Six months after Australia enacted a historic law prohibiting children under 16 from holding social media accounts, the policy is facing a harsh reality. Silicon Valley tech firms are doing the bare minimum to enforce the restriction, and the vast majority of underage users remain online. In response, Prime Minister Anthony Albanese announced a significant legislative escalation, doubling maximum corporate fines to A$99 million and expanding the investigative powers of the eSafety Commissioner. But while the government frames this as a decisive crackdown on corporate defiance, the underlying crisis stems from a fundamental mismatch between simple legislative text and complex internet architecture.
The numbers tell a story that political speeches try to obscure. The government initially boasted that more than five million underage accounts had been deactivated or restricted since the law took effect on December 10. However, independent academic data and the regulator's own tracking reveal a more sobering statistic. Roughly 70 to 85 percent of children under the age of 16 who used these platforms before the ban continue to access them today.
Why higher fines miss the mark
The new draft legislation lifts the financial penalty ceiling for a systemic breach from A$49.5 million to A$99 million. It is a large figure. Yet, for corporate entities that measure quarterly revenues in tens of billions of dollars, even a double-sized penalty amounts to a manageable cost of doing business.
Platforms have a direct financial incentive to keep their enforcement mechanisms loose. Teenagers are highly prized commodities for digital advertising networks. If one platform builds an unbreachable wall while its competitors leave a back door open, that platform suffers an immediate loss in user attention and future ad inventory. Consequently, platforms deploy basic age gates and cosmetic verification loops, fulfilling the literal requirement to take "reasonable steps" without actually solving the problem. Communications Minister Anika Wells acknowledged this dynamic, stating that tech companies want the age limits to fail so that global regulatory momentum stalls.
Demanding internal board minutes
The most significant shift in the proposed legislation is not the headline fine amount, but the expansion of investigative authority granted to eSafety Commissioner Julie Inman Grant. The regulator will soon have the legal authority to compel platforms to hand over sensitive internal communications, including board minutes and employee emails.
This changes the nature of regulatory oversight. Instead of accepting vague assurances about platform security, the commissioner can scrutinize whether engineering teams were explicitly told to prioritize user metrics over compliance. Furthermore, the new rules extend this information-gathering reach to third parties, including app stores and age-assurance technology providers. If a social media platform claims an external verification system failed, the regulator can bypass the platform completely to audit the supplier directly.
The engineering loophole
Legislation cannot easily rewrite how the internet works. Tech companies have repeatedly pointed out that without a unified, mandatory digital identity system, verifying a user's exact age remains deeply flawed.
Consider how easily a teenager bypasses a basic age gate. A simple virtual private network alters the device location to an overseas jurisdiction where the ban does not apply. Alternatively, kids can register accounts using false birth years or borrow the login credentials of older siblings. The current framework penalizes platforms for failing to take reasonable steps, but the legal definition of what is reasonable remains highly contested in court.
Opposition politicians argue the current implementation is fundamentally flawed. Rather than fighting a losing battle against account registration, critics suggest the policy focus should shift toward mandatory parental control tools built directly into mobile operating systems, or targeting the specific algorithmic feeds that drive compulsive usage patterns.
Regulators are currently investigating five primary entities for non-compliance, including Meta’s Instagram and Facebook, Google’s YouTube, TikTok, and Snapchat. The evidence gathered during these audits will determine whether the eSafety Commissioner initiates high-stakes federal court litigation. If Australia cannot make its enforcement mechanism hold up under legal scrutiny, the global movement toward age-gated internet access will face an immediate structural collapse.
