Skip to content
You can now search across every topic, entity and event.What's new
European Tech Sovereignty
7MAY

Meta breaches DSA on child safety

2 min read
10:13UTC

The European Commission found Meta in breach of the Digital Services Act on Wednesday 29 April for insufficient child safety protections on Instagram and Facebook, on a track separate from its earlier €200m DMA fine.

TechnologyDeveloping
Key takeaway

Meta now faces three concurrent Brussels enforcement tracks across the DSA, the DMA, and the WhatsApp AI objections.

The European Commission found Meta in breach of the Digital Services Act (DSA) on Wednesday 29 April for insufficient child safety protections on Instagram and Facebook 1. The finding sits on a track separate from Meta's existing €200 million DMA fine and The Commission's preliminary DMA objections to Meta over the WhatsApp artificial-intelligence assistant exclusion .

The DSA track turns on platform-governance obligations, not competition or interoperability. Where the DMA targets gatekeeper conduct toward business users and rivals, the DSA targets risk to end users, with child safety on very large online platforms one of the named systemic risks the regulation requires designated platforms to mitigate. Meta now faces three concurrent enforcement processes in Brussels, each with its own remedy timeline; the company has not yet disclosed which it will challenge in court. The Commission's first DMA Review Report, published the day before, named cloud and AI as future enforcement priorities, leaving the consumer-platform track running in parallel to the cloud-AI expansion CAIDA is intended to anchor.

Deep Analysis

In plain English

The Digital Services Act (DSA) is an EU law that requires large social media platforms to protect users, especially children, from harmful content and manipulative design. On 29 April 2026, the European Commission found that Meta, which owns Instagram and Facebook, had broken these rules by not doing enough to protect children on those platforms. This is a separate legal case from an earlier €200m fine Meta faced under different EU tech rules. The finding means Meta must now show it has fixed the problems. If it does not, it faces further fines. Child safety advocates say the real issue is that Instagram's recommendation system was designed to keep young users engaged for as long as possible, which conflicts with rules requiring platforms to stop targeting minors based on their behaviour.

Deep Analysis
Root Causes

Instagram's recommendation algorithm was trained on engagement signals that systematically amplify content keeping minors on the platform, including content that Meta's own internal research identified as harmful. Disabling the algorithm for under-18 accounts reduces engagement metrics and advertising revenue by an average of 22% for those users (Meta Q4 2024 earnings call). That financial cost is the structural reason Meta did not voluntarily comply before the DSA imposed the obligation.

The DSA creates two separate child-protection obligations: Article 28 (design-level prohibition on specific targeting practices for minors) and Article 34 (systemic risk assessment and mitigation). The breach finding covers Article 28, which is easier to prove but requires product changes that reduce minors' engagement time, making remediation commercially costly in a way that a fine alone is not.

What could happen next?
  • Precedent

    A successful Article 28 breach finding against Meta on design-level targeting obligations creates a direct precedent for similar proceedings against TikTok, YouTube, and Snapchat, all of which operate comparable recommendation systems for minors.

  • Risk

    If Meta's DSA remediation measures are accepted while its DMA fine remains at €200m, it confirms that trading compliance across simultaneous proceedings is viable, weakening the incentive structure for all DSA enforcement actions.

First Reported In

Update #4 · CISPE moves first; Brussels misses again

IT Pro· 7 May 2026
Read original
Different Perspectives
United States (Google/Alphabet)
United States (Google/Alphabet)
Alphabet lost its final Android appeal on 2 July with no further court to hear it, a result its Computer and Communications Industry Association allies frame as precedent, not deterrence, since the €4.1bn fine changed nothing about Google's Play Store terms across eight years of litigation.
UK Department for Science, Innovation and Technology
UK Department for Science, Innovation and Technology
DSIT opened its £96m second Sovereign AI wave on 3 July, switching from April's equity stakes to fixed-price contracts because Britain has no domestic hyperscaler or Bpifrance-style lender to fund capacity another way. It is betting on buying outcomes it controls alone rather than joining an EU-wide framework.
German federal government
German federal government
Berlin backed both German deliverables this week, Infineon's fab and Aleph Alpha's merger, but is finding one far harder to close than the other. It wants enforceable protective rights inside Cohere's cap table before the merger closes, a legal instrument the Bundeskartellamt has no filing to review yet.
European Commission
European Commission
The Commission banked a clean CJEU win on the eight-year Android case on 2 July, removing Google's last comparator argument before President von der Leyen rules on the far larger DMA self-preferencing fine due 27 July. Brussels treats Infineon's early Dresden delivery as proof the Chips Act mechanism works, at the node Europe already led.
Bruegel (EU industry sceptics)
Bruegel (EU industry sceptics)
Bruegel economist Mario Mariniello argued the EU sovereignty package mimics US and Chinese strategy while EU cloud providers hold roughly 15% of their home market; using nationality as a proxy for security without fixing the underlying capital and energy gaps that drive the dependency creates €86bn of migration cost without the security benefit it is sold as delivering.
France
France
France published a joint sovereignty definition with Germany at VivaTech and mobilised €13bn under Tibi Phase 3, placing SAP's partnership with Mistral as the working proof that a German enterprise-software giant running a French sovereign model inside public administration is what digital sovereignty looks like in practice.