House of Lords Votes to Ban UK Children from Using Internet VPNs
Last week saw the House of Lords pass a vote that would, if approved by the Government, introduce an amendment to the Children’s Wellbeing and Schools Bill (CWSB) that aims to “prohibit the provision” of Virtual Private Network (VPN) services to children (under 18s) in the UK. The goal is to stop children allegedly using VPNs to bypass age verification systems.
According to the details on the Conservative-led amendment (92) page: “This new clause would require the Secretary of State to take action to promote and protect children’s wellbeing, and to further support child protective measures in the Online Safety Act, by prohibiting the provision to children in the United Kingdom of VPN services which can facilitate evasion of OSA age-gating processes.”
The amendment itself passed with 207 votes in favour and 159 against (here), with the majority of yes votes coming from the Conservative Party and the majority of the no votes coming from the Labour Party. Crucially, this suggests that the amendment, at least in its current form, is currently opposed by the party of Government and so may struggle to survive once the Bill is returned to the House of Commons.
Advertisement
Part of the reason for the government’s objection is that they’re separately consulting on some of these issues and have yet to reach a conclusion. The government have previously expressed that there are “no current plans to ban the use of VPNs“, although that doesn’t mean to say they won’t try to impose age-based restrictions on them.
Amendment text
After Clause 27
insert the following new Clause—
“Action to prohibit the provision of VPN services to children in the United Kingdom(1) Within 12 months of the day on which this Act is passed the Secretary of State must, for the purpose of furthering the protection and wellbeing of children, make regulations which prohibit the provision to UK children of a relevant VPN service (the “child VPN prohibition”).
(2) Regulations under subsection (1)—
(a) may make provision for the provider of a relevant VPN service to apply to any person seeking to access its service in or from the UK age assurance which is highly effective at correctly determining whether or not that person is a child;
(b) must apply the child VPN prohibition to the provider of any relevant VPN service which is, or is likely to be—
(i) offered or marketed to persons in the United Kingdom;
(ii) provided to a significant number of persons;(c) must make provision for the monitoring and effective enforcement of the child VPN prohibition.
(3) OFCOM may produce guidance for providers of relevant VPN services to assist them in complying with the child VPN prohibition.
(4) A statutory instrument containing regulations under subsection (1) may not be made unless a draft of the instrument has been laid before and approved by a resolution of each House of Parliament.
(5) For the purposes of this section—
“child” means a person under the age of 18;
“consumer” means a person acting otherwise than in the course of a business;
“relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;
“UK child” means any child who is in the United Kingdom.”
The focus on children above does however ignore that it may be mostly adults driving VPN usage to bypass age verification. Many adults do not want to have to share their private personal or financial details with unknown and unregulated third-party age verification providers, particularly when those services are associated with porn peddlers. The infamous Ashley Madison hack showed just how dangerous such information could be in the wrong hands (blackmail and suicide etc.).
The regulator’s CEO, Dame Melanie Dawes, also revealed last year (here) that, “following the 25th July deadline we saw a spike in [VPN] use – with UK daily active users of VPN apps temporarily doubling to around 1.5 million. However, usage has since plateaued, and has now fallen back to around 1 million by the end of September“.
All of this is before we touch on the potentially far-reaching and unintended consequences of enforcing age verification on VPNs, which are also legitimate tools for businesses, journalists and to help protect people (security) when abroad or on public networks etc. Many such VPNs can be deeply integrated into modern protection and network optimisation systems, often acting seamlessly in the background, thus a blanket requirement risks being extraordinarily disruptive. But some politicians do understand this.
Advertisement
Lord Knight of Weymouth (Labour)
“Children may also turn to VPNs, which would then undermine the child safety gains of the Online Safety Act. The VPN amendment of the noble Lord, Lord Nash, tries to address this, but age-gating VPNs may be extremely problematic. My phone uses a VPN, following a personal device cyber consultation offered by this Parliament. VPNs can make us more secure, and we should not rush to deprive children of that safety. A blunt, blanket ban—it is a struggle not to call it a Blunkett ban—would also deny young people the positives of some of the less addictive social media.
Young people will continue to want to connect with each other. They will want to share music, their photos and videos, and their creative content. I was of the mixtape generation, now replaced by the shareable playlist. Young entrepreneurs will want to market their products: will they have to use an adults account on an adult’s phone, and be exposed to the risks of adult content as a result?
When I speak to young people in my capacity as president of Young Citizens, I am struck by how well informed they are. They find out what is going on in the world through social media. Is it right that we lower the voting age to 16 and simultaneously prevent access to news for 15 year-olds when we want them to become well informed?
The arguments for doing something urgent and meaningful about the dangers to children of social media are compelling, but so are the arguments for doing it in a more sophisticated way.”
The reality is that, whatever the government decides, children who go seeking access such systems and content will always find a way to circumvent any measures that are introduced – just as they always have done (e.g. people can create their own VPNs). Instead, it often ends up being the innocent and harmless online services and security systems that could be hurt the most by the sledgehammer approach to age-gated internet censorship.
Please note that we won’t be able to approve any comments on this news article that appear to directly promote specific VPN services, due to the risk that this could clash with the government’s recent warnings about such promotions (here).
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« CBNG Launch UK Next Gen 5G-based Fixed Wireless Broadband Platform
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message and display names can be almost anything you like (provided they do not contain offensive language or impersonate a real person's legal name). By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Utter despair, these out of touch dinasours have not one clue. You can literally find porn sites within 10 seconds that don’t have age ckecks and so don’t need a VPN either. If it takes me that long kids will have no problem. There will always be sites that don’t enforce it, you can’t police the whole internet and that’s what they don’t get, it’s impossible. Education is the key, not placebo measures.
Agree 100%. The whole thing is laughable. These dinosaurs have no idea what internet is or how it works…
No legitimate VPN is going to be able to comply with what is being asked without going against their principles. This is a VPN ban by proxy. And that’s before we discuss the incorrectly labelled “social media” ban for under 16s which is actually a user-to-user service ban for under 16s and has wide reaching consequences.
Not so sure about that. For a start paying by credit card is enough to verify age so most of us using a paid service won’t need to do anything else. Also by using a VPN you’re putting a _lot_ of trust in the VPN provider – at least the same as you put in your ISP – they’re not just some random website you’re accessing anonymously. If you don’t trust them with your credit card you should definitely not trust them as a VPN provider at all. So from a privacy perspective I’m not too bothered about it. However what it will do is prevent the reputable providers from offering a free tier. This will drive those unable or unwilling to pay by credit card (including children) to the disreputable VPNs who may have no respect for their users’ privacy – wouldn’t be the first time. Once again the government shows it has no idea what it is doing.
We must ban anonymous internet and privacy in its entirety. If you have nothing to hide you have nothing to fear.
That is why I am happy to share the password to my email, banking apps and IP cameras: “ladyPass$1234”
I agree that the innocent have nothing to hide. I too will share my contact details:
Anotato com. You can find out the rest from there. Also, I think we should repeal the Official Secrets Act. After all, the innocent have nothing to hide.
Welcome to distopian ‘United Kingdom!
This is done for the sole purpose of spying.
I’m all for banning under 16’s from social media which is the scurge of the world but this won’t achieve that as it’s totally unenforceable
So they’re wanting to access to VPNs, which is crazy in itself, but you can still go onto google, don’t bother to log in, and do an image search for whatever porn you want and it just pops up. Yet they claim this is to protect the kiddies and isn’t about digital surveillance at all. Yeah, right!
This is what happens when 99% of law makers have a degree in history or politics or law, and not a science GCSE amongst them.
Not only is a blanket VPN ban unrealistic, it’s easy to circumvent.
But that’s not the worst of it. The fact is the vast majority of porn sites require no age verification at all. There are literally millions of porn sites and the government is blocking less than 1% of them! So kids don’t even need a VPN, whether they are banned or not.
Good thing these VPN services are located outside of the UK and don’t have to obey UK law.
The thing is, people are going to be using VPN points that are outside of the UK, so are UK laws even applicable?
Ofcom seems to believe it can fine companies outside the UK, but it’s strangely resistant to doing so – probably because it would lose and that would set a precedent that would make others fear Ofcom less. It’s the same problem as GDPR. The EU can go after Meta because they have EU offices. Post Brexit, what could the UK do?
It seems that some organisations are simply unwilling to deal with the OSA (and who could blame them, it’s a minefield). So they just block the UK. Imgur is a good example. It’s likely that Ofcom wouldn’t prevail if they went to court in the US against the owners, but it would be expensive for all sides. It’s a modern-day chilling effect. Sad.
They don’t understand technology enough to write this, they will mess up the regulation wording so badly it will ban HTTPS.
If China can’t even ban vpn the UK hasn’t got a hope
That is true.
I chat to someone who lives in China and have done so for years, and they use a VPN.
“Labour MP Andrew Cooper supported the decision and highlighted the “risk” of children being driven into “less well-regulated spaces and into virtual private networks” following government restrictions.”… It seems Labour MPs do not know the difference between the DarkWeb and VPNs and they are going to potentially vote to ban VPNs thinking they are banning access to the dark web. This is the mentality of the people deciding laws over us.
“We must ban anonymous internet and privacy in its entirety. If you have nothing to hide you have nothing to fear”….Says the country who imprisoned more people for thought crimes in 2025 than Russia, North Korea, Saudi Arabia and China did all combined. Seriously, look it up
Would you care to specify your sources?
@Big Dave
He must have read Nineteen Eighty-Four just before bed and he’s dreamt about it and now thinks its reality.
No problem, just use a vpn to move your location outside the uk…
As mentioned in the article, the House of Lords doesn’t create legislation.
Nor does the government have a majority in the Lords, so this vote must have had cross party support.
Download your VPN of choice now before it’s too late.
I’d go further than that.
VeraCrypt, Bitchat, Signal, Tor, Whonix, etc.
I’d download everything now before it gets worse.
Farage might as well start choosing carpet and curtain pairings for No 10 at this point. It’s clear we’re on a one way path.
This is 100% being done with the pretext of more censorship in mind. No VPNs means no hiding from what you post online.
This is CCP level control being masked by “save the children” yet again.
Government transparency means you will be monitored – Europe’s North Koera
Did you 2 not read the article? I repeat “The amendment itself passed with 207 votes in favour and 159 against (here), with the majority of yes votes coming from the Conservative Party and the majority of the no votes coming from the Labour Party”.
True but Labour peers only voted against so the government can do its consultation and lead on the legislation. Let’s be under no illusion that they are actually against it.
How much do you do in the real world that is anonymous? Next to nothing, why should the online world be any different?
During Covid i’m aware of several schools that rolled out a requirement that required students to use a VPN to connect to their networks. These systems are still in use.
Nobody is on about banning VPN services like this, it’s the same misinformed hype when they say office workers won’t be able to use VPNs.
This has nothing to do with children, and everything to do with the government manufacturing scenarios where they will tell you ‘oh but if we had Digital ID’s this wouldn’t happen’.. They are just brining in state controlled Ai driven monitoring and censorship by the back door. They are very close to finalising legislation that will mean all messages are screened before being sent on any app. So your message will still have end to end encryption but it won’t matter as the governments Ai will have scanned it before the encryption is applied, to check it conforms.
I need to renew my driving licence as it’s about to expire and in order to do so I had to create a .gov account and to do that I had to download an app to verify who I am, and it had to scan both sides of my existing license. So if you have to do the same with a random website sod that! Holding that information on you! It is a recipe for disaster and a hackers wet dream…
May as well rename the UK to China 2.0..
You know you could have gone to the Post Office instead?
Your other comments regarding the AI and government reading messages before sending is utter fairytale. Got a reliable source for it if you believe its true?
The unelected once again poking their noses in, time to get rid of House of Lords. The ones that are elected are no better
Parents should be keeping an eye on their kids, not the state.
Fed up of this Nanny state.
This is the last and final time Labour will ever win a election
And what about a 17 year old who may work in a small business or use a college VPN. The nativity of our ruling classes is astounding
It only applies to consumer use for accessing the internet, not to business use and not to consumer use into a private LAN.
From the legislation:
“relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;
“consumer” means a person acting otherwise than in the course of a business;
Whats next ? Their gonna lock up everyone in a cage soon.
I remember back when I was a teen in school we were constantly playing cat and mouse when it came to bypassing the filters to access flash games (showing my age here) and in some cases actual porn.
Guess what was their best solution in the end? Monitoring us in real time using some remote desktop software.
This was how the person watching the latter was caught despite the teacher being in a different room.
Yes it sounds orwellian, but whilst the ‘think of the children’ law might work with younger kids, once they’re old enough I expect them to see this as a challenge and/or worse use tools which can potentially lead to worse problems e.g. DDOS networks.
IMO restrictions/monitoring to ‘think of the children’ should be left on a device level or at worst a household level.
Absolute clowns.
Just like the misguided OSA, this will drive people towards using services that are non-compliant and of dubious integrity.
“It’s for the children” is getting old really fast.
Rather than the blithering 60+ year olds in the lords who struggle to operate a TV remote deciding on what is or isn’t harmful on the internet, how about we ask the 20-30 year olds, who have spent their entire childhood surrounded by it?
This can’t be true, I’ve never seen people that stupid.
For my two pennies worth (it won’t go far these days I know):
OSA should be repealed asap – bad legislation, even worse implementation.
Categorically no bans or interference with VPNs, encryption or other obfuscation technologies.
No verification processes for adults which require details to be handed over and retained by third parties (including government agencies). So many arguments against it, but a telecoms forum is not the place to outline the reasons, so I won’t.
In a free society I shouldn’t need to prove who I am, if anyone doubts it, they should provide a compelling case that I am not before I am required to even attempt to refute the allegation.
There are NO good arguments for protecting children by making adults significantly and permanently more vulnerable.
Prohibition has NEVER worked to prevent the participation of those targeted, at its most effective it drives the issue underground where it thrives without any kind of oversight, and at its least effective it is blatantly ignored.
We need to hold our representatives to account, and issue recall petitions for of them that supports such dangerous nonsense.
I have left banks over theirs poor implementation of MLR and KYC, many of whom adopted the sledgehammer ‘give us all your data’ approach. Unfortunately most people are too lazy or stupid to actually challenge them, which means we all suffer. The same will happen with OSA and the verification/digital ID scams (sorry, I obviously mean schemes).
I’m currently fighting government agencies over their current failings where an identity verified with one department isn’t sufficient for another because it’s only a partial match to their records. The role of government in this capacity is only to minimise risk by establishing reasonable certainty, not to impose their world view or fit everything into their badly designed checkboxes.
If both recent examples of bad ideas from government are anything to go by, the new regulations are going to be so much worse. I hope they’re building enough prisons to accommodate us all at the expense of their self inflicted dwindling economy.
This is a disgusting new step in dystopian europe
If porn was the issue then they would ban only fans. This is exactly the same spat with grok, if bikini photos are an issue then they would ban Photoshop which achieves the same thing
They want to take basic freedoms from people, it’s incredibly obvious to see. But hey somehow they will find some way to blame Donald Trump and the Jewish people
The critical piece of any legislation that might arise from this would be the method by which the age of the end user is determined.
I am also wondering how this would be enforced for automated systems making use of VPNconnections.
This is an awful idea.
We need a government to roll back the status quo on the Online Safety Bill and VPNs.
Think back to March-December 2007; VPNs were widely used, and nobody had an issue with them. The 14-year-olds who used them in March 2007 are now 33-year-olds who are competent at IT.
The truth is, there’s always a situation you’ll need a VPN in; I’ve found from testing ProtonMail runs faster on some VPNs and slower on your own ISP; or for accessing content that’s geoblocked.
As we’ve learnt from Mr. Robot, the dystopia created by governments is not worth it. I don’t endorse the hacking in that show but the point is there.
Incidentally, think of this; some workplaces have VPNs, for example, in my workplace, which is here in Leeds, our IP address shows up as Windsor, Ontario or Vancouver, British Columbia and the IP is a VPN but that’s who supplies our ISP provider, so see the problems it causes?
Also, VPN usage has been endorsed a lot the past few years – Sabrina Carpenter has said since 2020:
“Always use a VPN unless you’re doing the Amazon shop or online banking… you need to keep safe and a VPN is no silver bullet, but it’s damn good”.
This isn’t really about online safety for kids,it’s about bringing in the DIGITAL I.D, via the backdoor, and it’s happening in other countries too
Isn’t it funny that this is what “think of the children” always amounts to?
What ever happened to parents bothering to raise their kids? When did it become the government’s prerogative or that of society as a whole?
Another example of an incompetent government and upper chamber utterly divorced from reality, and technology.
Why do we let them get away with it?
Get rid of FPTP and let our votes actually represent us. Then maybe something can be done about the House of Lords to either make it more democratically representative, or scrap it.
One way or another, this nonsense comes about because of an apathetic society with its head buried in the sand.
It’s everyone else’s problem because we can’t raise our children well.
Surely we should be nationally embarrassed by this? I am.
Just use the Amazon Firestick, it loaded with mumerous VPNs to install,some with a free 10GB per month (Windscribe)
If you’re not paying for the product, you are the product.
As a former child myself, it’s quite easy to bypass these things. You can literally google “porn no Id” and it shows websites not requiring ID. Just google “VPN no id” after the law passed then same thing happens. Looks like it will be back to the old days soon where we’ll be buying The Sun just for Page 3 and buy material from “the man at the pub” or just find your dads tapes and magazines under his bed and use that. The government can never take my borderline-criminal imagination tho
So would this amendment, if successful, mean that children are not allowed to work from home (using a VPN client) or in an office/shop (with a site-to-site VPN)? This will require Labour to resurrect their digital ID plan again, no doubt only working on acceptable mobile phones that allow tracking.
Here’s a clean, strong post-style version — written so it reads naturally, hits emotionally, and still stands up technically. You can drop this straight onto LinkedIn, X, or a forum with no edits if you want.
⸻
The proposed UK approach to banning VPNs “by age” is not just flawed — it’s fundamentally illogical.
From a technical standpoint, it’s impossible to enforce.
VPNs are not just pieces of software. Many are hardware-based — built into routers, firewalls, and travel devices. Beyond that, any technically curious child can bypass restrictions using proxies, remote desktops, SSH tunnels, cloud machines, or even a simple browser-based environment.
At that point, enforcement becomes absurd.
To make this policy work, the government would have to keep banning:
• VPNs
• proxies
• Remote Desktop
• port forwarding
• cloud access
• self-hosting
• homelabs
• encrypted connections
In other words — they would have to ban learning how the internet actually works.
And that’s the real danger.
The children affected by this won’t be the vulnerable ones.
They’ll be the curious ones.
The ones experimenting, exploring, learning networking, security, infrastructure — the very skills the UK claims it desperately needs.
This approach doesn’t protect children.
It punishes intelligence.
What we’re seeing is 1970s-style censorship thinking being applied to a modern, decentralised network. The internet is not broadcast television. It cannot be controlled through central permission without destroying the very systems that make it function.
Worse still, once the principle is accepted that any tool which could be misused must be restricted, the logic never ends.
Encryption.
Privacy.
Anonymity.
Open-source software.
All become “suspicious”.
That’s not online safety — that’s pre-emptive behavioural control.
The real irony?
Most harmful content isn’t accessed through VPNs at all. It’s delivered openly by algorithms on mainstream platforms — the very systems policymakers avoid confronting because they’re politically difficult.
So instead, neutral infrastructure is targeted.
Tools are blamed.
Mathematics becomes the enemy.
A society does not protect its children by blinding them.
It protects them by teaching them how the world works — and trusting them to grow into it.
Your comment looks like it was written by AI, especially given the header.
I disagree about blocking – I think the Government already have the IP addresses of at least the most popular commercial VPNs, and so if they don’t comply they can instruct ISPs to block access to their IP addresses, or force the non-compliant VPN providers to geoblock the UK.
Obviously there will be a problem with the “anonymous” VPN providers who do not require any form of logon or where the logon details are randomly generated by the provider themselves. There’s also the problem of tourists or businesspeople visiting the UK, then finding that their VPN access is illegal because their provider is following the laws in the country where they signed up, but never mind.
“VPNs are not just pieces of software. Many are hardware-based — built into routers, firewalls, and travel devices.”
And what runs on that hardware? Yes, software.
You can get VPNs that are a part of the software installed on hardware. But there is no such thing as a hardware VPN.
Banning children from using a VPN is a waste of time and effort. The GMT seems to think that an age verification VPN is the way to go. Kids will find ways around this just as we did when we was kids.
The GMT needs to focus on more serious issues than banning kids from using a VPN. VPN’s are not just used for viewing illegal material or downloading things that your not supposed to, they act as a barrier so hackers find it more difficult to hack your network or device. Banning VPN’s for kids will open the floodgates for hackers to access their devices or did the dumb GMT not think of this.
So lets think about this properly, Kids are now unable to use a VPN on their device, Child traffickers and peodifiles can now access thier devices by hacking them and see all the information they need about that child.
This will make it easier for traffickers and sex offenders to harm that child because they have managed to get the childs ip address from some online activity and used the ip address to hack the device.
Now they have all the information they need , address , what school they go to , their age and sex.
Your devices these days logs or hold every bit of information about you that a hacker needs to either steal your identity or for other acts of crime.
This is what the GMT is opening up for children .
It should be down to the parents to police what their kids are doing online just like i did with my daugher when she was younger.
Yeah, I don’t think you understand how networking really works.
For starters, your devices sit on your private network and go through NAT. So even if a “hacker” did get your IP address, all they’d hit was your router. And in 99.9% of cases, ISP issued routers will have no public facing ports open anyway.
That’s before we get to CG-NAT as well. Or the fact that a good chunk of ISPs rotate public IPs on a regular basis.
Supposing they did get past your router and got a list of LAN IPs of the devices on your internal network. How exactly are they “hacking” these devices?
I imagine the vast majority of kids and teens use iOS or Android and not Windows, and whilst I’m not claiming they are bulletproof, saying that someone could somehow find your public IP (you never stated how the “hackers” are getting this initially btw) they then breached your router, then breached your device is pure nonsense.
Most hacks are done through social engineering or through public facing services, like websites. But as someone at home on their tablet wouldn’t be hosting anything public facing, this just wouldn’t happen.
Banning children from using a VPN is a waste of time and effort. The GMT seems to think that an age verification VPN is the way to go. Kids will find ways around this just as we did when we was kids.
The GMT needs to focus on more serious issues than banning kids from using a VPN. VPN’s are not just used for viewing illegal material or downloading things that your not supposed to, they act as a barrier so hackers find it more difficult to hack your network or device. Banning VPN’s for kids will open the floodgates for hackers to access their devices or did the dumb GMT not think of this.
So lets think about this properly, Kids are now unable to use a VPN on their device, Child traffickers and peodifiles can now access thier devices by hacking them and see all the information they need about that child.
This will make it easier for traffickers and sex offenders to harm that child because they have managed to get the childs ip address from some online activity and used the ip address to hack the device.
Now they have all the information they need , address , what school they go to , their age and sex.
Your devices these days logs or hold every bit of information about you that a hacker needs to either steal your identity or for other acts of crime.
This is what the GMT is opening up for children .
It should be down to the parents to police what their kids are doing online just like i did with my daughter when she was younger.
Always chasing symptoms and ignorance, facile, not getting to the problems to tackle.
Where are the Parents and their responsibilities? Rights have responsibilities, can’t deliver the responsibilities dont give/get the rights.
And whatever do children do when they are told ‘no’…
VPN – the P stands for Private – the Conservatives in the House of Lords are trying to make VPNs illegal for UK users. Without the Privacy it isn’t a VPN.