# 欧盟在推动年龄验证的过程中，将VPN称为"需要堵上的漏洞"

- 来源：Hacker News 热门（buzzing.cc 中文翻译）
- 作者：muse900
- 发布时间：2026-05-09 15:59
- AIHOT 分数：18
- AIHOT 链接：https://aihot.virxact.com/items/cmoy2r4nu06kesllhbocaj8a0
- 原文链接：https://cyberinsider.com/eu-calls-vpns-a-loophole-that-needs-closing-in-age-verification-push

## AI 摘要

欧盟在推进在线年龄验证措施时，将虚拟专用网络（VPN）定性为“需要堵上的漏洞”。此举旨在防止未成年人通过VPN技术绕过针对访问成人内容或社交媒体平台的年龄限制。相关讨论指出，严格的年龄验证政策可能扩大对用户隐私和匿名浏览能力的监控与限制，引发对数字权利影响的担忧。

## 正文

EU calls VPNs “a loophole that needs closing” in age verification push

The European Parliamentary Research Service (EPRS) has warned that virtual private networks (VPNs) are increasingly being used to bypass online age-verification systems, describing the trend as “a loophole in the legislation that needs closing.”

The warning comes as governments across Europe and elsewhere continue expanding online child-safety rules that require platforms to verify users’ ages before granting access to adult or age-restricted content.

VPNs are privacy tools designed to encrypt internet traffic and hide a user’s IP address by routing connections through remote servers. While widely used for legitimate purposes such as protecting communications, avoiding surveillance, and enabling secure remote work, regulators are increasingly concerned that the same technology allows minors to circumvent regional age checks.

The EPRS notes that VPN usage surged after mandatory age-verification laws took effect in countries including the United Kingdom and several US states. In the UK, where online services are now required to prevent children from accessing harmful content, VPN apps reportedly dominated download charts after the law came into force.

Virtual private networks #VPN are increasingly used to bypass online age verification.Protecting children online is a priority, with new rules being implemented requiring a minimum age for access to some services Read👉 https://t.co/XKK8ACwgtf#DSA @EP_Justice @FZarzalejos pic.twitter.com/kqzqTVGkRI— European Parliamentary Research Service (@EP_EPRS) May 6, 2026

Virtual private networks #VPN are increasingly used to bypass online age verification.Protecting children online is a priority, with new rules being implemented requiring a minimum age for access to some services Read👉 https://t.co/XKK8ACwgtf#DSA @EP_Justice @FZarzalejos pic.twitter.com/kqzqTVGkRI

The document explicitly frames VPNs as a regulatory gap, stating that some policymakers and child-safety advocates believe VPN access itself should require age verification. England’s Children’s Commissioner has also called for VPN services to be restricted to adults only.

However, forcing users to verify their identity before accessing VPN services could significantly weaken anonymity protections and create new risks around surveillance and data collection. VPN providers and other privacy advocates have already expressed their objections to this approach in a letter sent to the UK policymakers.

Last month, researchers found multiple security and privacy flaws in the European Commission’s official age-verification app shortly after its release. The app, promoted as a privacy-preserving tool under the DSA framework, was discovered storing sensitive biometric images in unencrypted locations and exposing weaknesses that could allow users to bypass verification controls entirely.

The EPRS paper acknowledges that age verification remains technically difficult and fragmented across the EU. Current systems based on self-declaration, age estimation, or identity verification are described as relatively easy for minors to bypass. The report highlights emerging approaches, such as “double-blind” verification systems used in France, where websites receive only confirmation that a user meets age requirements without learning the user's identity, while the verification provider does not see which websites the user visits.

At the same time, regulators are beginning to address VPN use directly in legislation. Utah recently became the first US state to enact a law explicitly targeting VPN use in online age verification. The state’s SB 73 defines a user’s location based on physical presence rather than apparent IP address, even if VPNs or proxy services are used to mask it.

The EPRS suggests VPN providers may face increasing scrutiny as the EU revises cybersecurity and online safety legislation, noting that future updates to the EU Cybersecurity Act could introduce child-safety requirements aimed at preventing VPN misuse to bypass legal protections.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

More from CyberInsider

Misconfigured Tor hidden services leak IP addresses and server data

Researcher uses AI to hack Google and collect $500,000 in bounties

Google warns of Oracle PeopleSoft attacks hitting universities

Nexstar investigates potential breach after ShinyHunters claims theft of 1.1M Salesforce records

Hundreds of iPhone apps found leaking OpenAI, Gemini credentials

Coupang hit by massive $456 million fine for 2025 data breach incident

Alex Lekander is the Editor-in-Chief and owner of CyberInsider.com. With a passion for cybersecurity and privacy topics, Alex launched this website in 2020. His background and expertise cover privacy research, technical writing, software testing, and site administration. He holds a Bachelor of Science and a Master of Science from Johns Hopkins University.
