In terms of governance, platforms should:

• Assign to a dedicated person or team the responsibility for ensuring a high level of minors’ privacy, safety and security. This person or team should have sufficient resources as well as sufficient authority to have direct access to the senior management body of the provider of the online platform and should also be a central point of contact for regulators and users.
• Provide persons responsible for minors’ privacy, safety and security, developers, persons in charge of moderation and/or those receiving reports or complaints from minors, with relevant training and information.
• Include information specifically relevant to minors in their terms and conditions and in an easily accessible interface on the platform.
• Ensure regular compliance monitoring.

In determining which measures are appropriate and proportionate, platforms should:

• Assess the likelihood that minors use the service.
• Identify the risks to minors’ privacy, safety and security using the 5C framework (Content, Conduct, Contact, Consumer and Cross-cutting).
• Consider how platform features contribute to risks.
• Document current and planned mitigations.
• Evaluate potential negative impacts on children's rights (e.g. freedom of expression).
• Review risks regularly and after significant changes to the platform.
• VLOPs/VLOSEs should integrate this into their systemic risk assessments required under Article 34 DSA.

1. Types of age assurance:

• Self-declaration: Not considered robust or accurate (discouraged).
• Age estimation: Uses algorithms (moderate accuracy).
• Age verification: Based on official IDs or trusted digital credentials (high accuracy).
• The regulator explains when these types of age assurance can be used in different use cases.
• Platform providers should:
  • Justify its choice of age assurance type.
  • Offer at least two methods if age assurance is required and assess the effectiveness of specific age verification or estimation methods.
  • Ensure that where other age verification methods are used, they provide an equivalent level of verification as the EU age verification app (expected in summer 2025).
  • Provide a redress mechanism for users to contest wrong age assessments.
  • Not process more data than necessary (data minimisation principle).

2. Registration: Where registration is required or offered to access a platform, the provider should:

• Explain to users the rationale for registration
• Ensure registration is easy for all minors to access and navigate.
• Include measures as part of the registration process to help users understand whether they are allowed to use the service and measures to reduce attempts to register if underage.
• Avoid encouraging or enticing users who are below the minimum age required by the platform accessible to minors to create accounts. 
• Ensure that it is easy for minors to log out and to have their profile deleted at their request.
• Use the registration process to highlight the safety features of the platform or service, any identified risks to a minor’s privacy, safety or security and resources available to support users.

3. Account Settings:

• Default settings should maximise safety, including ensuring:
  • Private profiles, blocked location/mic/camera, limited interactions.
  • Push notifications off during sleep hours.
  • Filters that affect body image or promote compulsive use are turned off.
  • Children are not nudged to lower their settings.

• Platforms may remove settings, features and functionalities from minors' accounts altogether.

4. Recommender systems should:

• Take into account specific needs, characteristics, disabilities and additional accessibility needs of minors when defining the objectives, parameters and evaluation strategies of recommender systems.
• Promote minors’ access to information that is relevant and adequate for them, with due consideration to their age group.
• Prevent a minor's repeated exposure to harmful content (e.g. unrealistic beauty standards or dieting, content that glorifies or trivialises mental health issues, such as anxiety or depression, discriminatory content etc.)
• Use explicit user preferences (e.g. surveys) over engagement-based data.
• Prioritise accounts whose identity has been verified.
• Not use suggested terms and key phrases which recommend content that qualifies as harmful to the privacy, safety or security of minors.

5. Commercial practices: Platforms should:

• Have a responsible marketing and advertising policy in place that does not allow harmful, unethical and unlawful advertising to, for or by minors. This entails considering the appropriateness of advertising campaigns for different age groups.
• Ensure that ads are clearly marked, age-appropriate, and not exploit children’s lack of commercial literacy.
• Ensure that minors are not exposed to hidden or disguised advertising.
• Be transparent about economic transactions in an age-appropriate way and avoid the use of intermediate virtual currencies.
• Ensure that minors are not exposed to practices that can lead to excessive or unwanted spending or addictive behaviours, by ensuring that virtual items such as loot boxes or gambling practices are not used.

6. Moderation tools should:

• Define what is harmful content for minors (e.g. grooming, self-harm, exploitation).
• Use AI safeguards to block harmful prompt generation.
• Consider human review for content that substantially exceeds the average number of views and for any reported accounts that the provider suspects may pose a risk of harm to minors’ privacy, safety or security.
• Take into account the following factors when prioritising moderation: 
  • the likelihood of the content causing harm to a minor’s privacy, safety and/or security; 
  • the impact of the harm on that minor; and 
  • the number of minors who may be harmed.

1. User reporting, feedback, complaints, and user support should provide for:
   • Prioritisation of reports and complaints submitted by minors and provide each minor that has submitted the report or complaint with their reasoned decision without undue delay, in a way that is adapted to the age of the minor.
   • Easy feedback options (e.g. “I don’t like this”, Show me less/more", "I don’t want to see/I am not interested in", "I don’t want to see content from this account," "This makes me feel uncomfortable," "Hide this," "I don’t like this," or "This is not for me”).
   • Complaint mechanism availability for non-registered users if they may access the online platform’s content.
   • Technical measures to warn minors that they are interacting with an AI system (if AI features and systems such as AI chatbots and filters are integrated into the service of an online platform). 
2. Tools for guardians should:
   • Be treated as complementary (and not replacements for) the platform tools.
   • Provide a clear notification to minors of their activation by guardians and put other safeguards in place considering their potential misuse by guardians.
   • Ensure changes can only be made with the same degree of authorisation required in the initial activation of the tools.
   • Be compatible with the availability of interoperable one-stop-shop tools for guardians gathering all settings and tools.