: The race to keep children off social media has shifted from political promises to technical enforcement.

After Australia became the first country to introduce a nationwide ban on social media for children under 16, governments across Europe, Asia and now the Middle East are enacting similar measures. The UAE on Thursday became the latest country to introduce mandatory age checks, making it the first Arab nation to set a legal minimum age for social media use.

The real challenge now is not whether children should be restricted from social media, but how governments and technology companies can enforce the rules effectively.

UAE joins growing list of countries

The UAE announced that children under 15 will no longer be allowed to create or operate personal social media accounts, while teenagers aged 15 and 16 can access platforms only under stricter safeguards such as parental supervision, content filtering and limits on interactions with strangers. Platforms have one year to comply.

The move follows a growing international trend led by Australia, whose landmark law came into force in December 2025.

According to Reuters, at least a dozen countries have either implemented or are in the process of legislating nationwide restrictions on children’s access to social media, while several others are tightening parental consent and age-verification rules.

As of 18 June 2026, countries fall into three broad categories:

Bans enforced (in force)

Country	Minimum age	Status
Australia	Under 16	World’s first nationwide ban, in force since December 2025. Platforms are legally responsible for preventing under-16s from creating or using accounts.
Indonesia	Under 16	GovernmentGovernment has announced plans to prohibit under-16s from major social media platforms. has implemented on end of March 2026.

Passed or tabled legislation (awaiting implementation or final approval)

Country	Proposed age	Status
UAE	Under 16	Announced on 18 June 2026. Children under 15 cannot operate personal social media accounts. Platforms have one year to implement mandatory age verification.
UK	Under 16	Government announced ban; legislation expected before Christmas 2026 with rollout targeted for spring 2027.
Turkey	Under 15	Parliament has passed legislation. Awaiting presidential approval before becoming law.
France	Under 15	National Assembly approved bill. Senate approval and final parliamentary vote still required.
Malaysia	Under 16	Government has announced implementation plans beginning in 2026.

Countries considering or drafting bans

Country	Proposed age	Current position
Norway	Under 16	Government will introduce legislation to Parliament later in 2026.
Denmark	Under 15	Government has political backing and is preparing legislation, with limited parental exemptions.
Spain	Under 16	Government intends to legislate mandatory age verification and ban access for minors under 16.
Greece	Under 15	Government preparing legislation, with implementation expected from January 2027.
Poland	Under 15	Draft legislation being prepared to make platforms responsible for age verification.
Slovenia	Under 15	Draft law under preparation.
Austria	Under 14	Draft legislation expected following government agreement.
any	Under 16 (proposal)	Coalition discussions ongoing; currently requires parental consent for users aged 13-16.
India	Not specified	National debate underway; officials have called for Australian-style age restrictions.
Canada	Under 16	Canada’s culture minister on Wednesday introduced legislation to ban children under 16 from having social media accounts.

Other countries tightening child protections instead of blanket bans

These countries have introduced stricter parental consent, age verification or screen-time controls, but not blanket under-16 social media bans:

• China – “Minor Mode” with mandatory screen-time and app restrictions.
• Italy – Children under 14 require parental consent to open social media accounts.
• Portugal – Parliament approved parental consent requirements for users aged 13–16

Rather than focusing only on age limits, many governments are making platforms legally responsible for keeping underage users off their services

The technology behind the ban

For years, most social media companies relied on one simple question during sign-up: “What is your date of birth?”

Governments increasingly argue that self-declared ages are ineffective because children can simply enter a false birthday.

New laws, therefore, require platforms to use stronger age-verification methods to make the rules workable.

These include:

• Government-issued digital IDs
• AI-powered facial age estimation
• Credit card or payment verification
• Third-party identity services
• Mobile carrier verification
• Device-based parental controls
• Biometric age estimation

Australia’s legislation deliberately avoids prescribing one single technology, instead requiring platforms to take “reasonable steps” to prevent children under 16 from creating accounts. The UAE similarly requires platforms to use robust verification that goes beyond self-declared ages.

Meta: AI that estimates your age

Meta has become one of the most aggressive companies in deploying artificial intelligence for age verification on its platforms.

Rather than depending solely on birthdays entered during registration, the company analyses signals including:

• Friends of similar ages
• Birthday messages
• Profile activity
• Interaction patterns

If Meta believes a teenager is pretending to be an adult, the account can automatically be switched into a Teen Account with stricter protections.

Users may then be asked to upload a government-issued ID or record a short video selfie analysed by facial age-estimation technology.

TikTok: Face estimation and family controls

TikTok combines several approaches on its platform.

The company can request:

• Government identification
• Facial age estimation using AI
• Parental verification through Family Pairing
• Family Pairing allows parents to:
• Set screen-time limits
• Approve privacy settings
• Restrict direct messages
• Control searchable content

YouTube: Account verification through Google

YouTube relies largely on Google’s broader identity system for age verification.

Depending on location and content being accessed, users may be asked to verify their age through:

• Government-issued ID
• Credit card verification
• Google account information

Australia’s new law specifically includes YouTube among platforms covered by the under-16 ban after regulators concluded it functions as a social platform rather than simply a video service.

Snapchat: Parent-first approach

Snapchat has introduced Family Centre, allowing parents to:

• Monitor friend lists
• View communication history
• Report safety concerns

The company also performs additional age checks on Snapchat where required by local law, but has generally focused more on parental supervision than mandatory identity verification.

Roblox

The gaming platform has introduced one of the industry’s most comprehensive age assurance systems. Users can verify their age through facial age estimation using a video selfie, government-issued ID or parent-linked accounts.

Roblox automatically assigns younger users to age-based account types.

Communication features are also restricted based on verified age, with younger users prevented from chatting with significantly older players.

X and Reddit

X and Reddit continue to rely primarily on user-declared ages across many markets.

However, both companies have begun introducing stronger verification where national laws require it, particularly in Australia and parts of Europe.

Industry observers expect these verification systems to expand as more countries introduce mandatory age restrictions.

Early impact

Australia has provided the first real-world test of the new approach.

Within days of the law taking effect, Meta said it had removed nearly 550,000 underage accounts across Facebook, Instagram and Threads. Other platforms also began rolling out age checks and account removals.

Researchers caution that determined teenagers continue to find workarounds, including using VPNs, borrowed identities and alternative sites that remain outside current regulations.

Parents are largely supportive, but debate remains

Public reaction has been sharply divided.

Many parents have welcomed stronger protections against cyberbullying, damaging content, online predators and excess screen time.

Governments have cited growing evidence linking heavy social media use with anxiety, sleep disruption and mental health problems among children.

Technology companies, meanwhile, have argued that blanket bans risk pushing teenagers towards less regulated corners of the internet. Privacy advocates have also questioned whether widespread age verification would require users to share more personal data than before.

As more countries prepare similar laws, the next battleground will be less about legislation and more about technology: whether platforms can accurately determine who is really behind the screen without violating user privacy.

GN

Credential phishing remains one of the most effective techniques in the cybercriminal toolkit, serving as the launchpad for everything from account takeovers and financial fraud to ransomware and corporate espionage.

In the UAE, identity-based cybercrime has experienced a significant rise over the past year. According to data from the UAE Cybersecurity Council, more than 75 per cent of cyber breaches in the country originate from phishing emails or fraudulent messages. This statistic highlights just how foundational credential theft remains as an initial entry point into corporate networks.

While the objective remains the same, cybersecurity experts warn that the methods used to steal these credentials have evolved dramatically.

How credential attacks work

A credential-based attack exploits stolen, guessed, or phished authentication credentials to gain unauthorised access to systems or data. 

“These attacks typically target usernames, passwords, tokens, or session keys to impersonate legitimate users and bypass defences. Credential attacks are amongst the most common types of attacks and are rising in volume and sophistication globally and in the UAE,” Haider Pasha, VP & Chief Security Officer (CSO), EMEA, Palo Alto Networks, told Gulf News.

The rise of device code phishing

According to Kenan Abu Ltaif, Regional Lead for the Middle East and Turkey at Proofpoint, the sophistication of these attacks has shifted.

“Device code phishing is exploding across the threat landscape, with new device code phishing tools emerging every week,” Ltaif stated.

Unlike traditional phishing, which relies on tricking a user into typing their password into a fake form, device code phishing exploits legitimate authentication flows that users encounter daily.

“Instead, it exploits legitimate authentication flows… to capture tokens that give attackers persistent access to accounts even after passwords are changed. That’s a meaningful evolution,” Ltaif explained.

To lower a target’s guard, attackers are increasingly leveraging trusted contexts. “By impersonating HR teams, government entities, and widely used platforms like DocuSign and Microsoft, cybercriminals eliminate the typical red flags that might otherwise cause an employee to pause,” he said.

One hacked account threatens everyone

Globally, the fallout from a single compromised corporate account has escalated.

Research from Proofpoint reveals that in 83 per cent of confirmed account takeover cases, attackers did not stop at initial access.

“Instead, they utilised the compromised account to launch secondary attacks – impersonating the account owner to target colleagues, external partners, and suppliers. Consequently, a stolen credential is no longer isolated to a single person’s inbox, it serves as a dangerous foothold into the entire connected business ecosystem,” Ltaif, said.

Microsoft 365 dominates roughly 77 per cent of the business market, making it a prime target for hackers.

“Compromising just one Microsoft account gives attackers access to far more than email,” Ltaif noted. “They get into files, internal chats, calendars, and connected business systems through a single identity.”

This vulnerability is heavily exploited through device code phishing. The tactic manipulates a real Microsoft login feature, originally designed to help users sign in easily on devices without full web browsers. By abusing this legitimate process, hackers make their fake login requests look completely authentic.

UAE organisations face higher breach rates 

The scale of identity-based cybercrime in the region is reflected in recent data. A study from CyberArk, a Palo Alto Networks company, revealed that 92 per cent of UAE organisations experienced at least three successful identity-related breaches in the 12 months leading up to April 2026. This figure is notably higher than the EMEA (Europe, the Middle East, and Africa) average of 80 per cent.

“A credential-based attack exploits stolen, guessed, or phished authentication credentials to gain unauthorised access to systems or data. These attacks typically target usernames, passwords, tokens, or session keys to impersonate legitimate users and bypass defences,” Pasha, noted.

How to protect yourself

As credential attacks grow in volume and sophistication across the UAE, defending corporate and personal data requires heightened vigilance.

Pasha explained that as cyberattacks become more complex, individuals must adopt strict digital hygiene. This includes:

• Use unique passwords: Never reuse the same password across different accounts.
• Turn on Multi-Factor Authentication (MFA): Always use extra security checks (like a code sent to your phone) whenever available.
• Watch out for urgency: Be highly suspicious of unexpected emails or calls that demand you act immediately.

The integration of emerging technologies has further complicated the threat landscape. “This type of social engineering attack has increased as cybercriminals use generative AI to help craft plausible ruses to steal data and credentials, making it vital for individuals to remain vigilant,” Pasha, said. 

GN

Mexican authorities have introduced simplified entry procedures for UAE citizens, allowing them to complete their arrival procedures through electronic gates at a number of Mexican airports from Thursday, the UAE Embassy in Mexico said.

Under the new system, Emirati will no longer need to undergo the standard processing procedures at participating airports. Instead, travellers will receive a ticket containing a QR code linked to the Multiple Digital Immigration Form (FMMD), which they must retain throughout the duration of their stay in Mexico.

The embassy said the measure takes effect from Thursday and is intended to facilitate the arrival process for Emirati visitors.

The simplified procedures aim to ease the entry of Emirati fans travelling to Mexico for FIFA World Cup 2026 matches, which the country will co-host alongside the US and Canada.

GN