The UK government has unveiled plans to limit children's use of virtual private networks (VPNs) as part of a broader push to tighten online safety rules and curb underage access to social media.
The move, announced by Prime Minister Keir Starmer, would introduce new powers to enforce minimum age limits and prevent minors from bypassing platform restrictions through privacy tools.
Starmer said ministers would seek parliamentary approval for expanded authority under the Children’s Wellbeing and Schools Bill. Among the measures under consideration are a statutory minimum age for social media, restrictions on “addictive” features such as autoplay and infinite scroll, and limits on VPN access for under-16s to stop them circumventing age checks.
The announcement builds on the UK’s existing Online Safety Act (OSA), which already mandates age verification for adult content platforms and imposes duties of care on online services. The government also plans to amend the Crime and Policing Bill to ensure AI chatbot providers fall clearly within regulatory scope, following recent controversies involving generative AI systems and non-consensual image creation.
While the prime minister framed the VPN restrictions as a child protection measure, the proposal has raised significant technical and legal questions. VPNs are widely used tools that encrypt internet traffic and mask users’ IP addresses, enhancing privacy and security. They are recommended by the UK’s National Cyber Security Centre (NCSC) to improve online safety, particularly on public Wi-Fi networks. Industry groups warn that enforcing age limits on VPN use would likely require identity or age verification before granting access.
Mandatory age checks for VPN services could undermine their core privacy benefits, as such systems would either require users to upload identity documents or rely on third-party age estimation technologies, which can expose sensitive data.
Assuming that UK businesses are granted exemptions, the government would need to determine which entities qualify. Small or newly formed companies that rely on VPNs for secure remote access could face additional bureaucracy or compliance costs. It remains unclear whether employees need to verify their age to access the corporate VPN infrastructure.
VPN provider Mullvad criticized the proposal more bluntly. In a public statement, the company argued that so-called “age verification” would effectively amount to identity verification for all users. “A law like this would require everyone to identify themselves in order to use a VPN,” Mullvad said, warning that such measures could endanger whistleblowers, journalists, and others who rely on anonymity for safety.
VPNs are also frequently used by vulnerable individuals, including victims of domestic abuse, to access support resources discreetly. Mandatory identity checks could deter such users from seeking help, particularly if they require uploading government-issued identification or undergoing facial age estimation.
The government is expected to publish detailed proposals addressing all those questions and concerns next month.
For now, businesses and individuals in the UK that rely on VPNs should closely monitor the upcoming consultation and consider engaging in the public consultation process before the legislation is finalized.
Hi Alex,
Wouldn’t be as simple to bi-pass the verifications by opening a Brave Tor window?
My home ip is somewhere in Australia, my VPN is out of Sydney and my Brave TOR window has me out of Copenhagen. (I have a use case for Tor so don’t use it much)
Forgetting the VPN, couldn’t anyone in the UK just open a Brave Tor Window and sign up to a VPN in another jurisdiction?
The reason I was visiting CyberInsider was to see if there was a review on Bluesky Social and I don’t see one.
I notice that the CI contact page includes Bluesky Social which I take as an implicit support.
Have you considered doing a review?
Hi BoBeX, we previously were posting on Bluesky, but it seems to be a declining platform and we not just focus on X, LinkedIn, and Facebook.
Hi Alex,
I am hearing about bsky.app (I am social media illiterate)
I have only created a test account.
I think the user base will only grow, but that is a societal view.
I listened to an interview with the CEO of Bluesky and she is very charismatic;
I really like her philosophy and her ambitions.
She was very open about the limitations of the team at Bluesky.
I said back to the friend , ‘completely public’, ‘very, very public’;
He said, ‘yes it is all public’, and I wondered about him, do know what you are talking about?