Issue #19, May 1 2026
The DSA emerges as a youth regulation file Digital Omnibus stalls
Sebastien Louradour
5/1/20263 min read
DSA enforcement on youth safety
The European Commission announced this week it has issued a preliminary finding that Meta is in breach of the DSA for failing to prevent minors under 13 from using Instagram and Facebook. This preliminary finding is interesting to analyse for a few reasons. The DSA has been weaponised by the Trump Administration as a means to criticise both indirect levies on US Tech companies and a form of EU extra-territoriality over the question of freedom of speech. For these reasons, conducting DSA investigations on US tech companies bears many risks for the European Commission over the delicate compromise reached on the EU/US trade agreement in which the question of the enforcement of the EU Tech regulatory framework isn't completely closed. But, while the question of levies and freedom of speech have represented the core of the US criticism over EU regulation, the question of youth safety regulation has remained untouched. There is no surprise in this: there is a bipartisan agreement in the US that online youth safety is a priority, and recent court decisions have sided with social media users on the matter. The preliminary finding is the consequence of a proceeding launched in May 2024. At the time, the scope of potential infringement was broad, covering the design of Facebook's and Instagram's online interfaces, age verification tools, as well as privacy, safety and security for minors. Among all these issues, the decision to focus on age verification seems timely, with mounting pressure from EU member states to limit access to youth on social media, as well as announcements from the Commission for age verification tools. Meta can now engage in a dialogue with the Commission to come up with an age verification solution. Meta has already announced it was about to release tools to effectively comply with this new requirement. This preliminary finding from the Commission is likely going to apply to other Very Large Online Platforms designated under the DSA, which also include social media such as TikTok. Global pressure has mounted since the decision of Australia to ban the use of social media for youth, which has obliged social media platforms to provide age verification tools to comply with the ban.
Digital Omnibus stalls
This week had been presented as the one when we would see the EU Digital Omnibus aka "simplification package" make it through the trilogues, or said otherwise a political agreement among the EU member states and the Parliament. No such thing has happened, and while the next trilogue session is scheduled for around May 13, uncertainty remains over the capacity of Europe to agree on the file. When initially introduced, the Digital Omnibus seemed to look like a collection of fixes promoted by tech companies and acknowledged by the European Commission as necessary evolution/simplification to streamline the capacity of tech companies to innovate in Europe particularly on GenAI. One of the introduced measures was to change the legal basis to collect user's data for AI data training, and instead of asking for consent, provide the capacity to opt-out through the legitimate interest legal basis. The version negotiated ahead of the trilogue ended up being far more ambiguous on the issue, giving the possibility for national DPAs to ask for consent anyway. The new version has also heavily diluted the capacity for labs to train on sensitive data. The initial version had already created many caveats, but the new one is now limited strictly to incidental and residual processing, which in practice closes the door for the use of such data. Then, there is the EU AI Act enforcement calendar that is also at stake. While it is now widely acknowledged that the AI Act was rushed at the moment of its final adoption to include GenAI, EU policymakers are now trying to get it into enforcement mode, while standards are still in the making. The Digital Omnibus, if quickly adopted, could be a way to reschedule the dates of enforcement of the AI Act. So far, the EU has been the only large jurisdiction acting to regulate on AI, but since its adoption, the EU has prioritised a competitiveness and simplification agenda in which the EU AI Act has become questioned over its potential burden for Europe. The Commission is now in charge of leading a delicate exercise to both move forward with an ambitious AI regulation and maintain the capacity for Europe to stay attractive and competitive on the issue.