House of Lords Votes to Ban UK Children from Using Internet VPNs
Last week saw the House of Lords pass a vote that would, if approved by the Government, introduce an amendment to the Children’s Wellbeing and Schools Bill (CWSB) that aims to “prohibit the provision” of Virtual Private Network (VPN) services to children (under 18s) in the UK. The goal is to stop children allegedly using VPNs to bypass age verification systems.
According to the details on the Conservative-led amendment (92) page: “This new clause would require the Secretary of State to take action to promote and protect children’s wellbeing, and to further support child protective measures in the Online Safety Act, by prohibiting the provision to children in the United Kingdom of VPN services which can facilitate evasion of OSA age-gating processes.”
The amendment itself passed with 207 votes in favour and 159 against (here), with the majority of yes votes coming from the Conservative Party and the majority of the no votes coming from the Labour Party. Crucially, this suggests that the amendment, at least in its current form, is currently opposed by the party of Government and so may struggle to survive once the Bill is returned to the House of Commons.
Advertisement
Part of the reason for the government’s objection is that they’re separately consulting on some of these issues and have yet to reach a conclusion. The government have previously expressed that there are “no current plans to ban the use of VPNs“, although that doesn’t mean to say they won’t try to impose age-based restrictions on them.
Amendment text
After Clause 27
insert the following new Clause—
“Action to prohibit the provision of VPN services to children in the United Kingdom(1) Within 12 months of the day on which this Act is passed the Secretary of State must, for the purpose of furthering the protection and wellbeing of children, make regulations which prohibit the provision to UK children of a relevant VPN service (the “child VPN prohibition”).
(2) Regulations under subsection (1)—
(a) may make provision for the provider of a relevant VPN service to apply to any person seeking to access its service in or from the UK age assurance which is highly effective at correctly determining whether or not that person is a child;
(b) must apply the child VPN prohibition to the provider of any relevant VPN service which is, or is likely to be—
(i) offered or marketed to persons in the United Kingdom;
(ii) provided to a significant number of persons;(c) must make provision for the monitoring and effective enforcement of the child VPN prohibition.
(3) OFCOM may produce guidance for providers of relevant VPN services to assist them in complying with the child VPN prohibition.
(4) A statutory instrument containing regulations under subsection (1) may not be made unless a draft of the instrument has been laid before and approved by a resolution of each House of Parliament.
(5) For the purposes of this section—
“child” means a person under the age of 18;
“consumer” means a person acting otherwise than in the course of a business;
“relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;
“UK child” means any child who is in the United Kingdom.”
The focus on children above does however ignore that it may be mostly adults driving VPN usage to bypass age verification. Many adults do not want to have to share their private personal or financial details with unknown and unregulated third-party age verification providers, particularly when those services are associated with porn peddlers. The infamous Ashley Madison hack showed just how dangerous such information could be in the wrong hands (blackmail and suicide etc.).
The regulator’s CEO, Dame Melanie Dawes, also revealed last year (here) that, “following the 25th July deadline we saw a spike in [VPN] use – with UK daily active users of VPN apps temporarily doubling to around 1.5 million. However, usage has since plateaued, and has now fallen back to around 1 million by the end of September“.
All of this is before we touch on the potentially far-reaching and unintended consequences of enforcing age verification on VPNs, which are also legitimate tools for businesses, journalists and to help protect people (security) when abroad or on public networks etc. Many such VPNs can be deeply integrated into modern protection and network optimisation systems, often acting seamlessly in the background, thus a blanket requirement risks being extraordinarily disruptive. But some politicians do understand this.
Advertisement
Lord Knight of Weymouth (Labour)
“Children may also turn to VPNs, which would then undermine the child safety gains of the Online Safety Act. The VPN amendment of the noble Lord, Lord Nash, tries to address this, but age-gating VPNs may be extremely problematic. My phone uses a VPN, following a personal device cyber consultation offered by this Parliament. VPNs can make us more secure, and we should not rush to deprive children of that safety. A blunt, blanket ban—it is a struggle not to call it a Blunkett ban—would also deny young people the positives of some of the less addictive social media.
Young people will continue to want to connect with each other. They will want to share music, their photos and videos, and their creative content. I was of the mixtape generation, now replaced by the shareable playlist. Young entrepreneurs will want to market their products: will they have to use an adults account on an adult’s phone, and be exposed to the risks of adult content as a result?
When I speak to young people in my capacity as president of Young Citizens, I am struck by how well informed they are. They find out what is going on in the world through social media. Is it right that we lower the voting age to 16 and simultaneously prevent access to news for 15 year-olds when we want them to become well informed?
The arguments for doing something urgent and meaningful about the dangers to children of social media are compelling, but so are the arguments for doing it in a more sophisticated way.”
The reality is that, whatever the government decides, children who go seeking access such systems and content will always find a way to circumvent any measures that are introduced – just as they always have done (e.g. people can create their own VPNs). Instead, it often ends up being the innocent and harmless online services and security systems that could be hurt the most by the sledgehammer approach to age-gated internet censorship.
Please note that we won’t be able to approve any comments on this news article that appear to directly promote specific VPN services, due to the risk that this could clash with the government’s recent warnings about such promotions (here).
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« CBNG Launch UK Next Gen 5G-based Fixed Wireless Broadband Platform
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message and display names can be almost anything you like (provided they do not contain offensive language or impersonate a real person's legal name). By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Utter despair, these out of touch dinasours have not one clue. You can literally find porn sites within 10 seconds that don’t have age ckecks and so don’t need a VPN either. If it takes me that long kids will have no problem. There will always be sites that don’t enforce it, you can’t police the whole internet and that’s what they don’t get, it’s impossible. Education is the key, not placebo measures.
Agree 100%. The whole thing is laughable. These dinosaurs have no idea what internet is or how it works…
No legitimate VPN is going to be able to comply with what is being asked without going against their principles. This is a VPN ban by proxy. And that’s before we discuss the incorrectly labelled “social media” ban for under 16s which is actually a user-to-user service ban for under 16s and has wide reaching consequences.
Not so sure about that. For a start paying by credit card is enough to verify age so most of us using a paid service won’t need to do anything else. Also by using a VPN you’re putting a _lot_ of trust in the VPN provider – at least the same as you put in your ISP – they’re not just some random website you’re accessing anonymously. If you don’t trust them with your credit card you should definitely not trust them as a VPN provider at all. So from a privacy perspective I’m not too bothered about it. However what it will do is prevent the reputable providers from offering a free tier. This will drive those unable or unwilling to pay by credit card (including children) to the disreputable VPNs who may have no respect for their users’ privacy – wouldn’t be the first time. Once again the government shows it has no idea what it is doing.
We must ban anonymous internet and privacy in its entirety. If you have nothing to hide you have nothing to fear.
That is why I am happy to share the password to my email, banking apps and IP cameras: “ladyPass$1234”
I agree that the innocent have nothing to hide. I too will share my contact details:
Anotato com. You can find out the rest from there. Also, I think we should repeal the Official Secrets Act. After all, the innocent have nothing to hide.
Welcome to distopian ‘United Kingdom!
This is done for the sole purpose of spying.
I’m all for banning under 16’s from social media which is the scurge of the world but this won’t achieve that as it’s totally unenforceable
So they’re wanting to access to VPNs, which is crazy in itself, but you can still go onto google, don’t bother to log in, and do an image search for whatever porn you want and it just pops up. Yet they claim this is to protect the kiddies and isn’t about digital surveillance at all. Yeah, right!
This is what happens when 99% of law makers have a degree in history or politics or law, and not a science GCSE amongst them.
Not only is a blanket VPN ban unrealistic, it’s easy to circumvent.
But that’s not the worst of it. The fact is the vast majority of porn sites require no age verification at all. There are literally millions of porn sites and the government is blocking less than 1% of them! So kids don’t even need a VPN, whether they are banned or not.
Good thing these VPN services are located outside of the UK and don’t have to obey UK law.
The thing is, people are going to be using VPN points that are outside of the UK, so are UK laws even applicable?
They don’t understand technology enough to write this, they will mess up the regulation wording so badly it will ban HTTPS.
If China can’t even ban vpn the UK hasn’t got a hope
That is true.
I chat to someone who lives in China and have done so for years, and they use a VPN.
“Labour MP Andrew Cooper supported the decision and highlighted the “risk” of children being driven into “less well-regulated spaces and into virtual private networks” following government restrictions.”… It seems Labour MPs do not know the difference between the DarkWeb and VPNs and they are going to potentially vote to ban VPNs thinking they are banning access to the dark web. This is the mentality of the people deciding laws over us.
“We must ban anonymous internet and privacy in its entirety. If you have nothing to hide you have nothing to fear”….Says the country who imprisoned more people for thought crimes in 2025 than Russia, North Korea, Saudi Arabia and China did all combined. Seriously, look it up
Would you care to specify your sources?
No problem, just use a vpn to move your location outside the uk…
As mentioned in the article, the House of Lords doesn’t create legislation.
Nor does the government have a majority in the Lords, so this vote must have had cross party support.
Download your VPN of choice now before it’s too late.
Farage might as well start choosing carpet and curtain pairings for No 10 at this point. It’s clear we’re on a one way path.
This is 100% being done with the pretext of more censorship in mind. No VPNs means no hiding from what you post online.
This is CCP level control being masked by “save the children” yet again.
Government transparency means you will be monitored – Europe’s North Koera
Did you 2 not read the article? I repeat “The amendment itself passed with 207 votes in favour and 159 against (here), with the majority of yes votes coming from the Conservative Party and the majority of the no votes coming from the Labour Party”.
True but Labour peers only voted against so the government can do its consultation and lead on the legislation. Let’s be under no illusion that they are actually against it.
During Covid i’m aware of several schools that rolled out a requirement that required students to use a VPN to connect to their networks. These systems are still in use.
This has nothing to do with children, and everything to do with the government manufacturing scenarios where they will tell you ‘oh but if we had Digital ID’s this wouldn’t happen’.. They are just brining in state controlled Ai driven monitoring and censorship by the back door. They are very close to finalising legislation that will mean all messages are screened before being sent on any app. So your message will still have end to end encryption but it won’t matter as the governments Ai will have scanned it before the encryption is applied, to check it conforms.
I need to renew my driving licence as it’s about to expire and in order to do so I had to create a .gov account and to do that I had to download an app to verify who I am, and it had to scan both sides of my existing license. So if you have to do the same with a random website sod that! Holding that information on you! It is a recipe for disaster and a hackers wet dream…
May as well rename the UK to China 2.0..
The unelected once again poking their noses in, time to get rid of House of Lords. The ones that are elected are no better
Parents should be keeping an eye on their kids, not the state.
Fed up of this Nanny state.
This is the last and final time Labour will ever win a election
And what about a 17 year old who may work in a small business or use a college VPN. The nativity of our ruling classes is astounding
It only applies to consumer use for accessing the internet, not to business use and not to consumer use into a private LAN.
From the legislation:
“relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;
“consumer” means a person acting otherwise than in the course of a business;
Whats next ? Their gonna lock up everyone in a cage soon.
I remember back when I was a teen in school we were constantly playing cat and mouse when it came to bypassing the filters to access flash games (showing my age here) and in some cases actual porn.
Guess what was their best solution in the end? Monitoring us in real time using some remote desktop software.
This was how the person watching the latter was caught despite the teacher being in a different room.
Yes it sounds orwellian, but whilst the ‘think of the children’ law might work with younger kids, once they’re old enough I expect them to see this as a challenge and/or worse use tools which can potentially lead to worse problems e.g. DDOS networks.
IMO restrictions/monitoring to ‘think of the children’ should be left on a device level or at worst a household level.
Absolute clowns.
Just like the misguided OSA, this will drive people towards using services that are non-compliant and of dubious integrity.
“It’s for the children” is getting old really fast.
Rather than the blithering 60+ year olds in the lords who struggle to operate a TV remote deciding on what is or isn’t harmful on the internet, how about we ask the 20-30 year olds, who have spent their entire childhood surrounded by it?
This can’t be true, I’ve never seen people that stupid.
For my two pennies worth (it won’t go far these days I know):
OSA should be repealed asap – bad legislation, even worse implementation.
Categorically no bans or interference with VPNs, encryption or other obfuscation technologies.
No verification processes for adults which require details to be handed over and retained by third parties (including government agencies). So many arguments against it, but a telecoms forum is not the place to outline the reasons, so I won’t.
In a free society I shouldn’t need to prove who I am, if anyone doubts it, they should provide a compelling case that I am not before I am required to even attempt to refute the allegation.
There are NO good arguments for protecting children by making adults significantly and permanently more vulnerable.
Prohibition has NEVER worked to prevent the participation of those targeted, at its most effective it drives the issue underground where it thrives without any kind of oversight, and at its least effective it is blatantly ignored.
We need to hold our representatives to account, and issue recall petitions for of them that supports such dangerous nonsense.
I have left banks over theirs poor implementation of MLR and KYC, many of whom adopted the sledgehammer ‘give us all your data’ approach. Unfortunately most people are too lazy or stupid to actually challenge them, which means we all suffer. The same will happen with OSA and the verification/digital ID scams (sorry, I obviously mean schemes).
I’m currently fighting government agencies over their current failings where an identity verified with one department isn’t sufficient for another because it’s only a partial match to their records. The role of government in this capacity is only to minimise risk by establishing reasonable certainty, not to impose their world view or fit everything into their badly designed checkboxes.
If both recent examples of bad ideas from government are anything to go by, the new regulations are going to be so much worse. I hope they’re building enough prisons to accommodate us all at the expense of their self inflicted dwindling economy.
This is a disgusting new step in dystopian europe
If porn was the issue then they would ban only fans. This is exactly the same spat with grok, if bikini photos are an issue then they would ban Photoshop which achieves the same thing
They want to take basic freedoms from people, it’s incredibly obvious to see. But hey somehow they will find some way to blame Donald Trump and the Jewish people
The critical piece of any legislation that might arise from this would be the method by which the age of the end user is determined.
I am also wondering how this would be enforced for automated systems making use of VPNconnections.
This is an awful idea.
We need a government to roll back the status quo on the Online Safety Bill and VPNs.
Think back to March-December 2007; VPNs were widely used, and nobody had an issue with them. The 14-year-olds who used them in March 2007 are now 33-year-olds who are competent at IT.
The truth is, there’s always a situation you’ll need a VPN in; I’ve found from testing ProtonMail runs faster on some VPNs and slower on your own ISP; or for accessing content that’s geoblocked.
As we’ve learnt from Mr. Robot, the dystopia created by governments is not worth it. I don’t endorse the hacking in that show but the point is there.
Incidentally, think of this; some workplaces have VPNs, for example, in my workplace, which is here in Leeds, our IP address shows up as Windsor, Ontario or Vancouver, British Columbia and the IP is a VPN but that’s who supplies our ISP provider, so see the problems it causes?
Also, VPN usage has been endorsed a lot the past few years – Sabrina Carpenter has said since 2020:
“Always use a VPN unless you’re doing the Amazon shop or online banking… you need to keep safe and a VPN is no silver bullet, but it’s damn good”.