--- title: "DSA Article 28 minors protection guide for online platforms" canonical_url: "https://www.sorena.io/artifacts/eu/digital-services-act/minors-protection" source_url: "https://www.sorena.io/artifacts/eu/digital-services-act/minors-protection" author: "Sorena AI" description: "EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "DSA Article 28" - "Digital Services Act minors protection" - "online platforms" - "targeted advertising minors" - "recommender systems" - "age assurance" - "EU Digital Services Act" - "DSA" - "Article 28" - "minors protection" - "targeted advertising" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # DSA Article 28 minors protection guide for online platforms EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence. *Artifact Guide* *EU DSA* ## DSA Article 28 Minors Protection A grounded guide for online platforms assessing how the EU Digital Services Act protects minors through privacy, safety, security, targeted-ad restrictions, and platform design controls. Use it to separate binding Article 28 duties from voluntary Commission guideline recommendations and to avoid inventing age-verification obligations that the DSA text does not impose. Article 28 of the EU Digital Services Act is about online platforms accessible to minors. It requires appropriate and proportionate measures for a high level of privacy, safety, and security, restricts profiling-based advertising to minors when the platform is aware with reasonable certainty that a recipient is a minor, and says compliance does not require extra personal-data processing to determine age. ## What Article 28 requires for platforms accessible to minors Start with the service, not the child-safety control. Article 28 applies to providers of online platforms accessible to minors; the DSA recitals describe this as including services whose terms permit minors, services directed at or predominantly used by minors, or services where the provider is otherwise aware that some recipients are minors. The core obligation is risk-based. The platform should be able to explain why each measure is appropriate and proportionate for the way minors actually use the service, rather than treating every age assurance, recommender, ad, reporting, or parental-control feature as mandatory in every product. - Classify whether the service is an online platform and whether it is accessible to minors under the platform terms, audience, usage evidence, or age data already processed for another purpose. - Describe the minors-specific risks the service creates: unsolicited contact, harmful content exposure, addictive or excessive-use patterns, cyberbullying, harmful commercial practices, or access to adult-only products and content. - Map each control to privacy, safety, or security of minors and state why it is proportionate for the product's size, purpose, interface, and user base. - Keep the Article 28 record separate from broader DSA duties such as content moderation, statement-of-reasons reporting, marketplace traceability, and VLOP systemic-risk assessments. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj?ref=sorena.io) - Article 28 creates the online-platform duty to protect minors and states the targeted-ad and data-minimisation limits. - [European Commission - Commission publishes guidelines on the protection of minors](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission source for the 2025 Article 28 minors-protection guidelines and recommended child-safety measures. ## Targeted advertising and age-data boundaries Article 28 prohibits online platforms from presenting advertisements based on profiling using a recipient's personal data when the provider is aware with reasonable certainty that the recipient is a minor. This is narrower than a blanket ban on all advertising to minors: contextual ads, house messages, or ads that are not based on profiling need a separate assessment under the DSA and other applicable law. The same article also prevents a common overreach. Compliance with Article 28 does not require platforms to process additional personal data just to assess whether a recipient is a minor. Evidence should therefore show both the ad-delivery restriction and the data-minimisation boundary. - Block profiling-based ad delivery for accounts, sessions, cohorts, or surfaces where the platform is aware with reasonable certainty that the recipient is a minor. - Document which signals create reasonable certainty, such as age already provided by the user, account type, parental setup, or other age information the platform already processes. - Do not turn Article 28 into a general obligation to collect age from every user; record when age assurance is used because the risk profile or Commission guidelines support it. - Keep ad-system evidence: policy rules, targeting exclusions, delivery logs, campaign QA, advertiser controls, and tests showing minor profiles are excluded from profiling-based targeting. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj?ref=sorena.io) - Article 28(2) is the source for the profiling-based advertising restriction for minors. - [European Commission - The impact of the Digital Services Act on digital platforms](https://digital-strategy.ec.europa.eu/en/policies/dsa-impact-platforms?ref=sorena.io) - Commission explainer describing the DSA ban on targeted advertising to minors and sensitive-data-based targeting. ## Recommended minors-protection controls from the Commission guidelines The Commission's 2025 Article 28 guidelines are non-binding, but the Commission says it will use them as a reference point when assessing Article 28(1) compliance. Treat them as a structured control catalogue, then select measures that fit the service's risk profile. The grounded recommendations cover privacy-by-default, safer recommender systems, user controls, limits on unwanted sharing of minors' content, safeguards against excessive-use features, harmful commercial-practice controls, and improved moderation, reporting, feedback, and parental-control tools. - Set minors' accounts or relevant sharing surfaces to private by default where the service exposes personal information, content, contact lists, or social interactions. - Tune recommender systems to reduce harmful-content exposure and content rabbit holes, including by giving more weight to explicit choices by children than to inferred behavioural signals where appropriate. - Give minors practical controls to block or mute users and avoid being added to groups without explicit consent where group or messaging features exist. - Restrict downloads, screenshots, or redistribution of minors' sensitive content where the product design creates a risk of unwanted distribution, sexual extortion, or cyberbullying. - Review streaks, read receipts, autoplay, push notifications, ephemeral content, AI chatbots, virtual currencies, loot boxes, and similar interface patterns for excessive-use or harmful commercial-practice risks. Sources for this answer: - [European Commission - Commission publishes guidelines on the protection of minors](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission source listing recommended measures such as private defaults, recommender changes, blocking controls, screenshot restrictions, excessive-use safeguards, and commercial-practice safeguards. - [European Commission - Guidelines under the Digital Services Act](https://digital-strategy.ec.europa.eu/en/policies/dsa-guidelines?ref=sorena.io) - Commission guidelines hub stating that DSA guidelines are non-binding, voluntary reference points for assessing legal obligations. ## Recommender, interface, and VLOP controls that may overlap Article 28 does not stand alone. Article 27 requires online platforms using recommender systems to explain the main parameters in plain and intelligible language and provide options to modify or influence them. For VLOPs and VLOSEs, Article 38 adds at least one recommender option that is not based on profiling. For very large services, minors protection can also appear inside systemic-risk work. The DSA risk-assessment and mitigation provisions refer to children's rights, protection of minors, physical and mental well-being, recommender systems, advertising systems, interface design, content moderation, and internal documentation. - For all online platforms with recommender systems, keep terms-and-interface evidence showing the main recommender parameters and user controls. - For VLOPs and VLOSEs, keep evidence that each recommender system has at least one non-profiling option and that the option is available where recommendations are presented. - When minors are a material user group, test whether ranking, autoplay, notifications, chatbots, group suggestions, or ad selection can increase exposure to harmful content, unwanted contact, or excessive-use patterns. - For VLOP systemic-risk files, preserve supporting documents for risk assessments and connect minors-risk mitigations to design, recommender, advertising, moderation, staffing, and governance changes. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj?ref=sorena.io) - Articles 27, 34, 35, and 38 ground recommender transparency, systemic-risk assessment, mitigation, and non-profiling recommender options for very large services. - [European Commission - DSA: Very large online platforms and search engines](https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops?ref=sorena.io) - Commission overview for VLOP/VLOSE obligations involving systemic risks, recommender options, advertising repositories, audits, and data access. ## Evidence checklist for a minors-protection review A useful Article 28 file should show what the platform knew about minors, which risks it identified, which controls it selected, why those controls are proportionate, and what it deliberately did not do because the DSA does not require additional age-data processing. Keep the record product-facing enough for design, advertising, trust and safety, data science, policy, legal, privacy, and compliance teams to test the same claims. - Service-scope memo: online-platform classification, whether the service is accessible to minors, and whether any micro or small enterprise exclusion is being relied on. - Risk evidence: usage by minors, complaint and report trends, content or contact risks, harmful commercial-practice risks, recommender tests, ad-delivery tests, and interface-pattern review. - Control register: private-default settings, blocking and muting controls, group-add consent, reporting and feedback tools, parental controls, recommender changes, excessive-use safeguards, and commercial-practice safeguards actually implemented. - Age-assurance rationale: when age verification, age estimation, or no additional age check is used, tied to the specific risk and Article 28's data-minimisation limit. - Advertising evidence: profiling-based targeting blocks for known minors, special-category targeting controls under Article 26, campaign QA results, and incident handling for misdelivery. - Governance record: owner, approving reviewer, source citations, product surfaces covered, test date, residual issues, and triggers for reassessment after new features, audience changes, national age rules, or Commission guidance updates. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj?ref=sorena.io) - Article 28(3) supports the age-data boundary in the checklist and FAQ. - [European Commission - Commission publishes guidelines on the protection of minors](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission source for recommended age-assurance qualities and examples where age verification or estimation may be appropriate. *Recommended next step* *Placement: before sources* ## Build a grounded DSA minors-protection review Sorena can help structure Article 28 scope, targeted-ad restrictions, recommender controls, guideline recommendations, and age-assurance rationale into a reusable evidence record. - [Open Research Copilot for the DSA](/solutions/research-copilot.md): Ask source-linked questions about Article 28, targeted advertising to minors, recommender systems, and Commission guidance using the cited sources on this page. - [Review DSA minors-protection evidence](/contact.md): Walk through your minors-protection controls, age-assurance rationale, ad-system evidence, and source gaps with Sorena. ## Primary sources - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj?ref=sorena.io) - Binding DSA text for Article 28 minors protection, Article 26 advertising transparency and sensitive-data targeting limits, Article 27 recommender transparency, Article 34 and 35 systemic-risk work, and Article 38 non-profiling recommender options for VLOPs/VLOSEs. - Quote: "Online protection of minors" - [European Commission - Commission publishes guidelines on the protection of minors](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission publication for the Article 28 minors-protection guidelines and examples of proportionate measures, including age assurance, private defaults, recommender changes, reporting tools, and excessive-use safeguards. - Quote: "safe online experience for children and young people" - [European Commission - Guidelines under the Digital Services Act](https://digital-strategy.ec.europa.eu/en/policies/dsa-guidelines?ref=sorena.io) - Commission guidance hub explaining that DSA guidelines are non-binding recommendations and voluntary reference points for assessing compliance. - Quote: "non-binding documents" - [European Commission - The impact of the Digital Services Act on digital platforms](https://digital-strategy.ec.europa.eu/en/policies/dsa-impact-platforms?ref=sorena.io) - Commission explainer for practical DSA platform changes involving targeted ads to minors, minors protection, recommender controls, and age-assurance guidance. - Quote: "Protection for minors" - [European Commission - DSA: Very large online platforms and search engines](https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops?ref=sorena.io) - Commission overview for VLOP/VLOSE obligations that can overlap with minors protection, including systemic-risk mitigation, audits, data access, advertising repositories, and non-profiling recommender options. - Quote: "provide an option in their recommender systems" ## Related Topic Guides - [DSA Ads and Recommender Systems: transparency duties, user choice, and evidence](/artifacts/eu/digital-services-act/ads-and-recommender-systems.md): A grounded DSA guide to ad labels, targeting restrictions, recommender parameter disclosure, non-profiling options for VLOPs and VLOSEs, ad repositories, and compliance evidence. - [DSA Applicability Test: classify intermediary services, platforms, marketplaces, VLOPs and VLOSEs](/artifacts/eu/digital-services-act/applicability-test.md): A source-grounded EU Digital Services Act applicability test for classifying intermediary services, hosting services, online platforms, marketplaces, VLOPs and VLOSEs. - [DSA average monthly active recipients: what platforms must publish](/artifacts/eu/digital-services-act/faq/average-monthly-active-recipients.md): A grounded FAQ on average monthly active recipients under the EU Digital Services Act, including publication, EU recipient scope, the 45 million VLOP/VLOSE threshold, and evidence records. - [DSA Complaint and Dispute Workflows for Online Platforms](/artifacts/eu/digital-services-act/complaint-and-dispute-workflows.md): Build DSA complaint, appeal, statement-of-reasons, and out-of-court dispute workflows for online platform moderation decisions. - [DSA crisis response for VLOPs and VLOSEs](/artifacts/eu/digital-services-act/crisis-response.md): EU Digital Services Act crisis response guide for VLOPs and VLOSEs: Article 36 Commission decisions, Article 48 crisis protocols, mitigation, governance, requests for information, and records. - [DSA Dark Patterns: interface design checks for online platforms](/artifacts/eu/digital-services-act/dark-patterns.md): Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns. - [DSA Enforcement and Penalties in the EU](/artifacts/eu/digital-services-act/enforcement-penalties-and-investigations.md): How Digital Services Act enforcement works: Commission and Digital Services Coordinator roles, VLOP and VLOSE investigations, fines, periodic penalty payments, and evidence readiness. - [DSA illegal content notices: what must be included?](/artifacts/eu/digital-services-act/faq/illegal-content-notice.md): A grounded FAQ on EU Digital Services Act illegal-content notices: Article 16 notice elements, acknowledgement, decision notices, trusted flagger priority, statements of reasons, and records. - [DSA Marketplace Trader Traceability FAQ](/artifacts/eu/digital-services-act/faq/marketplace-trader-traceability.md): Answer to what EU Digital Services Act Article 30 requires online marketplaces to collect, verify, display, retain, and evidence for trader traceability. - [DSA Marketplace Trader Traceability Guide](/artifacts/eu/digital-services-act/marketplace-trader-traceability.md): EU Digital Services Act guide for online marketplaces collecting, checking, displaying, storing, and evidencing trader traceability information. - [DSA notice and action plus statements of reasons guide](/artifacts/eu/digital-services-act/notice-and-action-plus-statements-of-reasons.md): A grounded Digital Services Act guide for notice intake, moderation decisions, statements of reasons, DSA Transparency Database submission, complaints, appeals, trusted flaggers, and records. - [DSA Notice and Action Workflow for Hosting Services and Online Platforms](/artifacts/eu/digital-services-act/notice-and-action-workflow.md): A grounded DSA notice-and-action workflow covering notice intake, completeness checks, trusted flaggers, decisions, user communications, statements of reasons, appeals, and records. - [DSA recommender transparency FAQ: Article 27 and VLOP options](/artifacts/eu/digital-services-act/faq/recommender-transparency.md): What EU Digital Services Act recommender transparency requires: main parameters, user options, VLOP/VLOSE non-profiling choices, and evidence to keep. - [DSA researcher data access for VLOPs and VLOSEs](/artifacts/eu/digital-services-act/researcher-data-access.md): Article 40 DSA guide to vetted researcher data access for VLOPs and VLOSEs: DSC requests, eligibility checks, amendment grounds, confidentiality, security, and evidence records. - [DSA service tier classifier for platforms, marketplaces, VLOPs and VLOSEs](/artifacts/eu/digital-services-act/service-tier-classifier-workflow.md): Classify a digital service under the EU Digital Services Act as intermediary, hosting, online platform, marketplace, VLOP or VLOSE, with EU recipient-count evidence and obligation outputs. - [DSA statement of reasons FAQ](/artifacts/eu/digital-services-act/faq/statement-of-reasons.md): When DSA statements of reasons are required, what they must contain, when online platforms submit them to the DSA Transparency Database, and what appeal records to keep. - [DSA statement of reasons log workflow for online platforms](/artifacts/eu/digital-services-act/statement-of-reasons-log-workflow.md): Build a DSA statement of reasons log for moderation decisions, Transparency Database submission, complaint links, retention, and QA controls. - [DSA transparency report template fields and cadence](/artifacts/eu/digital-services-act/dsa-transparency-report-template.md): A source-grounded template outline for Digital Services Act transparency reports, covering applicable service tiers, reporting periods, CSV/XLSX format, retention, statement-of-reasons links, and required evidence tables. - [DSA Transparency Reporting Obligations by Provider Tier](/artifacts/eu/digital-services-act/transparency-reporting.md): A grounded guide to EU Digital Services Act transparency reports, active-recipient publication, statements-of-reasons submissions, VLOP/VLOSE reports, templates, cadence, and evidence. - [DSA VLOP and VLOSE Risk Assessments and Mitigation Guide](/artifacts/eu/digital-services-act/risk-assessments-and-mitigation.md): Grounded guide to Digital Services Act systemic risk assessments, mitigation measures, audits, transparency reports, data access, and governance evidence for VLOPs and VLOSEs. - [DSA VLOP Audit Pack Workflow: Risk, Mitigation, Audit, and Transparency Records](/artifacts/eu/digital-services-act/vlop-audit-pack-workflow.md): Build a DSA VLOP or VLOSE audit pack covering Article 34 risk assessments, Article 35 mitigations, independent-audit evidence, transparency reports, data access, and compliance governance. - [DSA VLOP Risk Assessment FAQ: Article 34, Mitigation, Audits](/artifacts/eu/digital-services-act/faq/vlop-risk-assessment.md): What VLOPs and VLOSEs must assess under the EU Digital Services Act, when to reassess, how Article 35 mitigation and annual audit evidence fit together, and what records to keep. - [DSA vs DMA Platform Rules](/artifacts/eu/digital-services-act/dsa-vs-dma.md): Compare the EU Digital Services Act and Digital Markets Act by scope, designation thresholds, obligations, enforcement, evidence, and practical team ownership. - [DSA vs GDPR: online-platform governance and personal-data obligations](/artifacts/eu/digital-services-act/dsa-vs-gdpr.md): Compare the EU Digital Services Act and EU GDPR by scope, ads, recommenders, minors, transparency, complaints, enforcement, and evidence. - [DSA vs P2B Regulation: EU platform obligations compared](/artifacts/eu/digital-services-act/dsa-vs-p2b.md): Compare the EU Digital Services Act with the Platform-to-Business Regulation for platform scope, business-user terms, content moderation, ranking transparency, complaints, enforcement, and evidence. - [DSA vs Terrorist Content Online Regulation: notice-and-action vs removal orders](/artifacts/eu/digital-services-act/dsa-vs-terrorist-content-online-regulation.md): Compare DSA content-governance duties with the EU Terrorist Content Online Regulation removal-order workflow for scope, timing, evidence, authorities, and team ownership. - [EU Digital Services Act checklist for platforms and hosting services](/artifacts/eu/digital-services-act/checklist.md): A grounded DSA checklist for classifying service tiers, notice-and-action, statements of reasons, complaints, transparency reports, ads, recommenders, trader traceability, VLOP/VLOSE duties, and evidence records. - [EU Digital Services Act Compliance Guide](/artifacts/eu/digital-services-act/compliance.md): DSA compliance guide for intermediary services, hosting providers, online platforms, marketplaces, and VLOP/VLOSE teams: obligations, controls, and evidence to keep. - [EU Digital Services Act FAQ: DSA scope, platform duties, VLOPs, reports, and penalties](/artifacts/eu/digital-services-act/faq.md): Concise EU Digital Services Act FAQ covering intermediary-service scope, active-recipient thresholds, illegal-content notices, statements of reasons, trader traceability, recommender transparency, systemic-risk duties, reporting, penalties, and complaints. - [EU Digital Services Act penalties and fines: caps and enforcement roles](/artifacts/eu/digital-services-act/penalties-and-fines.md): DSA penalty caps and enforcement roles: Member State fines, Commission fines for VLOPs and VLOSEs, 1% procedural fines, and 5% periodic penalty payments. - [EU Digital Services Act requirements by service tier](/artifacts/eu/digital-services-act/requirements.md): Overview of DSA obligations for intermediary services, hosting providers, online platforms, marketplaces, VLOPs and VLOSEs, including notices, complaints, ads, transparency reports, audits, data access and enforcement. - [EU Digital Services Act service types and scope](/artifacts/eu/digital-services-act/service-types-and-scope.md): Classify DSA service scope across mere conduit, caching, hosting, online platforms, marketplaces, online search engines, and VLOP/VLOSE threshold duties. - [EU DSA deadlines and compliance calendar: application dates, reporting cycles, and VLOP clocks](/artifacts/eu/digital-services-act/deadlines-and-compliance-calendar.md): Calendar view of grounded EU Digital Services Act dates: full application, user-number publication, VLOP/VLOSE designation clocks, statements of reasons, and transparency reporting cycles. - [EU DSA Transparency Calendar: reporting, SoR database, AMAR updates](/artifacts/eu/digital-services-act/transparency-calendar.md): Build a DSA transparency calendar for annual reports, statement-of-reasons database submissions, active-recipient updates, and VLOP/VLOSE audit touchpoints. - [EU DSA vs UK Online Safety Act: scope, duties, regulator, and evidence](/artifacts/eu/digital-services-act/dsa-vs-uk-online-safety-act.md): Compare the EU Digital Services Act and UK Online Safety Act for platform scope, risk assessments, child protection, transparency, regulators, enforcement, and owners. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-services-act/minors-protection