This post was written by EFA Vice Chair Julian Watchorn.
The lessons emerging from AI governance debates are directly relevant to online safety, where reliance on voluntary compliance and identity-based controls threatens privacy and rights while leaving harmful platform design largely unregulated.
Much of the current debate about children’s online safety has narrowed to age verification and age-based bans. While age limits have a place, they risk diverting attention from the underlying problem. The central issue isn’t simply that young people are online. It’s how platforms are designed.
There are real and serious risks from bad actors online, including grooming and exploitation. Those risks deserve strong, targeted responses. But they are not the only risk children face in digital environments.
Modern social media platforms are built around engagement algorithms, recommendation and ranking systems that optimise for time on platform, interactions, and behavioural feedback. These systems are not neutral. They shape what users see, how long they stay, and which content is repeatedly pushed to them.
Engagement-driven systems can amplify harmful content, escalate emotional intensity, encourage compulsive use, and expose children to material that undermines wellbeing and development. These harms are not accidental. They are foreseeable consequences of systems optimised for growth and retention.
Framing the problem primarily as one of age verification risks focusing on symptoms rather than causes. It can also lead to blunt identity-based enforcement mechanisms that create new privacy and cybersecurity risks for children and families.
EFA Chair, John Pane, recently told a government inquiry, “an incremental measure of safety must not be purchased at the cost of the fundamental privacy, anonymity and freedom of expression for an entire generation.” Pane further warned that the proposed approach trades content risks for a far greater systemic risk, namely, mass identity data collection that enriches big tech and significantly increases cyber risk. These warnings underscore the need to look beyond identity-based enforcement and instead focus on regulating the system itself.
This is why policy approaches that focus on platform duties rather than user identity are gaining attention. The United States’ Kids Online Safety Act (KOSA), for example, proposes a duty-of-care model requiring platforms to identify foreseeable risks to minors, mitigate those risks through safer defaults and design choices, and demonstrate compliance through documented risk assessments. More than 400 civil society, parent, civil rights, faith, education, and health organisations have publicly urged the US Congress to pass the Kids Online Safety Act, arguing that it is necessary to address systemic design harms to children onlin).
In practical terms, this shifts responsibility to where it belongs: on companies that design, deploy, and profit from these systems.
Australia already has a regulatory framework capable of supporting this approach. Australian Consumer Law recognises that products and services must not cause foreseeable harm. When platform design predictably undermines children’s safety or wellbeing, that is a consumer protection issue as much as a content moderation one. This would not replace the role of the eSafety Commissioner but complement it. The Australian Competition and Consumer Commission (ACCC) is well-placed to assess systemic design practices, misleading safety claims, and failures to mitigate known risks embedded in platform architecture.
Australia has seen similar dynamics in other sectors, where voluntary compliance was prioritised over enforceable standards. EFA has raised concerns that the government’s “opportunity-first” AI and digital policy settings risk repeating this pattern by relying too heavily on industry self-regulation.
The bottom line is simple: protecting children online requires regulating the systems that shape their digital environments, not expanding surveillance of children themselves. If we want safer outcomes, responsibility must sit with those who design the platforms, not with the young people navigating them.
Image credit: Unsplash