Era of Platform Responsibility Fully Underway… Growth Model Itself Shaken
The European Union has put the brakes on the core business models of global Big Tech. Meta's Instagram and Facebook received a preliminary determination of Digital Services Act (DSA) violations on the grounds of insufficient fulfillment of obligations to protect children under 13.
This measure was announced by the European Commission on April 29, 2026, and is interpreted as a structural challenge to the platform industry as a whole beyond a simple regulatory issue. In particular, it is significant in that the platform growth model centered on user expansion and increased dwell time is directly colliding with regulatory demands for 'vulnerable user protection.'
The European Commission pointed out that Meta has not sufficiently established age verification systems, and maintained a structure where users under 13 can easily sign up with just a false date of birth entry. The fact that harmful content reporting systems are complex and have poor effectiveness was also raised as a problem. The EU judged that this means children's exposure risks to the platform are not being structurally managed.
What is particularly noteworthy in this determination is the problem statement about 'platform design itself.' The EU pointed out that not simply content but the structure of the recommendation algorithm and user interface strengthens children's vulnerability. The so-called 'Rabbit Hole' effect — a structure where users exposed to certain content gradually move to more extreme and stimulating content — has greater impact on children.
The EU also evaluated that Meta's risk assessment itself was insufficient. The criticism is that internal data and external research were not sufficiently reflected and actual risks were underestimated. In particular, it is estimated that approximately 10-12% of children under 13 within the EU use the platform, which is being regarded not merely as a management failure but as a structural problem of ignoring recognized risk.
Accordingly, the EU is requiring the introduction of more sophisticated age verification systems. The requirements are not simple. High standards were presented not only for accuracy and reliability but also for minimizing personal information infringement and being applied without discrimination. This is evaluated at a level that pressures the introduction of AI-based identity verification technology.
However, new issues are also becoming prominent in this process. Representative is the conflict between privacy and protection. The stronger age verification is, the more personal information collection increases, which can lead to concerns about surveillance society. Ultimately the question "how far to verify personal information for child protection" is emerging as the core debate.
Conflict between global platforms and regional regulation is also intensifying. While the EU applies strong regulation, the United States maintains a relatively lenient approach. Accordingly, global companies like Meta have come to have complex operating structures that must respond to different regulatory environments by region.
Financial risk is also considerable. Under the DSA, violations can result in fines of up to 6% of global revenue, which can burden Meta with billions of dollars.
This incident is not a problem limited to Meta. TikTok, YouTube, and other platforms are also under regulatory pressure related to child protection, with high likelihood that this determination will spread across the entire industry.
The platform industry is expected to be reorganized into a 'responsibility-centered structure' going forward. Departing from the role of simple intermediaries, they are changing into subjects bearing legal responsibility for user protection. Accordingly, AI-based age verification, user protection-centered UX design, and algorithm adjustments are expected to emerge as core strategic elements.
Ultimately, the EU's judgment delivers a clear message. Platform growth can no longer be justified by user expansion alone and must be accompanied by protection and responsibility. Platforms are now not simply technology companies but social infrastructure, regulatory targets, and simultaneously responsibility subjects.
The remaining question is clear. Is a platform a space that provides freedom, or a public system that must take responsibility?
