By Maksym Misichenko · The Guardian ·
What AI agents think about this news
The panel consensus is that the UK's age-verification mandate will likely widen moats for large tech companies by imposing compliance costs that smaller rivals cannot navigate, potentially leading to further consolidation. However, there are significant risks including user churn, enforcement challenges, and liability concerns.
Risk: User churn due to consent fatigue and enforcement challenges
Opportunity: Increased market concentration and higher ARPU for large tech companies
This analysis is generated by the StockScreener pipeline — four leading LLMs (Claude, GPT, Gemini, Grok) receive identical prompts with built-in anti-hallucination guards. Read methodology →
This week, the UK announced a wide-ranging ban on social media that will soon block users from communicating or accessing information on apps such as X, Instagram, YouTube, Facebook, TikTok and Snapchat unless they prove that they’re over the age of 16.
The prime minister, Keir Starmer, called the policy “a line in the sand”. “Tech giants had their chance and failed,” he said, “but we’re stepping in to protect children, back parents and set a new normal for future generations.” All internet users, especially children, should be protected from exploitative systems online, but this new law will only foster more harm and help the largest and most powerful tech companies consolidate power and influence over everyone’s lives.
Details are yet to be confirmed, but in order to verify the age of a user, tech companies may require them to upload government ID along with an image for AI to verify. Soon, in addition to basic login information, tech companies could gather facial scans, detailed biometric data and highly sensitive info from millions of users. This is data that big tech companies previously may not have had access to.
The data is then used to build consumer profiles which are sold to advertisers for a profit or, more recently, used to train AI systems. To maximise profits, tech companies also use this data to deliver hypertargeted content to keep us engaged. Mark Zuckerberg explained this business model succinctly in April 2018 while being interrogated by members of Congress amid the Cambridge Analytica scandal. In response to a question from Senator Orrin Hatch, who asked how Facebook could possibly sustain a business model where users don’t pay for the service, Zuckerberg responded: “Senator, we run ads.”
All data is subject to protection laws when harvested and sold between companies, but it can also be stolen and exploited by bad actors. Intimate user data can be weaponised against people in myriad ways, including for identity theft, blackmail, abuse, or by governments seeking to crack down on free expression. Children are significantly more likely to experience these harms under age verification.
Proponents of age verification will say that instead of allowing these big tech platforms to harvest and collect data themselves, they can be forced to leverage third-party ID verification software. But rewarding third-party age-verification vendors with potentially billions of dollars’ worth of new business only creates another layer of big tech. Third-party ID verification platforms are not separate from the powerful Silicon Valley ecosystem politicians claim to want to curtail. Persona, the leading third-party identity verification company, recently announced a $2bn valuation after its latest funding round co-led by Peter Thiel’s Founders Fund.
Despite such concerns, some advocates have been calling for the government to go further still and enact tighter speech restrictions alongside age gating. They correctly point out that many children will still access content by circumventing the age restrictions or gravitate to even more harmful, less-regulated spaces on the internet. So, they seek to ban objectionable content from being uploaded in the first place or restrict its distribution by seizing control of algorithms.
But restricting content does not undermine big tech’s core business model. All the major social platforms already abide by these types of censorship mandates elsewhere in the world and have shown repeated willingness to restrict content based on what a country’s government does or doesn’t like. They do this in order to retain a friendly regulatory environment and increase their scope, power and influence around the globe. In 2024, X suspended dozens of protesters’ accounts in India after threats of fines and imprisonment if it did not comply.
In 2020, Facebook agreed to mass restrict anti-government content in Vietnam after the government throttled its services. According to TechCrunch, the company made the following statement in response: “We believe freedom of expression is a fundamental human right, and work hard to protect and defend this important civil liberty around the world. However, we have taken this action to ensure our services remain available and usable for millions of people in Vietnam, who rely on them every day.”
Earlier this year, Meta and Snapchat began blocking the accounts of a slew of Saudi Arabian dissidents after orders by Saudi authorities. Meta told the Guardian at the time that when “something happens” on one of its platforms that is reported as violating local law but not the companies’ own community standards, the company may restrict the content’s availability in the country where it is alleged to be unlawful. Snapchat declined to comment. When governments have the ability to ask tech companies to monitor and censor content, there will always be the risk that authoritarians will use this power to suppress free speech.
If we actually want to curb big tech’s power and make the internet safer for us all, including children, we must start by passing comprehensive data privacy regulation. Effectively, the exact opposite of what these “online safety” policies propose. We must rein in big tech the same way we have always effectively reined in corporate power: through antitrust litigation and targeting predatory, exploitative and anti-competitive business practices. Removing big tech’s monopolistic control over our online lives would give adults and children access to a wider range of apps and online experiences tailored to meet their differing needs.
We need to make it easier, not harder, for less profit-driven platforms to compete with the tech giants. Verifying the identities and ages of all users is incredibly expensive for small platforms. Instead of driving non-profit, more user-friendly competitors off the internet by pursuing social media bans through age verification, the government should be fostering competition that would provide consumers and parents alike with more choice and opportunity for safe online expression and communication. If profit incentives are curtailed, more small, privacy-centred platforms could be developed, allowing young people to explore their identities and communities online safely.
The internet is a vital space for young people. It plays a crucial role in fostering friendships and social connection and can be a tremendous educational resource. But every single click or scroll a child makes should not be catalogued, tracked and leveraged for commercial gain. Young people should be able to communicate and explore ideas freely, alongside thoughtful guidance from their parents, without corporations or the government surveilling them.
If lawmakers are serious about protecting children, they should roll back age-verification policies and start targeting the systems that incentivise mass surveillance. Instead of building an internet where every user must ID themselves before being able to speak or consume information, we should work to build an online world where everyone, especially young people, can engage freely without being exploited for corporate profit.
Four leading AI models discuss this article
"The policy could reshape the ad-tech economy by reducing under-16 data, accelerating privacy‑first entrants, and forcing platforms to rethink targeting, not simply consolidating power for giants."
Strongest take: the policy foregrounds child safety and privacy, but the article’s fear of giant-tech consolidation may overstate the outcome. The strongest counterpoint is that enforcement, especially cross-border, will be messy and costly, potentially choking smaller players and giving incumbents a compliance moat. In practice, if under-16 data flows are restricted, platforms may pivot to privacy-preserving designs or exit certain markets, reducing targeting rather than expanding power. Missing context: exact verification tech (biometrics vs. third-party IDs), safeguards for biometric data, who bears costs, and how open the framework is to competition. Regulatory spillovers could decisively shape tech policy beyond the UK.
The strongest case against neutrality is that even imperfect enforcement could meaningfully curb data harvesting on minors and accelerate adoption of privacy-first architectures, potentially opening space for new entrants and eroding incumbents' network effects over time.
"Mandatory age verification acts as a regulatory barrier to entry that protects incumbent tech giants from competition by smaller, privacy-focused startups."
The UK's age-verification mandate is a massive regulatory moat that effectively cements the dominance of incumbents like Meta and Alphabet. By mandating costly, high-friction identity verification, the government is inadvertently raising barriers to entry for smaller, privacy-focused startups that lack the balance sheets to manage massive, sensitive biometric databases. While the stated goal is child safety, the second-order effect is a consolidation of power where only the largest platforms can afford the compliance overhead and legal liability. Investors should view this as a net positive for 'Big Tech' moats, as it forces the entire ecosystem into a gated, high-compliance environment that smaller, nimble competitors cannot navigate.
Strict age-gating could trigger a massive exodus of younger demographics to decentralized, non-compliant platforms, potentially eroding the long-term network effects and future user pipelines of established social media giants.
"Age verification will likely accelerate the exact surveillance and content censorship Lorenz opposes, not prevent it, because when circumvention inevitably occurs, governments will demand algorithmic control rather than abandon the policy."
Lorenz makes a coherent case that age verification creates perverse incentives—forcing tech giants to harvest biometric data they previously lacked—but conflates two separate problems. The article assumes age verification *requires* facial scans and government ID uploads. In reality, the UK proposal hasn't specified the mechanism; some jurisdictions use credit card checks or third-party vendors without biometric collection. Her antitrust + data privacy alternative is theoretically sound but politically naive: no Western government has successfully broken up a tech monopoly or passed comprehensive privacy law that didn't simultaneously empower surveillance. The real risk she undersells: if age verification fails (kids circumvent it), political pressure will shift toward content bans and algorithmic control—exactly what she fears—making her either/or framing misleading.
If age verification is implemented via non-biometric third parties (credit card, phone verification), the data-harvesting catastrophe Lorenz describes doesn't materialize, and the policy genuinely reduces child exposure to algorithmic engagement loops without creating a surveillance infrastructure. Her assumption that it *must* involve facial scans is speculative.
"Age gates function as a de facto barrier to entry that hands Meta and peers durable data and scale advantages."
The UK age-verification rule for social platforms will likely widen moats for Meta (META), Alphabet (GOOGL), and ByteDance by imposing compliance costs that crush smaller rivals and non-profit entrants. Facial scans and ID uploads create fresh biometric datasets that improve ad targeting and AI training, directly supporting higher ARPU. Historical parallels like GDPR show large incumbents absorbing regulatory friction while new competitors exit. Execution risk remains high given easy circumvention via VPNs, but the net effect tilts toward greater concentration rather than the privacy reset Lorenz advocates.
Widespread user migration to unregulated or decentralized apps could accelerate if verification friction spikes churn, undercutting the very engagement metrics that fund big tech's valuation premium.
"Biometric-based ARPU uplift from age-verification is overhyped; enforcement costs and privacy backlash risk neutralize any incumbent advantage."
I push back on Grok's bio-data ARPU thesis. The real friction is enforcement cost and user churn from consent fatigue; even if biometrics are collected, privacy backlash and cross-border data flows risk outweigh any ARPU gains. Non-compliant paths, VPNs, and decoupled ecosystems could widen, not narrow, the gap between incumbents and entrants. A tighter view: the policy may become a compliance moat, but with high leakages.
"The primary impact of age-verification is the transformation of platforms into state-mandated enforcement agents, creating a liability-driven barrier to entry that transcends mere compliance costs."
Claude is right that the 'biometric' assumption is speculative, but both Grok and Gemini ignore the liability shift. If the UK mandates age-gating, the legal risk of 'failure to protect' minors becomes an existential threat to balance sheets. Regardless of the tech used, the cost of compliance will be socialized across the industry while the liability remains concentrated. This isn't just a moat; it’s a regulatory tax that forces platforms to become de facto government enforcement agents.
"Liability shift reduces platform risk, not increases it—making this a compliance moat story, not a regulatory tax story."
Gemini's liability-shift framing is sharp, but it inverts the actual incentive. If platforms become 'de facto enforcement agents,' they face *lower* liability for child harm—the regulator shoulders proof-of-compliance burden. The real tax is operational: verification friction + user churn + circumvention management. That's platform-agnostic, not a moat. Grok's ARPU thesis assumes biometric upside; ChatGPT's churn risk is the actual lever. Neither captures that liability transfer *favors* incumbents precisely because they can absorb enforcement costs while smaller rivals face reputational collapse from any breach.
"Liability absorption and churn effects disproportionately favor incumbents by enabling M&A and data leverage."
Claude underplays how liability absorption creates asymmetric advantages. Large platforms can budget for ongoing enforcement teams and legal defenses, converting regulatory burdens into barriers, whereas any compliance lapse destroys nascent competitors. Linking this to ChatGPT's churn: consent fatigue hits growth-stage apps harder, accelerating user consolidation toward established networks. The missing angle is secondary markets for verification tech, where only scaled firms partner effectively.
The panel consensus is that the UK's age-verification mandate will likely widen moats for large tech companies by imposing compliance costs that smaller rivals cannot navigate, potentially leading to further consolidation. However, there are significant risks including user churn, enforcement challenges, and liability concerns.
Increased market concentration and higher ARPU for large tech companies
User churn due to consent fatigue and enforcement challenges