International Comparison: ISP-Level Parental Controls
What other countries have done, and what we can learn
Executive Summary
This paper compares two distinct policy tracks:
- ISP/network filtering policy (SafeFamily's DNS track)
- Platform social-media age policy (Australia/France track)
No country has mandatory, default-on ISP parental controls yet. However:
| Country | ISP/network filtering track | Platform social-media age track |
|---|---|---|
| UK | Voluntary but "default-on" for major ISPs (active since 2013-2014) | No direct equivalent |
| Australia | Earlier ISP filtering proposal abandoned (2012) | Under-16 social-media platform duty in force (Dec 2025) |
| France | No equivalent ISP DNS mandate in this paper | Under-15 social-media legislative track (Assembly adopted, Senate process ongoing) |
| EU (general) | No EU-wide ISP mandate | Platform-focused framework (DSA, age-assurance work) |
| USA | No ISP requirements | Fragmented/state-led approaches |
Ireland could be first on mandatory ISP DNS parental controls, while aligning separately with AU/FR social-media age-policy lessons.
Note: Australia's ISP filtering track (abandoned in 2012) and Australia's platform social-media age track (implemented from Dec 2025) are distinct policy approaches. This paper compares them separately to avoid scope confusion.
1. United Kingdom - Key Lessons (Both Positive and Cautionary)
What They Did
In 2013-2014, the UK government pressured (but did not legislate) major ISPs to implement "family-friendly filters" that would be "default-on" for new customers.
The major ISPs agreed:
| ISP | Filter Name | What "Default-On" Actually Means |
|---|---|---|
| BT | BT Parental Controls | Interrupts browsing to ask; can click past |
| Sky | Sky Broadband Shield | New customers asked at signup; can skip |
| Virgin Media | Web Safe | Prompted at setup; not required |
| TalkTalk | HomeSafe | Optional activation at signup |
The Critical Nuance: "Default-On" Isn't What It Sounds Like
The UK's "default-on" system is actually an "active choice" system with loopholes:
| What People Think | What Actually Happens |
|---|---|
| Filtering is automatically ON | Customer must be asked to turn it on |
| You have to opt-out | You can skip the question and not enable |
| Everyone is protected | Only new customers are asked |
| Existing customers enrolled | Existing customers just notified (not auto-enrolled) |
Result: Despite being called "default-on," only 27% of UK parents actually use ISP filters.
Why Only 27% Despite "Default-On"?
| Factor | Explanation |
|---|---|
| Existing customers not enrolled | When filters launched in 2013, millions of existing customers were not auto-enrolled, just sent a letter |
| Can skip at signup | New customers can click past without making a choice |
| No enforcement | Voluntary scheme means ISPs implement inconsistently |
| Mobile networks lag | Mobile broadband often not covered |
| BT's "splash page" loophole | BT interrupts browsing to ask, but you can click "No thanks" |
But When People DO Use It, It Works Brilliantly
Usage Statistics (Ofcom data):
| Metric | Figure | Implication |
|---|---|---|
| Parents who use ISP filters | 27% | Poor adoption |
| Parents who find them useful | 93% | Product is excellent |
| Parents who say they block right amount | 74% | Good calibration |
| Children who have bypassed controls | Only 6% | Very effective |
Bottom line: The product works - the problem is adoption, not effectiveness.
Limitations Observed
- Low adoption: 27% usage despite 61% awareness = missed opportunity
- "Skip button" problem: Customers can avoid making a choice
- Existing customer gap: Millions never asked to enable
- Inconsistency: Each ISP implements differently
- Not universal: Smaller ISPs don't participate
- Mobile gap: Mobile broadband often not covered
- Over-blocking: Some legitimate sites (e.g., self-harm support sites) get blocked
What Ireland Must Do Differently
| UK Problem | Ireland Solution |
|---|---|
| Can skip the question | Cannot proceed without answering |
| "Default-on" means prompted | Default-on means actually ON |
| Existing customers just notified | 12-month rollout to all customers |
| Voluntary for ISPs | Mandatory for all ISPs |
| Inconsistent implementation | Coimisiún na Meán oversight |
What We Can Learn
✅ The product works - 93% satisfaction proves the technology is right ✅ Parents want it - 61% aware, high satisfaction among users ✅ Simple presets work - age-based filtering is effective ✅ Low bypass rate - only 6% of children circumvent it ❌ "Voluntary" = 27% usage - legislation needed for universal adoption ❌ "Active choice with skip" != default-on - must require an answer ❌ Existing customers must be enrolled - can't just notify them ❌ Need appeal process - over-blocking is a real issue
2. Australia and France (Platform Social-Media Policy Track)
2.1 Australia (Implemented)
Australia has now moved from policy debate to implementation on platform social media, not ISP DNS filtering:
- Primary Act: Online Safety Amendment (Social Media Minimum Age) Act 2024
- Operational framework: Part 4A of the Online Safety Act 2021
- Rules: Online Safety (Age-Restricted Social Media Platforms) Rules 2025
- Effective date for platform obligations: 10 December 2025
- Core obligation: age-restricted social media platforms must take reasonable steps to prevent under-16 account holding
2.2 What Australia's model actually does
The Australian model is notable for placing the burden on platforms, not parents:
- Platform duty to implement "reasonable steps"
- Layered age assurance expected (no self-declaration-only compliance)
- No mandatory single technology imposed by the regulator
- Privacy constraints around data collection and ID pathways
- Regulator-led compliance and enforcement through eSafety powers
2.3 Service scope in practice (Australia)
As published by eSafety (Nov 2025 lists), likely age-restricted platforms include: Facebook, Instagram, TikTok, YouTube, X, Snapchat, Reddit, Threads, Twitch and Kick.
Services listed as not likely age-restricted include: YouTube Kids, WhatsApp, Discord, Messenger, Steam, Roblox, Pinterest and Google Classroom.
This scope distinction is a major implementation lesson: service classification must be explicit and reviewable.
2.4 France (In Legislative Progress)
France is advancing a stricter age-threshold model via National Assembly text, also in the platform social-media layer:
- Threshold in current adopted Assembly text: under 15
- Mechanism in text: refusal/suspension of under-15 social media accounts, with age-check obligations and regulator oversight pathways
- Additional model elements in current text: nighttime access controls for minors and broader youth digital-health measures
- Status: adopted in National Assembly (Jan 2026), Senate process ongoing
The key practical takeaway is that France combines age-threshold policy with broader school/health/prevention measures, not threshold alone.
2.5 Pitfalls register (Australia/France signals)
| Pitfall | Confidence | Why it matters | Mitigation pattern |
|---|---|---|---|
| Threshold-only policy can be bypassed by workarounds | High | Youth behavior adapts quickly if controls are weakly layered | Require layered controls across account lifecycle (sign-up, detection, re-registration prevention) |
| False positive/negative risk near cutoff ages | High | Harms legitimate users and weakens trust in enforcement | Add review/appeal channels and graduated confidence thresholds |
| "Reasonable steps" can be too vague without governance | High | Inconsistent compliance across platforms | Publish regulator guidance, audit expectations, and independent review cycles |
| Privacy risk from aggressive age checks | High | Data over-collection can create rights and trust issues | Data minimisation, alternatives to government-ID-only flows, purpose limitation |
| Ambiguous platform scope creates loopholes | Medium-High | Services may self-position as out of scope | Clear criteria, periodic reassessment, transparent lists and enforcement notices |
| Restrictive policy may displace youth to less safe services | Medium | Risk migration rather than harm reduction | Pair restrictions with safety education, crisis support, and supervised alternatives |
2.6 What Ireland should mirror from AU/FR
- Platform duty in law (Australia strength)
- Layered assurance, not single-tech mandate (Australia strength)
- Explicit privacy guardrails (Australia strength)
- Age-threshold + developmental scaffolding (France strategic direction)
- Clear enforcement and review architecture (both systems)
3. European Union
Current Approach
The EU has focused on platform regulation rather than ISP filtering:
| Regulation | Focus |
|---|---|
| Digital Services Act (DSA) | Platform content moderation |
| GDPR | Privacy and data protection |
| AVMSD | Video-on-demand content rules |
No ISP Filtering Mandate
The EU has not mandated ISP-level parental controls because:
- Net neutrality concerns
- Subsidiarity (left to member states)
- Platform focus seen as more effective
Opportunity for Ireland
Ireland could:
- Implement ISP filtering within EU law (parental controls are permitted under net neutrality rules)
- Become a model for other EU states
- Influence future EU-wide standards
4. Other Countries
United States
- No federal requirements for ISP filtering
- Some ISPs offer optional controls (Comcast, AT&T)
- Focus on parental responsibility
- Platform-level regulation (COPPA for children's sites)
South Korea
- Mandatory age verification for certain sites
- Focus on gaming addiction (shutdown laws for minors)
- ISP-level blocking of certain categories
China/Saudi Arabia/etc.
- Mandatory state-level filtering
- Not a model - focused on censorship, not parental control
5. What Actually Works?
Evidence-Based Findings
| Approach | Adoption Rate | Satisfaction | Notes |
|---|---|---|---|
| Mandatory choice (Ireland proposal) | Significantly higher (pilot needed) | High | Forces decision, no skipping; comparable opt-out models achieve 60-80%+ |
| UK "default-on" (can skip) | 27% | 93% | Product excellent, adoption poor |
| Pure opt-in | 10-15% | High | Very low uptake |
| Device-level controls | ~30% | Medium | Requires per-device setup |
| Platform controls | Variable | Medium | Inconsistent across platforms |
| DNS filtering | Depends on implementation | High | Universal across devices |
The UK Proves the Product, Not the Implementation
The UK data tells us two things:
- ISP filtering WORKS - 93% satisfaction, 74% say "blocks right amount", only 6% bypass
- "Voluntary default-on" FAILS - 27% usage despite high awareness
The lesson isn't "ISP filtering doesn't work" - it's "ISP filtering needs legislation to achieve adoption."
Success Factors
- Mandatory choice (not just "prompted") - UK shows prompting isn't enough
- Cannot skip the question - Must answer to proceed with signup
- True default-on - If you have children, filtering IS on (not just offered)
- Existing customers enrolled - Not just notified, actually enrolled with opt-out
- Simple presets - "My child is 10" > complex menus
- Easy opt-out - Parents must be able to disable at any time
- Per-device control - Parents should be able to exclude their own devices
- Appeal process - For incorrectly blocked sites
- Transparency - Parents should see what's blocked
- No speed impact - Must be invisible to user experience
6. Implications for Ireland
Why Ireland Can Succeed Where Others Haven't
| Factor | Advantage |
|---|---|
| Small market | 12-15 ISPs vs hundreds elsewhere |
| Legislative approach | UK was voluntary = inconsistent |
| Narrow scope | Parental controls, not censorship |
| Clear opt-out | Addresses civil liberties concerns |
| Existing regulator | Coimisiún na Meán ready |
Recommended Approach (Based on International Evidence)
- Mandate (unlike UK voluntary approach)
- Default-on (like UK, unlike Australia's rejected mandatory ISP filtering proposal from 2012)
- Clear opt-out (address civil liberties)
- Simple presets (by age group)
- Appeal process (for over-blocking)
- Transparency reporting (build trust)
- Per-device options (parents excluded)
7. Legislation to Reference
UK (Voluntary Framework)
No specific legislation, but government agreements with ISPs. Key documents:
- 2013 David Cameron announcement
- Ofcom guidance on parental controls
- ISP voluntary code of practice
UK Online Safety Act 2023
While not ISP-focused, this is the most recent child safety legislation:
- Focuses on platforms, not ISPs
- Requires age verification for adult content
- Duty of care on platforms
- Could serve as template for ISP provisions
EU Digital Services Act
Relevant provisions:
- Article 28: Online protection of minors
- Article 14: Terms of service transparency
- Could be extended to ISP context
Australia Online Safety Act 2021
Relevant provisions:
- eSafety Commissioner powers
- Industry codes development
- Could inform oversight structure
8. Key Statistics to Cite
UK Evidence - The Powerful Story
Quote the 93% satisfaction first, then explain the 27% adoption:
"93% of parents who use ISP filters find them useful, and 74% say they block the right amount of content"
- Ofcom, Children and parents report
"Only 6% of children have successfully bypassed ISP-level filters"
- Ofcom, 2022
"But only 27% of UK parents actually use ISP filters, despite 61% being aware of them"
- Ofcom, 2022
How to frame this:
The UK proves ISP filtering works brilliantly - the problem is their "voluntary default-on" approach let customers skip the question. Ireland's mandatory choice approach would achieve much higher adoption while maintaining the same excellent product.
| Metric | UK (Voluntary) | Ireland (Mandatory) |
|---|---|---|
| Adoption rate | 27% | Significantly higher (pilot needed for precise figure) |
| Satisfaction | 93% | Expected similar |
| Bypass rate | 6% | Expected similar |
Ireland-Specific (From Earlier Research)
"68% of Irish parents find parental controls too complicated"
- National Parents Council
"1 in 3 Irish children aged 8-12 have seen inappropriate content online"
- CyberSafeKids Ireland
Framing for Politicians
Don't say: "The UK has default-on filtering but only 27% use it" Do say: "UK ISP filtering has 93% satisfaction and only 6% bypass it - Ireland's mandatory approach will achieve much higher adoption than the UK's voluntary system"
Conclusion
Ireland has the opportunity to be first to legislate true mandatory, default-on ISP parental controls.
The UK Proved Two Things
- ISP filtering WORKS - 93% satisfaction among users, only 6% bypass rate
- Voluntary "default-on" FAILS - 27% adoption despite high awareness and satisfaction
The UK's experience shows that the technology is ready and parents love it - but voluntary implementation with "skip buttons" leads to poor adoption.
What Ireland Must Do Differently
| UK Approach | Ireland Approach |
|---|---|
| Voluntary for ISPs | Mandatory by law |
| Can skip the question | Must answer to proceed |
| "Default-on" means prompted | Default-on means actually ON |
| Existing customers notified | Existing customers enrolled |
| 27% adoption | Significantly higher adoption (mandatory choice) |
Australia's ISP-Track Lesson (Historical)
Australia's earlier ISP-filtering proposal (2012) was abandoned after scope-capture concerns (expanding from child safety into broader censorship debates). This historical lesson shows the importance of:
- Narrow scope (parental controls, not censorship)
- Clear opt-out rights
- No speed impact on internet performance
- Independent oversight (clear guardrails and public accountability)
Important: This historical ISP-track experience is separate from Australia's current platform social-media age-duty regime (implemented Dec 2025).
Ireland's proposal addresses all of these concerns.
Summary
Recommended: Cite UK as proof that ISP filtering works excellently, but emphasise that Ireland's mandatory legislation will achieve far higher adoption than the UK's voluntary "default-on with skip button" approach.
The goal is not to copy the UK - it's to learn from their mistake (voluntary = poor adoption) while building on their success (the product works brilliantly when people use it).
This document accompanies the Ireland Policy Proposal.