Hello!

A month full of child protection, GDPR simplification and ISBNs. Huh!? ISBNs? Read on!

Dimi

=== Child Protection===

The European Commission has published draft guidelines on the protection of minors https://ec.europa.eu/newsroom/dae/redirection/document/115476 under the DSA. This is intended to give a more precise explanation of how the DSA rules can be complied with. Essentially, they leave it up to platforms to self-assess risks and determine the appropriate level of age assurance, apart from a few very specific cases like adult content, alcohol and gambling. The Wikimedia Foundation will provide public feedback, expect more information in next month’s report..

Denmark has strongly criticized the Commission's approach, advocating instead for mandatory age verification for social media. It has joined France and Spain demanding stricter rules https://drive.google.com/file/d/1EPf1EKqefLtSkdQbbxCSTaFMpXEHZGXg/view?usp=sharing. Denmark will take over the rotating Council Presidency in the second half of this year. Meanwhile, France, Greece, Italy, Denmark and Spain have signed up to pilot the Commission’s proposed EU age verification app (EFF’s explainer here https://www.eff.org/deeplinks/2025/04/age-verification-european-union-mini-id-wallet ).

Simultaneously, the European Parliament is working on a draft non-legislative report on child protection https://www.europarl.europa.eu/doceo/document/IMCO-PR-772053_EN.pdf. It currently contains a suggestion to ban addictive design patterns (e.g. “infinite scroll”), influencer marketing of unhealthy behaviors, and to set up a rapid alert system for harmful online trends. It critiques the fragmented national approaches, including with regards to age-verification, and calls for horizontal EU legislation.

While there seems to be a growing consensus that age verification must be addressed, the level at which this should happen is still being debated. Service providers argue that app stores or operating systems should be responsible, while app stores and operating systems claim the opposite. The “verification by app stores” camps seems to be slowly gaining the upper hand. The Commission has not yet put its weight behind either position. Notably, the Commission also says it won’t address https://www.europarl.europa.eu/doceo/document/P-10-2025-001727-ASW_EN.pdf mandatory verification in the planned 2025 DSA review.

Why it matters for Wikimedia: Rules on minors’ protection and age verification could impact Wikimedia projects depending on their scope. Even beyond our projects, they could hamper access to citations or sources or carry privacy risks. At the same time, safety of all users online, including minors, is also fundamental to the functioning of the knowledge ecosystem.

=== GDPR Simplification===

The Commission has published its proposal https://single-market-economy.ec.europa.eu/single-market/simplification_en to slightly simplify Europe’s infamous data protection rulebook. It wants to raise a mid-cap threshold, which currently simplifies record-keeping obligations for organisations up to 250 employees. Originally it was expected that the ceiling would be raised to 500, but in the last days before the proposal was published, the benchmark was set at 750 staff.

Why it matters for Wikimedia: Considering that the Wikimedia Foundation stays below 750 employees, it will benefit from the reduced record-keeping obligations currently handled by the Privacy team.

=== Democracy Shield ===

Wikimedia Europe submitted feedback https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14587-European-Democracy-Shield/F3557291_en on the European Democracy Shield initiative. This is a planned, non-legislative communication by the European Commission that is supposed to lay out measures for the protection of democracy and information integrity.

Why it matters for Wikimedia: We emphasised the need to systemically think of collaborative, community driven projects when proposing new measures, rules and regulations and floated a so-called “Wikipedia Test”. See our blog post https://wikimedia.brussels/european-democracy-shield-we-shared-our-views-with-the-commission/ for more details.

=== DSA Fees ===

The Commission is preparing changes https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14681-Amendment-to-the-Delegated-Regulation-on-the-DSA-supervisory-fee-_en to the DSA supervisory fees for very large online platforms and search engines (VLOPs and VLOSEs). It has yet to provide detailed proposals.

Why it matters for Wikimedia: Wikipedia is a VLOP. Currently the fees are calculated based on profits, which means that the Wikimedia Foundation is de facto exempt. Should this change, it could mean additional cost.

=== AI, Copyright & ISBN Numbers ===

Italy, Spain, and Portugal are lobbying https://data.consilium.europa.eu/doc/document/ST-8188-2025-REV-1/en/pdf for stronger protections of copyrighted content in AI training. They are currently urging the Commission to require unique identifiers like ISBNs in AI training transparency reports. This would help track and limit the use of protected works by generative models, they claim. Currently the AI Act demands developers to publish information about the sources they used for training, but the obligation is vague.

Why it matters for Wikimedia: We care about information integrity and the ability to trace sources. Simultaneously we are traditionally very sceptical of extending intellectual property rights or related requirements that make sharing knowledge harder. We are also worried about generative AI models hallucinating citations and sources, including ISBNs.

===END===