G7 Issues Child Safety Declaration: Age Verification and Safety-by-Design Required

The G7 Évian Leaders' Call on a safer digital space for minors, published June 17, 2026, is the most concrete multilateral commitment to platform child safety since the UK Online Safety Act. It is not a treaty and it does not create immediate legal liability. But it is the political signal that precedes legislation in every G7 country, and the specific technical requirements it outlines are now the de facto compliance target for platform developers building for international markets.

What the G7 Actually Declared on June 17

The G7 Leaders' Call is a joint statement endorsed by all seven member governments and by five partner countries: Brazil, Egypt, India, Kenya, and the Republic of Korea. The partner country list is not ceremonial. It represents the major non-G7 digital markets where platform compliance requirements are emerging simultaneously.

The declaration commits signatories to a Common Set of Principles for a safe and secure digital space for minors, covering anyone under 18. The principles cover five categories: safety from harm, privacy protection, freedom of expression online consistent with child protection, human rights, and fundamental freedoms.

Three specific technical requirements are most significant for platform developers:

First, recommendation systems must be designed to elevate age-appropriate content and reduce exposure to risks. This is a direct intervention in algorithmic design, requiring that content ranking systems apply different parameters when the user is identified as a minor.

Second, digital services must implement safety-by-design approaches, including protective default settings and parental control tools. Default settings for minor users must be restrictive, not permissive. Parental control tools must be genuine features, not checkbox compliance.

Third, digital service providers must develop age assurance mechanisms while preserving user privacy. This is the most technically demanding requirement and the area of most active debate.

Safety-by-Design: What It Requires in Practice

Safety-by-design is a design philosophy, not a single feature. Applied to minors, it requires that the starting configuration of an account or service for a user identified as under 18 restricts rather than enables potentially harmful exposure.

For social platforms, this means: restricted direct messaging (off by default), no location sharing with non-contacts, no content recommendation across interests that were not explicitly chosen by the user, conservative content classification thresholds for violence and sexual content, and no data sharing with third-party advertisers without affirmative consent.

For AI services and chatbots, safety-by-design for minors requires additional constraints. Responses must be filtered for age-appropriateness. Relationship-forming patterns, where the AI encourages emotional dependency or presents itself as a companion, must be suppressed for minor accounts. Generation of content that a minor could use to self-harm or access dangerous information must be blocked at lower thresholds than for adult users.

The EU Digital Services Act, which came into force in 2024, already requires large platforms to conduct annual risk assessments covering minor users. The G7 declaration extends these principles to platforms operating below the DSA's large platform threshold (45 million users in the EU) and to non-EU markets through the partner country endorsements.

Age Assurance: The Technical and Privacy Tradeoff

Age assurance is the technical challenge that has blocked effective implementation of child safety rules for years. To apply different settings for minor users, a platform must know which users are minors. Knowing this accurately requires either: collecting identity documents (creating privacy and data security risks), using probabilistic inference from behavior (unreliable and gameable), or requiring parental consent verification (burdensome and not scalable globally).

The G7 declaration endorses age assurance mechanisms while explicitly requiring that they preserve user privacy. This is the core tension: effective age verification typically requires significant personal data, and privacy preservation typically means limiting data collection.

The technically credible approaches being developed include:

Privacy-preserving age estimation uses on-device machine learning to estimate age from device usage patterns, purchase history, or behavioral signals, generating a zero-knowledge proof that the user is above or below a threshold without transmitting the underlying data to the platform. This is technically viable but requires significant device-side compute and is not yet deployed at scale.

Third-party age verification services allow a user to verify their age once with a trusted third party (a government ID service, a bank, a telecom) and receive a reusable credential that can be presented to multiple platforms without revealing identity information each time. The UK Age Assurance Taskforce has been developing this model since 2022.

Device-level age signals from operating system providers (Apple, Google) allow the OS to assert that a device is registered to a minor account (through Family Link, Screen Time, or equivalent parental controls) and pass that signal to apps without exposing identity data. This requires the platform to trust the OS provider's assertion.

OpenAI's Youth AI Safety Institute Proposal

OpenAI arrived at the G7 Évian summit with a specific proposal: a dedicated international Youth AI Safety Institute to develop and enforce child-specific AI safety standards. The proposal includes four elements.

Age-appropriate protections built into the model and API layer, not just the application layer, so that any application calling an OpenAI endpoint with a minor-flagged session automatically receives age-constrained responses. This is architecturally significant: it moves child safety from an application developer responsibility to a model provider responsibility.

Privacy-preserving age estimation built into OpenAI's account system, using probabilistic signals to flag likely minor users even when identity documents are not available. Accounts flagged as likely minor receive restricted defaults until the user explicitly verifies adult status.

Stronger safeguards when a user's age is uncertain. Rather than defaulting to adult permissions when age is unclear, OpenAI proposes defaulting to minor protections until age is confirmed. This reverses the current industry norm of permissive default settings.

Annual youth safety risk assessments, published publicly, covering how OpenAI's models are being used by minor-aged users and what harms have been observed.

The Youth AI Safety Institute proposal was received positively by European G7 members. The US delegation was supportive in principle. No formal agreement to create the institute was reached at Évian, but OpenAI's public proposal creates a reference point for the G7 digital ministerial follow-up process.

Minimum Age 16: The European Push

The most politically contentious element of the G7 children online safety discussions is the European Commission's push for a minimum social media age of 16, with no exceptions and robust enforcement requirements on platforms.

The proposal is supported by France, which has already enacted national social media age restrictions. Italy has implemented similar restrictions. The UK Online Safety Act includes provisions allowing Ofcom to require age verification for services likely to be accessed by minors, and Ofcom's published guidance effectively requires platforms to treat 13-to-17-year-olds differently from adults.

The US delegation at Évian did not endorse a specific minimum age in the joint declaration. American platforms (Meta, TikTok operating under US governance, Snap, YouTube) have significant commercial interests in teen advertising revenue. The US Children's Online Privacy Protection Act sets age 13 as the threshold for different treatment, and raising this to 16 at a federal level would require Congressional action.

The G7 Leaders' Call does not specify 16 as a mandatory threshold. It commits to "age-appropriate protections" and endorses the concept of a minimum age, without naming it. The specific number will be determined in subsequent national legislation processes.

What Platform Developers Need to Build Before 2027

The practical compliance implications of the G7 declaration for platform developers are clearer than the political language suggests.

For any platform with significant minor user presence in G7 or partner countries:

Age assurance must be implemented by 2027 in any jurisdiction that follows the EU DSA/UK OSA compliance timeline. This means choosing one of the three technical approaches (privacy-preserving estimation, third-party credential, device-level signal) and building the integration infrastructure.

Safety-by-design defaults for minor accounts must be implemented now for EU-regulated platforms (DSA), and added before 2027 for UK, Canadian, and Australian markets that are developing equivalent legislation.

Recommendation algorithm modification for identified minor users is the most complex engineering task. It requires a separate ranking model or post-processing layer that applies different content eligibility and scoring rules for minor-flagged accounts.

AI companion features, relationship-forming chatbot patterns, and AI-generated personalized content streams should be disabled or heavily restricted for minor users in all G7 jurisdictions. This is not yet legally required everywhere, but the G7 declaration makes it the expected standard.

Parental control APIs, allowing parents to access account activity summaries, set content restrictions, and receive alerts, need to be real product features rather than buried settings.

Our Analysis: The Compliance Race Has Already Started for Some and Not for Others

The companies that attended the G7 AI working lunch — OpenAI, Anthropic, Google — are already investing in minor safety features. OpenAI's Youth AI Safety Institute proposal is partly defensive: by proposing the standard, it shapes the standard. Companies that have not yet started building age assurance infrastructure are now definitively behind.

The G7 declaration does not have a compliance deadline. But the legislative pipeline behind it does. EU DSA requirements for large platforms (45M+ EU users) are already in force. UK OSA age assurance requirements are in Ofcom rulemaking. Canada's Bill C-63 Online Harms Act is progressing through Parliament. Australia's Online Safety Act review includes age verification provisions.

The pattern for platform developers is clear: the G7 declaration represents the political consensus, and that consensus consistently translates to binding national law within 18 to 36 months.

The age assurance technical challenge is real and worth prioritizing now. The privacy-preserving approaches are technically mature enough to pilot. The third-party credential model is the most likely to become the dominant standard in Europe, given the EU's existing eIDAS identity infrastructure. Building an integration with an eIDAS-compatible age verification service in 2026 positions a platform ahead of the 2027 to 2028 mandatory compliance wave.

See the G7 Évian AI sovereignty analysis for the broader AI governance context from the same summit.

Key Takeaways

• G7 Leaders' Call published June 17 with Brazil, Egypt, India, Kenya, and South Korea as partner signatories; covers any user under 18 across digital services
• Three core technical requirements: algorithm age-differentiation (different content ranking for minor users), safety-by-design defaults (restrictive, not permissive), and privacy-preserving age assurance mechanisms
• OpenAI proposed a Youth AI Safety Institute with four elements: model-layer age protections, privacy-preserving age estimation, protective defaults under age uncertainty, and annual public risk assessments
• EU pushing for minimum social media age of 16; G7 declaration endorses minimum age concept without specifying a number; US has not committed to raising beyond current COPPA threshold of 13
• Compliance wave timeline: EU DSA (large platforms, already in force), UK OSA age verification (Ofcom rulemaking), Canada Bill C-63, Australia OSA review — all converging on 2027 to 2028 mandatory requirements
• AI companion features and relationship-forming chatbot patterns should be disabled for minor users; this is not yet universally mandatory but is the clear G7 expected standard

Sources

• Elysee.fr — Leaders' call on a safer digital space for minors, G7 Évian 2026
• StartupHub.ai — OpenAI Pushes Global Youth AI Safety Standards at G7
• CNBC — AI in spotlight at G7 as Trump, world leaders joined by tech chiefs
• GOV.UK — G7 Digital and Technology Ministerial Declaration 29 May 2026
• New Kerala — G7 Roadmap to Secure Digital Space for Minors