Mozilla, ExpressVPN, and other major companies send warning letter to Starmer
Key Points
- A coalition of 19 tech companies and civil society organisations has written a joint statement warning UK ministers against expanding age verification across the internet
- Signatories include Mozilla, ExpressVPN, the Tor Project, Proton and the Open Rights Group
- Proposals under consultation could require identity checks for VPNs, video games, social media and even static websites
- The coalition argues age gates fail to address surveillance-based advertising models that drive online harms
- Smaller and volunteer-run services may be unable to afford compliance, further entrenching big tech dominance
A coalition of 19 tech companies and civil society organisations has written to UK ministers, warning that proposed age-verification measures threaten to fragment the open internet and pose privacy risks for every user.
Signatories of the joint statement include Mozilla, ExpressVPN, the Tor Project, Proton, the Open Rights Group, Big Brother Watch, the Electronic Frontier Foundation, and the Internet Society.
The group is responding to the government consultation on online harms that follows the passage of the Children’s Wellbeing and Schools Bill, which gives ministers the power to determine which platforms and features must sit behind age gates.
The statement comes as ministers consult on which online platforms and features should be placed behind age verification systems.
Proposals under consideration include curfews for young users and sweeping restrictions on access to internet services ranging from video games and VPNs to static websites.
The signatories argue that even targeted age restrictions of specific features could mean all users must complete intrusive age assurance processes to retain full access.
Such proposals would in practice require every internet user to verify their age, creating significant privacy and data security risks, including for young people, as shown by the serious breaches of UK users’ government ID data following the Online Safety Act rollout.
The expansion of age verification risks entrenching the dominance of major app stores and platform gatekeepers, the signatories argue, turning the web into a patchwork of age-gated jurisdictions rather than a globally accessible resource.
The letter notes that existing age assurance technologies are either insufficiently accurate, undermine privacy and data security, or are not widely available across populations.
Fixing the root causes vs the symptoms
The statement urges UK policymakers to adopt thoughtful policy interventions that address the root cause of online harms: the business models of large platforms, which depend on extensive data collection, behavioural targeting, and engagement-maximising design.
The signatories argue that platforms design most online spaces to extract value rather than serve users’ rights and choices, harvesting user data to target, lock in, and surveil their audiences.
“Over the last year, policies to prevent children from accessing pornography have been grown to the extent that we could need to provide ID in order to access social media, games and apps or use everyday features such as livestreams or feeds. The massive expansion of online ID systems put both children and adults’ sensitive data at risk,” said James Baker, Platform Power Programme Manager at Open Rights Group.
“It also fails to address the structural problems that cause online harms, such as surveillance-driven advertising models and the dominance of a small number of Big Tech platforms. Expanding age verification will entrench the dominance of large tech companies, and harm small and volunteer-run services who may not be able to afford to comply.”
What this means for UK internet users
For consumers, the practical implication is that activities currently performed without identification, including browsing static websites, using a VPN, accessing video game services, or watching livestreams, could soon force users to hand over government ID or biometric data to a third-party verification service.
The signatories warn that this places the burden of compliance on providers and creates fresh security exposure for users whose identity documents are scanned, stored, or transmitted in the verification chain.
Smaller services are particularly exposed. Volunteer-run forums, independent publishers, and niche platforms face the same compliance obligations as global tech firms, but without the resources to absorb the cost.
The signatories warn that this risks consolidating user activity onto the largest platforms, the same gatekeepers the legislation originally targeted.
The coalition has offered to work with policymakers on what it describes as effective and proportionate measures that protect children while preserving the rights of every user to access information and services online.
You can read the full letter here.
