Hello!
We’ve had a calm Easter break in Europe during which the race to introduce age verification solutions was put on hold. But fear not! The frenzy is back.
On a more general level, the tech discussions are centered around simplifying the various rulebooks, “sovereign tech” (i.e. over-reliance on big tech) and the many, many flavours of AI.
Dimi
=== Child Protection - Age Verification ===
EU Member States, the European Commission, and some platforms are in a rush to come up with age verification systems amid a mild panic over minors’ access to harmful content. But exactly what shape the solutions will take is still up for debate.
—
The Council of the EU is drafting a position on this matter titled “Council conclusions on promoting and protecting the mental health of children”. Its current draft https://drive.google.com/file/d/1tpBCm-udS-HEk3m1jWyk13ee5bYGC6lU/view?usp=sharing includes a call to strengthen “data-minimised age verification processes” and insists that “digital platforms take greater responsibility for their content and its design”.
—
Meanwhile social media platforms and porn sites have become awkward… errr… bedfellows. Both groups maintain that age-verification on the service level (i.e. the app or website) is not good enough and instead it should be done at the operating system or device level.
—
Operating systems and device manufacturers say that they disagree. Amid all this, Google has announced https://blog.google/products/google-pay/google-wallet-age-identity-verifications/ that its wallet app will be able to handle IDs and age checks.
—
Meanwhile, a Paris administrative court rejected an appeal https://entrevue.fr/en/blocage-dun-site-porno-valide-la-justice-donne-raison-a-larcom-pour-la-premiere-fois/ against the first-ever decision to block a porn site that did not check its users’ age. One noteworthy aspect is that the court implicitly stated that if the platform had been a Very Large Online Platform (i.e. with over 45 million active users in the EU), it would not have listened to the French regulator, but instead to the European Commission. Several adult entertainment services are currently fighting the Commission over their designation as VLOPs.
—
Reminder: The European Commission’s white label app is in the making. The idea is for Member States to pick it up and use it, instead of developing their very own systems and thus to limit fragmentation within the EU. Greece has presented a “kids wallet” with age verification and parental control functions. Spain, Germany and France are working on their own age verification solutions. Other countries, especially the Nordics, also have initiatives.
—
Reminder 2: We are still waiting for the Commission guidelines on the protection of minors (under Art. 28 of the Digital Services Act. The Wikimedia Foundation has provided public feedback https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14352-Protection-of-minors-guidelines/F3496424_en.
=== Child Protection - CSAM ===
This is a piece of legislation aimed at tackling child sexual abuse material online. It wants to do so by mandating scans of known and suspected such content (to be provided by an official EU centre). There is a major disagreement among EU institutions and Member States whether private chats should also be included in the scanning provisions.
—
The Polish Presidency has tried https://www.consilium.europa.eu/en/documents/public-register/public-register-search/?AllLanguagesSearch=false&OnlyPublicDocuments=false&DocumentNumber=2138%2F25&DocumentLanguage=EN several times to break the deadlock, by pushing back against mass scanning of private messages, including in its draft https://drive.google.com/file/d/11Ycf5chWaP0xAAsEX1vZRv7au-vJXHvN/view?usp=sharing. However, it looks like it's going nowhere. Next up will be the Danish Presidency of the Council. Denmark is known for a much more “law enforcement friendly” stance on such issues.
—
Reminder: The European Parliament has a negotiating position that would allow scanning of private messages only after a judicial order. The Wikimedia Foundation has submitted public feedback https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12726-Fighting-child-sexual-abuse-detection-removal-and-reporting-of-illegal-content-online/F3338612_en when all this started.
=== Simplification Work - GDPR ===
The current European Commission and European Parliament are following a broad simplification (or deregulatory, depending on your view) agenda.
—
The third package that is currently being hammered out focuses on digital regulation, including the EU’s privacy framework - the GDPR https://www.politico.eu/article/eu-gdpr-privacy-law-europe-president-ursula-von-der-leyen/. Easing the reporting obligations for small and medium enterprises (GDPRD Article 30.5) is on the table, among other tweaks.
—
There is a coalition maintaining that the GDPR could really benefit from a few target simplifications. This message is carried by unlikely partners such as privacy activist Max Schrems and conservative lawmaker Axel Voss. Meanwhile, many civil society organisations in Brussels worry about fundamental rights implications.
—
From a Wikimedia perspective the fundamental rights risk is real when making changes to the architecture of basic legal codes. At the same time, a more streamlined GDPR process that requires less paperwork would definitely benefit the service provider of Wikimedia projects.
=== Piracy of Online Sports Events ===
In 2023 the European Commission adopted a recommendation https://ec.europa.eu/commission/presscorner/detail/en/ip_23_2508 on combating online piracy of sports and other live events encouraging Member States to take measures to combat unauthorised retransmissions of such events. By November this year the Commission will assess what the effects of this recommendation were. Not surprisingly, sports rights holders are unhappy.
—
While this isn’t of direct concern to us, the question is whether the Commission will opt for a legislative approach and, if yes, which.
—
Legislation aimed to protect exclusive content rights online often has implications for copyright exceptions and limitations and on how content can be shared. Both questions are fundamental to the functioning of Wikimedia projects.
===AI Code of Practice===
Over the past nine months, the EU’s AI Office, together with a panel of experts, has been working on a voluntary rulebook https://digital-strategy.ec.europa.eu/en/policies/ai-code-practice aimed at governing large language AI models.
—
These draft rules—covering contentious issues like the use of copyrighted content in training data and mandatory risk mitigation measures—have come under significant pressure from the U.S. government https://www.bloomberg.com/news/articles/2025-04-25/trump-administration-pressures-europe-to-reject-ai-rulebook, but also many tech companies.
—
AI cascades into many topics of core interest to Wikimedia: How information is gathered, how it is generated and how it is shared. While this particular EU exercise doesn’t affect us immediately and directly, it will have effects. Many Wikimedia groups and organisations are working on various aspects of AI. Movement members are regularly receiving questions about AI from partners and government officials. However the one thing our movement is missing is a coherent and shared view. We must make an effort in this direction!
===END===
publicpolicy@lists.wikimedia.org