Ireland's Online Safety Code

The Online Safety Code is the set of binding rules adopted by Coimisiún na Meán, Ireland's media regulator, to govern video-sharing platforms headquartered in Ireland. It was finalised in October 2024 and the age-assurance provisions came into force on 21 July 2025. The Code has significant consequences for users in Ireland and for the platforms operating from here. This page explains what's in it, who it applies to, what age verification now requires, and the unprecedented step Ireland is considering on mandatory state-app-based age checks.

The short version

• The Code is binding, not voluntary. Penalties for breach: up to €20 million or 10% of annual turnover, whichever is greater.
• It applies to Video-Sharing Platform Services (VSPS) with their EU headquarters in Ireland — which includes most major social-video platforms because of Ireland's EU-HQ density.
• Age assurance to prevent children encountering pornography or gratuitous violence is mandatory. Self-declaration ("tick if over 18") is explicitly not sufficient.
• Ireland is the first country in the world planning to require its government-issued digital ID app for age verification on social-media platforms.

Who Coimisiún na Meán is

Coimisiún na Meán (CNAM) is the Irish media regulator established in 2023, replacing the former Broadcasting Authority of Ireland (BAI). It is responsible for both broadcasting standards and, under the Online Safety and Media Regulation Act 2022, online safety regulation. CNAM's website is cnam.ie. The Online Safety Commissioner sits within CNAM.

What the Code requires

The Code covers a long list of obligations; the ones that matter most to ordinary users are:

• Age assurance for pornography and gratuitous violence content — must be in place; self-declaration is explicitly disallowed.
• Content moderation against incitement to hatred, terrorism, child sexual abuse material (CSAM), and other harmful content.
• Complaint mechanisms — platforms must offer users a clear way to flag content and receive a response.
• Transparency reporting — platforms must publish data on the volume and outcomes of moderation decisions.
• Default protections for minor accounts — privacy and recommender-system safeguards by default for users under 18.

What age verification now means in practice

"Age assurance" is the umbrella term; "age verification" is a specific subset. For pornography and gratuitous violence the Code requires age verification (a higher bar than estimation). Approved methods include:

• Document verification — uploading a government-issued ID.
• Facial age estimation — an algorithm estimates age range from a selfie; passes the user only if confidently over 18.
• Mobile-number-linked verification — established age verified by a carrier or by a payment-card account-holder check.
• Digital identity attributes — including, in the planned future state, the EUDI Wallet or the MyGovID-based government age-assurance app.

Major vendors active in Ireland include Yoti, Persona, Veriff, and OneID. PlayStation announced in 2026 that age verification for UK and Ireland accounts would be carried out by Yoti from June 2026. X has implemented age checks for Irish users under the Code. The full vendor landscape will be covered in our age-verification explainer.

The unprecedented part

Ireland is the first country planning to require its own state digital-identity app for age assurance on social-media platforms. Communications Minister Patrick O'Donovan confirmed in early 2026 that age assurance for age-restricted online content will run through a government-developed wallet app based on MyGovID infrastructure, with mandatory installation for users who want to use age-restricted services. This is being developed in parallel with the EUDI Wallet.

The civil-society response has been sharply critical. The Irish Council for Civil Liberties (ICCL) and Digital Rights Ireland (DRI) have publicly questioned whether requiring a government-controlled app to access social media is compatible with the Charter of Fundamental Rights and with the principle of internet access not being conditional on state ID. Several legal commentators have described the plan as "veering into authoritarianism" — see Online Safety Code criticism for the full debate.

Penalties and enforcement

The Code is enforced by CNAM. Maximum penalty is €20 million or 10% of global annual turnover, whichever is greater, with daily fines available for ongoing non-compliance. CNAM has the power to:

• Open formal investigations of platforms it believes are in breach.
• Issue compliance notices.
• Apply financial penalties.
• In serious cases, seek blocking orders through the courts.

As of mid-2026 CNAM has opened several inquiries; no penalties of the maximum scale have yet been levied.

How this connects to EUDI Wallet and MyGovID

The Online Safety Code's age-assurance requirement is the most concrete near-term reason most adults in Ireland will encounter the state digital-identity stack on a recurring basis. If the planned MyGovID-based age-assurance app becomes mandatory for accessing adult content on EU-HQ'd platforms, it changes the relationship between citizens and the state digital identity from "occasional service-access" to "everyday gatekeeper". That is the policy debate to watch.

How to follow this story

CNAM publishes designations and enforcement actions on its website. We publish plain-English summaries within 24 hours of each CNAM action. Subscribe to the MyID newsletter for the digest.

Related explainers

• Age verification for adult content — what's actually required.
• MyGovID — the foundation of the planned mandatory age-assurance app.
• EUDI Wallet — the EU-wide infrastructure that overlaps with Irish age-assurance plans.
• Live issues — current controversies, including the Code's debated provisions.