Italy’s online safety framework combines EU law, national audiovisual and data-protection legislation, and a steadily tightening policy focus on age assurance and the protection of minors online. Italy has been particularly active on pornography access controls and on enforcing age-related duties through its data protection authority.
National legal framework and regulators
Italy regulates online content and platform safety primarily through audiovisual law and data protection law.
The main sector regulator for media and platforms is AGCOM (Autorità per le Garanzie nelle Comunicazioni). AGCOM supervises audiovisual media services and video-sharing platforms under Italian law transposing the Audio-visual Media Services Directive.
AGCOM’s remit includes ensuring that platforms adopt appropriate measures to protect minors from harmful content, including pornography and content likely to impair children’s physical, mental, or moral development.
Data protection oversight sits with the Garante per la protezione dei dati personali, which plays a central role in online child-safety enforcement in Italy.
GDPR and children’s data in Italy
Italy applies the EU General Data Protection Regulation (GDPR) directly.
Under Italian law, the digital age of consent is 14, meaning that children under 14 cannot validly consent to the processing of their personal data without parental authorisation.
This has practical implications for online services:
• Services relying on consent must be able to determine whether users are at least 14
• Platforms that do not know a user’s age cannot safely assume valid consent
• Processing of children’s data requires heightened safeguards and risk assessment
The Garante has repeatedly taken enforcement action where platforms failed to take adequate steps to protect minors’ data or relied on weak age-declaration mechanisms.
Digital Services Act (DSA) and Italy’s role
The EU Digital Services Act (DSA) applies directly in Italy.
Italy has designated AGCOM as its Digital Services Coordinator, responsible for supervising and enforcing DSA obligations alongside other competent authorities, including the Garante.
Under Article 28 DSA, platforms likely to be accessed by minors must take appropriate and proportionate measures to protect children, including addressing harmful content, unsafe design features, and risks arising from recommender systems.
In practice, Italian regulators increasingly expect platforms to demonstrate how children are protected, not merely to state policies or rely on parental controls.
Pornography and mandatory age verification
Italy has taken some of the strongest enforcement action in Europe on age verification for pornography.
The Garante has issued binding orders requiring major adult content platforms to implement robust age-verification systems to prevent access by minors. These orders make clear that:
• Simple self-declaration is insufficient
• Weak or easily circumvented measures do not meet legal standards
• Platforms must adopt systems that are effective in practice
Italy’s approach has been influential at EU level and is often cited as an example of how GDPR, child-protection principles, and audiovisual rules can be combined to mandate age assurance.
Social media, minimum age, and age assurance
Italian law already sets a minimum age of 14 for valid data-processing consent under GDPR. However, Italian authorities have gone further in scrutinising social media platforms whose terms require users to be older but where enforcement is weak.
The Garante has taken action against platforms where under-14s were able to register and be profiled without effective age checks, making clear that:
• Terms and conditions alone are not enough
• Platforms must take reasonable steps to verify age where risks to children are foreseeable
There has also been sustained political and regulatory discussion in Italy about strengthening age-assurance obligations for social media, particularly following high-profile cases involving harm to minors online.
Interaction between national and EU law
Italy’s online safety regime operates through the interaction of:
• National audiovisual and media regulation enforced by AGCOM
• GDPR enforcement by the Garante, particularly on children’s data
• The DSA’s EU-wide platform safety framework
Italian authorities have shown a willingness to use data protection law as a primary enforcement lever to achieve child-safety outcomes, even where sector-specific online safety legislation is less explicit.