Fears grow that age verification coming to VPNs as a British research firm labels them a 'loophole' — one app developer saw downloads surge by 1,800% in just the first month after the UK's Online Safety Act took effect

Source: Tom’s Hardware

Impact on VPN Downloads

The European Parliamentary Research Service (EPRS) published a briefing paper describing VPN use as “a loophole in the legislation that needs closing,” as governments across Europe and the U.S. expand laws requiring platforms to verify users’ ages before granting access to adult content.

The paper noted a sharp spike in VPN downloads after enforcement began in the UK and several U.S. states. One app developer reported an 1,800 % increase in downloads during the first month after the UK’s Online Safety Act took effect.

Policy Responses

• United Kingdom: Some policymakers, including England’s Children’s Commissioner, have called for VPN services to be restricted to adults only.
• United States: In March, Utah became the first U.S. state to target VPN use in its age‑verification law when Governor Spencer Cox signed Senate Bill 73.

Technical Challenges

The EPRS paper acknowledges that current age‑assurance methods are “relatively easy for minors to bypass,” but it offers no technical workaround to prevent VPN circumvention. The only reliable method for identifying VPN protocol signatures—deep packet inspection at the network level—is not mentioned in the paper, highlighting a gap between policy intent and technical feasibility.

International Approaches

• France: Implements a “double‑blind” verification model where the adult platform learns only whether a user meets the age threshold, while the verification provider does not see which sites the user visits.
• California: Requires operating systems to collect age data at device setup. GrapheneOS has refused to comply with such laws.