In Short
- New laws ban under 16s from using most social media platforms, with a two-year phase-in from December 2024.
- Businesses must take “reasonable steps” to verify users’ ages and protect any personal data collected.
- Penalties for non-compliance include fines of up to $50 million and enforcement powers for the eSafety Commissioner.
Tips for Businesses
Check if your platform qualifies as an age-restricted service. Start reviewing your age verification process and privacy policy now. Consider appropriate age assurance tools and train your team on the new requirements to stay ahead of the two-year compliance deadline.
The passing of the Online Safety Amendment (Social Media Minimum Age) Bill 2024 on November 29, 2024, marks a significant shift in Australia’s digital landscape. As a business owner, understanding the implications of this new legislation is crucial, especially if your operations involve social media platforms or digital marketing strategies targeting younger audiences. This article explores the new Australian laws, including age restrictions and limitations on social media use for individuals under 16, while highlighting the implications for businesses and outlining compliance requirements.
Key Definitions and Scope
The bill introduces two key definitions:
- Age-restricted users: Australian children under 16 years of age; and
- Age-restricted social media platforms (ARSMPs): Electronic services with the primary purpose of enabling social interaction between users, allowing users to link or interact with others, and post material for social purposes.
One of the most notable aspects of this legislation is its built-in flexibility. The Federal Government emphasised that the provisions allow for adjustments to the scope and targeting of ARSMPs. This adaptability enables the government to respond swiftly to the ever-evolving social media landscape.
Exclusions and Exemptions
The legislation provides for certain exclusions. The government initially plans to exempt messaging apps, online gaming services, and platforms primarily supporting health and education. As a business owner, staying informed about these classifications and any future changes is crucial, as they may directly impact your operations and compliance requirements.
Continue reading this article below the formKey Obligations for Businesses
1. Age Verification Requirements
The core obligation introduced by this legislation requires ARSMPs to take “reasonable steps” to prevent age-restricted users from creating or maintaining accounts on their platforms. While the bill does not prescribe specific methods for age verification, it empowers the eSafety Commissioner to provide guidelines on what constitutes “reasonable steps.”
For businesses operating ARSMPs, this means implementing effective age verification systems. These could range from simple date-of-birth checks to more sophisticated methods like AI-powered age estimation or parental consent mechanisms. The choice of method should balance effectiveness, cost-efficiency, and respect for user privacy.
2. Privacy Considerations
Privacy considerations are at the forefront of this legislation. If your business collects personal information for age verification purposes, you must adhere to strict guidelines. This information can only be used for age verification or purposes allowed under the Australian Privacy Principles (APPs). Any secondary use requires specific, informed consent from users, and all collected data must be destroyed after serving its intended purpose.
3. Penalties and Enforcement
The penalties for non-compliance are substantial, with corporations facing fines of approximately $50 million. The eSafety Commissioner has been granted broad investigative powers, including the ability to require businesses to provide information about their age restriction measures.

This fact sheet outlines the Australian Government’s strengthened consumer privacy laws in 2025 following major data breaches and their alignment with global standards.
Preparing for Compliance
While the new obligations will not take immediate effect – there is a two-year transition period starting from December 2024 – it is crucial to start preparing now. Here are some steps to consider:
- assess whether your business falls under the ARSMP definition. If you are uncertain, seek legal advice;
- review and update your privacy policies and data handling procedures to align with the new requirements;
- investigate suitable age assurance technologies and methodologies, considering factors such as effectiveness, cost, and privacy invasiveness;
- develop a comprehensive compliance strategy, including procedures for preventing underage users from creating accounts and identifying existing accounts held by age-restricted users;
- train your staff on the new requirements and update your internal policies accordingly; and
- implement robust record-keeping and auditing processes to demonstrate compliance with the legislation.
Business Impact and Adaptation
For businesses that interact with or may interact with younger users, this legislation may require significant operational changes. You might need to explore alternative revenue streams, develop separate platforms for users under 16, or pivot your business model entirely. Evaluate the impact on your advertising and marketing strategies, as you may need to adjust targeting and content to align with an older user base.
While the Online Safety Amendment (Social Media Minimum Age) Bill 2024 presents challenges for businesses operating in the digital space, it also offers an opportunity to demonstrate commitment to user safety and privacy. Businesses can navigate this new regulatory landscape effectively by taking proactive steps to ensure compliance. Remember, flexibility, preparedness, and a commitment to user protection are key to success in this evolving environment.
Key Takeaways
The Online Safety Amendment (Social Media Minimum Age) Bill 2024 introduces new age restrictions, preventing children under 16 from using certain social media platforms. It applies to platforms like TikTok, Facebook, Instagram, Snapchat, Reddit, and X, with potential future adjustments. Businesses operating these platforms must take “reasonable steps” to verify users’ ages while balancing effectiveness, cost, and privacy. The legislation also enforces strict data handling rules, limiting how businesses use and store personal information.
Non-compliance carries significant penalties, including fines of up to $50 million. Businesses should start preparing now by reviewing policies, implementing age verification measures, and updating compliance strategies before enforcement begins in December 2026.
If you need help understanding age restrictions on social media, our experienced privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
The new law requires social media platforms to verify users’ ages, preventing children under 16 from creating accounts. If your business relies on these platforms for marketing, you may need to adjust targeting strategies, ensure compliance with new privacy rules, and explore alternative engagement methods for younger audiences.
Businesses operating social media platforms must implement effective age verification systems, such as AI-powered age estimation or parental consent. Additionally, they must review privacy policies, train staff on compliance, and maintain accurate records to meet the eSafety Commissioner’s enforcement standards and avoid substantial penalties.
We appreciate your feedback – your submission has been successfully received.