UK Votes to Ban VPNs for Under-18s: Child VPN Prohibition 2026
Disclosure: This article contains affiliate links. We may earn a commission at no extra cost to you.
The UK just took a major step toward banning VPN services for anyone under 18. On January 21, 2026, the House of Lords passed an amendment to the Children's Wellbeing and Schools Bill that would prohibit VPN providers from offering their services to minors.
The "child VPN prohibition" passed with 207 votes in favor and 159 against. The explicit goal: prevent children from using VPNs to bypass the UK's age verification requirements under the Online Safety Act.
This isn't a surprise. We warned about this exact scenario just days ago. When the UK implemented age verification for adult websites in July 2025, VPN usage surged 1,400%. Now the government wants to close that "loophole" by making VPNs age-restricted too.
Not law yet: The amendment passed the House of Lords but must still pass the House of Commons. The government has not expressed support for this specific amendment, though they back the broader bill.
What the Amendment Actually Says
The amendment creates a new clause requiring the Secretary of State to implement regulations prohibiting VPN providers from serving UK children. Here's the key language from Hansard (the official parliamentary record):
From Clause 92:
"The Secretary of State must, for the purpose of furthering the protection and wellbeing of children, make regulations which prohibit the provision to UK children of a relevant VPN service."
Key Definitions
The amendment defines several critical terms:
| Term | Definition |
|---|---|
| Child | A person under the age of 18 |
| UK child | Any child who is in the United Kingdom |
| Relevant VPN service | A service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet |
| Consumer | A person acting otherwise than in the course of a business |
Notice the age cutoff: under 18. This is higher than the social media ban amendment (which targets under-16s) and covers a wider age range.
What VPN Providers Must Do
The amendment requires VPN providers to implement "age assurance which is highly effective at correctly determining whether or not that person is a child" before allowing access.
The law would apply to any VPN service that is:
- Offered or marketed to persons in the United Kingdom
- Provided to a significant number of persons
This means international VPN providers with UK users could fall under the regulation, not just companies headquartered in Britain.
Enforcement by OFCOM
OFCOM (the UK's communications regulator) would be responsible for:
- Producing guidance for VPN providers
- Monitoring compliance
- Enforcing the prohibition
The amendment requires regulations to include provisions for "monitoring and effective enforcement." This could mean website blocking, fines, or other penalties for non-compliant providers.
The Social Media Ban Also Passed
The VPN amendment wasn't the only significant vote. The Lords also passed an amendment calling for a social media ban for under-16s, with 261 votes in favor and 150 against.
However, there's a key difference: the social media ban does not have government support. The UK government has indicated it will not back this amendment when it reaches the House of Commons.
The VPN ban, by contrast, has not received a clear rejection from the government. Its stated purpose, preventing circumvention of the Online Safety Act, aligns with the government's broader policy goals.
| Amendment | Age | Vote | Government Support |
|---|---|---|---|
| Social Media Ban | Under 16 | 261-150 (passed) | No |
| VPN Prohibition | Under 18 | 207-159 (passed) | Unclear |
Why This Is Happening: The VPN "Problem"
The amendment's explanatory statement makes the rationale explicit:
Official justification:
"This new clause would require the Secretary of State to take action to promote and protect children's wellbeing, and to further support child protective measures in the Online Safety Act, by prohibiting the provision to children in the United Kingdom of VPN services which can facilitate evasion of OSA age-gating processes."
In plain English: VPNs let people bypass age verification. The UK spent years building an age verification system. Now they want to eliminate the most popular workaround.
The July 2025 VPN Surge
When the UK's age verification requirements went live in July 2025, VPN adoption exploded:
- Before: ~650,000 daily VPN users in the UK
- Within hours: 1,400% surge in VPN signups
- By August: 1.5 million daily VPN users
- Current: ~900,000 daily users (still 38% higher than before)
From the government's perspective, this represents a massive failure of the age verification regime. From a privacy perspective, it shows people choosing to protect their data rather than submit to surveillance.
How VPN Age Verification Would Work
The amendment doesn't specify exact verification methods, but based on existing UK age verification technology, providers would likely need to implement:
Option 1: ID Verification
Upload passport or driver's license to a third-party verification service. This is the most reliable method but requires users to share government ID with a commercial entity.
Option 2: Facial Age Estimation
AI-powered selfie analysis to estimate whether the user is over 18. This is less accurate and can be fooled, as we've seen with age verification on other platforms.
Option 3: Credit Card Verification
Require payment from a credit card (not debit), as UK credit cards require holders to be 18+. This excludes people who don't have credit cards.
Option 4: Mobile Network Verification
Verify age through mobile carrier records. This requires partnership with telecom companies and doesn't work for users on prepaid SIMs or fixed connections.
Privacy concern: Every verification method creates a record linking your identity to your VPN usage. This defeats much of the purpose of using a VPN for privacy.
Can This Even Be Enforced?
The practical challenges of enforcing a VPN ban are significant:
International Providers
Most popular VPN providers are headquartered outside the UK. NordVPN is in Panama, ExpressVPN in the British Virgin Islands, Mullvad in Sweden. Forcing compliance requires international cooperation or UK-specific blocking.
Technical Circumvention
VPNs are designed to bypass restrictions. Users can:
- Use VPN servers that aren't blocked
- Switch to obfuscated protocols that disguise VPN traffic
- Use SSH tunnels, Tor, or other privacy tools
- Access VPNs through proxy chains
The Whack-a-Mole Problem
Every time a circumvention method is blocked, new ones emerge. China has spent billions trying to block VPNs and hasn't succeeded. The UK's resources are considerably more limited.
Business VPNs Excluded
The amendment specifically excludes business VPNs (the definition covers services provided to "consumers" acting "otherwise than in the course of a business"). This creates a potential loophole and enforcement complexity.
The Bigger Pattern: Scope Creep
This amendment demonstrates exactly the pattern we warned about in our previous article on UK age verification:
- Step 1: Implement age verification for adult content (July 2025)
- Step 2: Observe that people use VPNs to bypass it
- Step 3: Propose age verification for VPNs (January 2026)
- Step 4: When that fails, propose banning Tor? Encrypted DNS? Private browsing?
The UK's Children's Commissioner had already called for age verification on VPNs. Now it's official policy being voted on in Parliament.
Once the infrastructure for age-gating VPNs exists, extending it to other privacy tools becomes trivial. The endpoint of this logic is an internet where anonymous access is impossible.
What This Means for Privacy
If the VPN prohibition becomes law, the privacy implications extend beyond children:
For Under-18s
- Loss of privacy tools during formative years
- Reduced ability to research sensitive topics privately
- Exposure to ISP-level monitoring
- Vulnerability on public WiFi networks
For Everyone
- Normalization of age verification for privacy tools
- VPN providers collecting ID documents
- Precedent for further restrictions
- Reduced trust in UK-marketed VPN services
For VPN Providers
- New compliance costs and complexity
- Potential liability for failing to verify ages
- Conflicting requirements across jurisdictions
- Some may exit the UK market entirely
Protect your privacy now: The law isn't in effect yet. Establish your VPN usage before potential restrictions. NordVPN is headquartered in Panama and has a strong track record of protecting user privacy.
Common Questions
Is the UK VPN ban for children already in effect?
No. The amendment passed the House of Lords on January 21, 2026, but must still pass the House of Commons before becoming law. Even then, the government has 12 months to implement the regulations.
What age does the UK VPN ban apply to?
The "child VPN prohibition" defines a child as anyone under 18 years old. This is stricter than the social media ban (under 16).
Will VPN providers be required to implement age verification?
Yes, if the law passes. Providers must apply "age assurance which is highly effective at correctly determining whether or not that person is a child."
Can VPN providers outside the UK ignore this law?
Technically, but with consequences. The law applies to any VPN "offered or marketed to persons in the United Kingdom." Providers could face blocking or other enforcement if they don't comply.
Will adults still be able to use VPNs in the UK?
Yes. The prohibition only targets providing VPNs to minors. However, adults may need to verify their age with providers that implement compliance measures.
What Happens Next
The amendment now goes to the House of Commons, where it will face another vote. Key factors to watch:
- Government position: Will the government actively support, oppose, or remain neutral?
- Tech industry lobbying: VPN providers and privacy advocates will push back
- Public reaction: The 400,000+ signatures against the Online Safety Act show significant opposition exists
- Implementation details: How strict will the age verification requirements be?
If passed, the Secretary of State has 12 months to create the implementing regulations. OFCOM would then need to develop guidance for providers.
How Can You Protect Yourself?
Whether you're an adult concerned about privacy or want to understand your options:
1. Establish VPN Usage Now
If you're over 18 and value privacy, set up a VPN before potential restrictions take effect. NordVPN offers strong encryption and servers in 60+ countries.
2. Verify Your Connection
After connecting, check that your VPN is working correctly:
- Check your IP at myip.foo
- Test for DNS leaks
- Test for WebRTC leaks
3. Block WebRTC
WebRTC can leak your real IP even with a VPN. Install our free WebRTC Blocker extension.
4. Stay Informed
Follow the bill's progress through Parliament. Contact your MP if you oppose the amendment.
Conclusion
The UK House of Lords voting to ban VPNs for under-18s represents a significant escalation in the government's approach to online age verification. The explicit goal is to prevent circumvention of the Online Safety Act, effectively closing the VPN "loophole" that millions of UK users rely on.
Key takeaways:
- Amendment passed 207-159 in the House of Lords (January 21, 2026)
- Defines "child" as under 18 (stricter than social media ban)
- Requires VPN providers to implement "highly effective" age verification
- OFCOM would enforce compliance
- Must still pass House of Commons to become law
- Applies to any VPN "offered or marketed" to UK persons
This is exactly the scope creep privacy advocates warned about. First age verification for adult content, then for social media, now for the tools people use to protect their privacy. The pattern is clear, and the endpoint is an internet where anonymous access requires increasingly sophisticated technical knowledge.
Take action:
- Check your current exposure at myip.foo
- Get a VPN like NordVPN
- Test for leaks: DNS and WebRTC
- Install our free WebRTC Blocker
The fight for internet privacy is ongoing. Stay informed, protect your data, and make your voice heard.
Sources
- Hansard: Children's Wellbeing and Schools Bill Debate (January 21, 2026)
- myip.foo: UK Considers Social Media Ban for Under-16s
- Malwarebytes: VPN use rises following Online Safety Act