EU DSA Targets Meta and TikTok Infinite Scroll, Autoplay and Teen Access

Brussels is escalating its campaign against engagement-driven social media design, placing Meta and TikTok under pressure to rework features such as infinite scrolling, autoplay, push notifications and highly personalized recommendations. The move comes as European Commission President Ursula von der Leyen prepares proposals for age-appropriate social media restrictions following an expert report delivered on July 13, 2026.
The regulatory push affects Instagram, Facebook and TikTok, but its consequences could reach much further. The Commission-backed panel used the broader category social media+ to encompass other digital services with comparable engagement mechanics, potentially including video games, messaging platforms and AI chatbots.
As detailed by the European Commission and reported by the Associated Press, the policy is developing along two connected tracks. Regulators are using the existing Digital Services Act to challenge allegedly addictive product design, while Brussels prepares a wider framework governing when and how children may access online platforms.

Digital privacy and online safety illustrated with EU institutions, social media, legal scales, and security icons.Infinite Scroll Becomes a Compliance Problem​

On July 10, the Commission preliminarily found that Meta had breached the Digital Services Act through the design of Instagram and Facebook. Investigators said Meta had not adequately assessed how infinite scroll, autoplay, push notifications and personalized recommendation systems could affect users’ physical and mental wellbeing.
The findings cover risks to minors as well as vulnerable adults. More importantly for Meta, the Commission concluded that the safeguards already offered by the company had not effectively addressed those risks.
Meta disputes that assessment. The company says the Commission has failed to account for protections such as Instagram Teen Accounts, which apply more restrictive defaults and give parents additional controls over younger users’ activity.
The ruling remains preliminary, so it is not yet a final determination that Meta broke EU law. Meta can inspect the Commission’s case and respond before regulators decide whether to issue a formal noncompliance decision.
TikTok is already moving through a similar process. On February 6, 2026, the Commission preliminarily found the platform’s design in breach of the DSA, criticizing the same basic combination of continuous content delivery, autoplay, notifications and intensive personalization.
That investigation examined more than total screen time. Regulators said TikTok had disregarded possible indicators of compulsive use, including how often people opened the app and how long minors used it at night.
The Commission also found that TikTok’s screen-time prompts could be dismissed too easily and introduced too little friction to change behavior. Parental controls were judged potentially ineffective because configuring them placed additional demands on parents rather than changing the platform’s default design.
TikTok has rejected the Commission’s characterization as false and without merit. Like Meta, it can challenge the preliminary findings before any final enforcement decision is made.
If the cases are confirmed, either company could face a fine of up to 6% of its worldwide annual turnover. The Commission can also require corrective measures, making the potential redesign of core features more consequential than the financial penalty alone.

Brussels Shifts the Burden Away From Parents​

The July 13 report from the Commission’s Special Panel on Child Safety Online gives the enforcement action a broader policy direction. The panel argued that digital services should have to demonstrate that they are safe by design rather than leaving regulators, parents and children to prove that a product is harmful.
Its central recommendation is an EU-wide restriction on access to social media+ for children under 13 until providers can establish that their services are safe. It also recommends considering additional precautionary restrictions for older children.
Von der Leyen endorsed the principle of phased access for different age groups, although she stopped short of announcing a single minimum age. She said under-13s should have only supervised, time-limited access, while teenagers could gradually gain access to services shown to be appropriate for their age.
That is a more complicated model than a straightforward under-13 or under-16 ban. It could require platforms to offer several distinct product experiences instead of placing every minor into one generic teen mode.
The Commission president framed the issue as product safety rather than solely parental responsibility. Her comparison with car safety systems was deliberate: manufacturers are expected to build safe vehicles instead of expecting families to design seatbelts and install airbags themselves.
That argument points toward default restrictions built into the service, not settings buried in a family dashboard. A compliant youth experience could require finite feeds, meaningful breaks, reduced notifications, nighttime limits and recommendation systems that do not optimize primarily for continued engagement.
The precise obligations have not yet been written. Von der Leyen said proposals would follow after the summer, with a draft expected in the autumn of 2026, leaving the minimum age, covered services and enforcement mechanism unresolved.

Age Assurance Moves Closer to the Operating-System Layer​

Any enforceable age threshold creates a difficult technical question: how does a service know that someone is a child without collecting excessive identity data from everyone?
Current self-declaration systems are easy to bypass. A user can often enter a different birth date and gain access to the standard product, one reason existing platform rules barring under-13s have failed to settle the issue.
The Commission is developing an age-verification application intended to let people prove an age category without disclosing their full identity to each platform. That approach could reduce the need to upload passports or other sensitive documents directly to Meta, TikTok and every other regulated service.
For Windows users and administrators, the implementation details will matter. Age assurance could be performed by individual websites, mobile applications, identity providers, browsers or operating systems. Each option distributes sensitive data and compliance responsibility differently.
A platform-by-platform system risks producing repeated verification prompts and fragmented databases. A reusable credential could offer a cleaner experience, but it would need strong protections against tracking, credential theft and the linking of activity across unrelated services.
Microsoft and other platform vendors may consequently become part of the enforcement chain even if the legislation is aimed primarily at social networks. Windows already provides family controls, account identity and application restrictions, but an EU age regime could create demand for standardized signals that browsers and apps can consume without exposing a user’s exact date of birth.
Enterprise IT may also encounter edge cases. Shared PCs, schools, libraries and managed devices do not map neatly onto consumer family accounts, while browser-based access can bypass restrictions applied only to installed applications.

The Target Is the Engagement Engine​

The Commission is not merely asking Meta and TikTok to improve warning messages. Its findings challenge the mechanics that keep users consuming content without making a new decision after each item.
Infinite feeds remove stopping cues. Autoplay eliminates the need to request the next video, while recommendation systems continuously select material predicted to hold attention. Notifications then pull the user back after the session ends.
These mechanisms are also central to advertising revenue and growth, which makes substantial redesign commercially sensitive. Introducing stopping points or weakening personalization could reduce time spent in an app, the very metric many consumer platforms have spent years optimizing.
The broader social media+ definition increases the stakes. If the forthcoming legislation follows the panel’s approach, services may not escape scrutiny simply by describing themselves as games, communications tools or AI assistants rather than social networks.
That could bring short-video feeds inside gaming platforms, persistent AI companions and algorithmically selected community content into the same regulatory debate. The determining factor would be the product’s features and risks, rather than the category selected in an app store.
The next concrete milestone is the Commission’s post-summer proposal. Until its scope is published, Meta and TikTok face the immediate DSA investigations, while the rest of the technology industry must consider whether Europe is about to turn familiar engagement features into regulated safety hazards.

References​

  1. Primary source: International Business Times UK
    Published: 2026-07-13T20:52:49+00:00
  2. Related coverage: techcrunch.com
 

Back
Top