Banning VPNs for minors means age checks for all — and a potentially devastating blow to privacy
The pressure on VPNs, which authorities in various countries have long regarded as tools for evading surveillance or circumventing the law, is nothing new. For years, such pressure was largely confined to states where privacy and internet freedom were already fragile. We have grown accustomed to restrictions in countries such as Iran, China, Russia, the United Arab Emirates, Oman, and to periodic throttling or blocking of VPN traffic in places like Turkey and Pakistan.
What is new, and far more consequential, is that similar logic has begun to take root in Western democracies that traditionally positioned themselves as defenders of digital liberties. The catalyst for this shift has been a succession of legislative efforts framed around child protection, particularly shielding minors from exposure to harmful or explicit online content.
The most prominent example is the United Kingdom’s Online Safety Act (OSA). The Act was passed into law in October 2023, but it did not take effect at once. Its implementation came in stages, and began in earnest in July 2025, when provisions around illegal content and child protection started being enforced. The law imposes sweeping obligations on online platforms, including requirements to implement robust age-verification mechanisms to prevent minors from accessing adult material. In practice, this pushed websites toward intrusive identity checks, including those that entailed uploading government ID, facial age estimation, or third-party verification services.
Age checks for all
Predictably, this has fuelled a surge in demand for VPN services, as users seek to bypass age-verification gates. Policymakers did not, however, sit idle. Rather than reconsidering the proportionality of blanket verification mandates, some have begun contemplating restrictions on VPN access itself, especially for minors. In January 2026, the UK House of Lords voted to pass amendment 92 to the Children’s Wellbeing and Schools BIll.
The amendment explicitly prohibits the provision of VPN services to anyone under 18. Crucially, in order to enforce this ban, VPN providers, according to the amendment, have to introduce age checks that are “very effective at correctly determining whether or not that person is a child.”
In other words, to prevent children from evading age verification, everyone — including, and first and foremost, adults — would have to verify their age before using privacy tools, if the amendment were approved by the House of Commons.
At this stage, however, the proposal remains part of the parliamentary process. Having passed in the House of Lords, it must now be considered by the House of Commons. Under the UK’s legislative procedure, the Commons may accept the Lords’ amendment, reject it, or replace it with an alternative proposal. The expectation is that the Commons will reject the outright prohibition on providing VPN services to under-18s and instead back a government-proposed alternative: a three-month consultation period, scheduled to begin in March.
The scope of that consultation is notably wide. It will “confront the full range of risks children face online,” explicitly including “options to age restrict or limit children’s VPN use where it undermines safety protections and changing the age of digital consent.” VPNs are not an afterthought here; they are clearly within the government’s regulatory sights.
The consultation should allow for the assessment of the evidence, the technical feasibility, and the proportionality of any future restrictions, and, at least on paper, it should also include discussions with VPN providers themselves. So far, however, there is little sign of that reaching out. According to TechRadar, representatives from NordVPN, Surfshark, Windscribe, and ExpressVPN all said they were open to dialogue with the government, yet at the time of the initial announcement, none of these providers had actually been contacted about the proposed restrictions. We at AdGuard VPN haven’t been contacted either.
Age checks will make VPN use risky and even pointless
If VPNs are pulled under the same umbrella as platforms covered by the Online Safety Act, they will be expected to roll out the same “robust” age-verification systems. In practice, that means outsourcing checks to third-party providers, asking users to upload passports or driver’s licences, or submit to facial scans and biometric age estimation.
That fundamentally changes what a VPN is. Yes, users already share some data — typically an email address and payment details. But for most, that is the absolute maximum they are willing to disclose. Regular VPN users are often privacy-conscious by nature. Moreover, some are journalists, activists, dissidents, or simply people in vulnerable situations who rely on anonymity for their safety. Forcing them to hand over government IDs or biometric data in order to use a privacy tool would strike at the very core of what that tool is meant to provide.
And the risks are not hypothetical. In October 2025, Discord confirmed that attackers had accessed government-ID images submitted as part of its age-verification appeals process after breaching a third-party support provider. In other words, users who followed the rules and uploaded their documents ended up exposed.
We want to be clear about our position also. Under our EULA, minors are not allowed to use AdGuard VPN. Our concern is not the principle of restricting access for children. Our concern is enforcement and whether it is realistically possible to enforce such a ban without gutting user privacy in the process. For now, it seems to us that these two are fundamentally incompatible.
If no privacy-preserving solution emerges, providers may be forced to make difficult decisions. In our case, that could mean restricting certain features for UK users, including but not limited to increasing prices to account for compliance costs and legal exposure. None of these options are desirable, but neither is turning a privacy tool into an ID checkpoint.
For now, nothing has changed. And while the rules remain as they are, we’re offering our UK users an 80% discount on two-year VPN subscriptions — valid until 27 February (inclusive).
