation.