International Comparison: ISP-Level Parental Controls

What other countries have done, and what we can learn

Download (17.2 KB)

International Comparison: ISP-Level Parental Controls

What other countries have done, and what we can learn


Executive Summary

This paper compares two distinct policy tracks:

  1. ISP/network filtering policy (SafeFamily's DNS track)
  2. Platform social-media age policy (Australia/France track)

No country has mandatory, default-on ISP parental controls yet. However:

CountryISP/network filtering trackPlatform social-media age track
UKVoluntary but "default-on" for major ISPs (active since 2013-2014)No direct equivalent
AustraliaEarlier ISP filtering proposal abandoned (2012)Under-16 social-media platform duty in force (Dec 2025)
FranceNo equivalent ISP DNS mandate in this paperUnder-15 social-media legislative track (Assembly adopted, Senate process ongoing)
EU (general)No EU-wide ISP mandatePlatform-focused framework (DSA, age-assurance work)
USANo ISP requirementsFragmented/state-led approaches

Ireland could be first on mandatory ISP DNS parental controls, while aligning separately with AU/FR social-media age-policy lessons.

Note: Australia's ISP filtering track (abandoned in 2012) and Australia's platform social-media age track (implemented from Dec 2025) are distinct policy approaches. This paper compares them separately to avoid scope confusion.


1. United Kingdom - Key Lessons (Both Positive and Cautionary)

What They Did

In 2013-2014, the UK government pressured (but did not legislate) major ISPs to implement "family-friendly filters" that would be "default-on" for new customers.

The major ISPs agreed:

ISPFilter NameWhat "Default-On" Actually Means
BTBT Parental ControlsInterrupts browsing to ask; can click past
SkySky Broadband ShieldNew customers asked at signup; can skip
Virgin MediaWeb SafePrompted at setup; not required
TalkTalkHomeSafeOptional activation at signup

The Critical Nuance: "Default-On" Isn't What It Sounds Like

The UK's "default-on" system is actually an "active choice" system with loopholes:

What People ThinkWhat Actually Happens
Filtering is automatically ONCustomer must be asked to turn it on
You have to opt-outYou can skip the question and not enable
Everyone is protectedOnly new customers are asked
Existing customers enrolledExisting customers just notified (not auto-enrolled)

Result: Despite being called "default-on," only 27% of UK parents actually use ISP filters.

Why Only 27% Despite "Default-On"?

FactorExplanation
Existing customers not enrolledWhen filters launched in 2013, millions of existing customers were not auto-enrolled, just sent a letter
Can skip at signupNew customers can click past without making a choice
No enforcementVoluntary scheme means ISPs implement inconsistently
Mobile networks lagMobile broadband often not covered
BT's "splash page" loopholeBT interrupts browsing to ask, but you can click "No thanks"

But When People DO Use It, It Works Brilliantly

Usage Statistics (Ofcom data):

MetricFigureImplication
Parents who use ISP filters27%Poor adoption
Parents who find them useful93%Product is excellent
Parents who say they block right amount74%Good calibration
Children who have bypassed controlsOnly 6%Very effective

Bottom line: The product works - the problem is adoption, not effectiveness.

Limitations Observed

  1. Low adoption: 27% usage despite 61% awareness = missed opportunity
  2. "Skip button" problem: Customers can avoid making a choice
  3. Existing customer gap: Millions never asked to enable
  4. Inconsistency: Each ISP implements differently
  5. Not universal: Smaller ISPs don't participate
  6. Mobile gap: Mobile broadband often not covered
  7. Over-blocking: Some legitimate sites (e.g., self-harm support sites) get blocked

What Ireland Must Do Differently

UK ProblemIreland Solution
Can skip the questionCannot proceed without answering
"Default-on" means promptedDefault-on means actually ON
Existing customers just notified12-month rollout to all customers
Voluntary for ISPsMandatory for all ISPs
Inconsistent implementationCoimisiún na Meán oversight

What We Can Learn

The product works - 93% satisfaction proves the technology is right ✅ Parents want it - 61% aware, high satisfaction among users ✅ Simple presets work - age-based filtering is effective ✅ Low bypass rate - only 6% of children circumvent it ❌ "Voluntary" = 27% usage - legislation needed for universal adoption ❌ "Active choice with skip" != default-on - must require an answer ❌ Existing customers must be enrolled - can't just notify them ❌ Need appeal process - over-blocking is a real issue


2. Australia and France (Platform Social-Media Policy Track)

2.1 Australia (Implemented)

Australia has now moved from policy debate to implementation on platform social media, not ISP DNS filtering:

  • Primary Act: Online Safety Amendment (Social Media Minimum Age) Act 2024
  • Operational framework: Part 4A of the Online Safety Act 2021
  • Rules: Online Safety (Age-Restricted Social Media Platforms) Rules 2025
  • Effective date for platform obligations: 10 December 2025
  • Core obligation: age-restricted social media platforms must take reasonable steps to prevent under-16 account holding

2.2 What Australia's model actually does

The Australian model is notable for placing the burden on platforms, not parents:

  1. Platform duty to implement "reasonable steps"
  2. Layered age assurance expected (no self-declaration-only compliance)
  3. No mandatory single technology imposed by the regulator
  4. Privacy constraints around data collection and ID pathways
  5. Regulator-led compliance and enforcement through eSafety powers

2.3 Service scope in practice (Australia)

As published by eSafety (Nov 2025 lists), likely age-restricted platforms include: Facebook, Instagram, TikTok, YouTube, X, Snapchat, Reddit, Threads, Twitch and Kick.

Services listed as not likely age-restricted include: YouTube Kids, WhatsApp, Discord, Messenger, Steam, Roblox, Pinterest and Google Classroom.

This scope distinction is a major implementation lesson: service classification must be explicit and reviewable.

2.4 France (In Legislative Progress)

France is advancing a stricter age-threshold model via National Assembly text, also in the platform social-media layer:

  • Threshold in current adopted Assembly text: under 15
  • Mechanism in text: refusal/suspension of under-15 social media accounts, with age-check obligations and regulator oversight pathways
  • Additional model elements in current text: nighttime access controls for minors and broader youth digital-health measures
  • Status: adopted in National Assembly (Jan 2026), Senate process ongoing

The key practical takeaway is that France combines age-threshold policy with broader school/health/prevention measures, not threshold alone.

2.5 Pitfalls register (Australia/France signals)

PitfallConfidenceWhy it mattersMitigation pattern
Threshold-only policy can be bypassed by workaroundsHighYouth behavior adapts quickly if controls are weakly layeredRequire layered controls across account lifecycle (sign-up, detection, re-registration prevention)
False positive/negative risk near cutoff agesHighHarms legitimate users and weakens trust in enforcementAdd review/appeal channels and graduated confidence thresholds
"Reasonable steps" can be too vague without governanceHighInconsistent compliance across platformsPublish regulator guidance, audit expectations, and independent review cycles
Privacy risk from aggressive age checksHighData over-collection can create rights and trust issuesData minimisation, alternatives to government-ID-only flows, purpose limitation
Ambiguous platform scope creates loopholesMedium-HighServices may self-position as out of scopeClear criteria, periodic reassessment, transparent lists and enforcement notices
Restrictive policy may displace youth to less safe servicesMediumRisk migration rather than harm reductionPair restrictions with safety education, crisis support, and supervised alternatives

2.6 What Ireland should mirror from AU/FR

  1. Platform duty in law (Australia strength)
  2. Layered assurance, not single-tech mandate (Australia strength)
  3. Explicit privacy guardrails (Australia strength)
  4. Age-threshold + developmental scaffolding (France strategic direction)
  5. Clear enforcement and review architecture (both systems)

3. European Union

Current Approach

The EU has focused on platform regulation rather than ISP filtering:

RegulationFocus
Digital Services Act (DSA)Platform content moderation
GDPRPrivacy and data protection
AVMSDVideo-on-demand content rules

No ISP Filtering Mandate

The EU has not mandated ISP-level parental controls because:

  • Net neutrality concerns
  • Subsidiarity (left to member states)
  • Platform focus seen as more effective

Opportunity for Ireland

Ireland could:

  1. Implement ISP filtering within EU law (parental controls are permitted under net neutrality rules)
  2. Become a model for other EU states
  3. Influence future EU-wide standards

4. Other Countries

United States

  • No federal requirements for ISP filtering
  • Some ISPs offer optional controls (Comcast, AT&T)
  • Focus on parental responsibility
  • Platform-level regulation (COPPA for children's sites)

South Korea

  • Mandatory age verification for certain sites
  • Focus on gaming addiction (shutdown laws for minors)
  • ISP-level blocking of certain categories

China/Saudi Arabia/etc.

  • Mandatory state-level filtering
  • Not a model - focused on censorship, not parental control

5. What Actually Works?

Evidence-Based Findings

ApproachAdoption RateSatisfactionNotes
Mandatory choice (Ireland proposal)Significantly higher (pilot needed)HighForces decision, no skipping; comparable opt-out models achieve 60-80%+
UK "default-on" (can skip)27%93%Product excellent, adoption poor
Pure opt-in10-15%HighVery low uptake
Device-level controls~30%MediumRequires per-device setup
Platform controlsVariableMediumInconsistent across platforms
DNS filteringDepends on implementationHighUniversal across devices

The UK Proves the Product, Not the Implementation

The UK data tells us two things:

  1. ISP filtering WORKS - 93% satisfaction, 74% say "blocks right amount", only 6% bypass
  2. "Voluntary default-on" FAILS - 27% usage despite high awareness

The lesson isn't "ISP filtering doesn't work" - it's "ISP filtering needs legislation to achieve adoption."

Success Factors

  1. Mandatory choice (not just "prompted") - UK shows prompting isn't enough
  2. Cannot skip the question - Must answer to proceed with signup
  3. True default-on - If you have children, filtering IS on (not just offered)
  4. Existing customers enrolled - Not just notified, actually enrolled with opt-out
  5. Simple presets - "My child is 10" > complex menus
  6. Easy opt-out - Parents must be able to disable at any time
  7. Per-device control - Parents should be able to exclude their own devices
  8. Appeal process - For incorrectly blocked sites
  9. Transparency - Parents should see what's blocked
  10. No speed impact - Must be invisible to user experience

6. Implications for Ireland

Why Ireland Can Succeed Where Others Haven't

FactorAdvantage
Small market12-15 ISPs vs hundreds elsewhere
Legislative approachUK was voluntary = inconsistent
Narrow scopeParental controls, not censorship
Clear opt-outAddresses civil liberties concerns
Existing regulatorCoimisiún na Meán ready
  1. Mandate (unlike UK voluntary approach)
  2. Default-on (like UK, unlike Australia's rejected mandatory ISP filtering proposal from 2012)
  3. Clear opt-out (address civil liberties)
  4. Simple presets (by age group)
  5. Appeal process (for over-blocking)
  6. Transparency reporting (build trust)
  7. Per-device options (parents excluded)

7. Legislation to Reference

UK (Voluntary Framework)

No specific legislation, but government agreements with ISPs. Key documents:

  • 2013 David Cameron announcement
  • Ofcom guidance on parental controls
  • ISP voluntary code of practice

UK Online Safety Act 2023

While not ISP-focused, this is the most recent child safety legislation:

  • Focuses on platforms, not ISPs
  • Requires age verification for adult content
  • Duty of care on platforms
  • Could serve as template for ISP provisions

EU Digital Services Act

Relevant provisions:

  • Article 28: Online protection of minors
  • Article 14: Terms of service transparency
  • Could be extended to ISP context

Australia Online Safety Act 2021

Relevant provisions:

  • eSafety Commissioner powers
  • Industry codes development
  • Could inform oversight structure

8. Key Statistics to Cite

UK Evidence - The Powerful Story

Quote the 93% satisfaction first, then explain the 27% adoption:

"93% of parents who use ISP filters find them useful, and 74% say they block the right amount of content"

  • Ofcom, Children and parents report

"Only 6% of children have successfully bypassed ISP-level filters"

  • Ofcom, 2022

"But only 27% of UK parents actually use ISP filters, despite 61% being aware of them"

  • Ofcom, 2022

How to frame this:

The UK proves ISP filtering works brilliantly - the problem is their "voluntary default-on" approach let customers skip the question. Ireland's mandatory choice approach would achieve much higher adoption while maintaining the same excellent product.

MetricUK (Voluntary)Ireland (Mandatory)
Adoption rate27%Significantly higher (pilot needed for precise figure)
Satisfaction93%Expected similar
Bypass rate6%Expected similar

Ireland-Specific (From Earlier Research)

"68% of Irish parents find parental controls too complicated"

  • National Parents Council

"1 in 3 Irish children aged 8-12 have seen inappropriate content online"

  • CyberSafeKids Ireland

Framing for Politicians

Don't say: "The UK has default-on filtering but only 27% use it" Do say: "UK ISP filtering has 93% satisfaction and only 6% bypass it - Ireland's mandatory approach will achieve much higher adoption than the UK's voluntary system"


Conclusion

Ireland has the opportunity to be first to legislate true mandatory, default-on ISP parental controls.

The UK Proved Two Things

  1. ISP filtering WORKS - 93% satisfaction among users, only 6% bypass rate
  2. Voluntary "default-on" FAILS - 27% adoption despite high awareness and satisfaction

The UK's experience shows that the technology is ready and parents love it - but voluntary implementation with "skip buttons" leads to poor adoption.

What Ireland Must Do Differently

UK ApproachIreland Approach
Voluntary for ISPsMandatory by law
Can skip the questionMust answer to proceed
"Default-on" means promptedDefault-on means actually ON
Existing customers notifiedExisting customers enrolled
27% adoptionSignificantly higher adoption (mandatory choice)

Australia's ISP-Track Lesson (Historical)

Australia's earlier ISP-filtering proposal (2012) was abandoned after scope-capture concerns (expanding from child safety into broader censorship debates). This historical lesson shows the importance of:

  • Narrow scope (parental controls, not censorship)
  • Clear opt-out rights
  • No speed impact on internet performance
  • Independent oversight (clear guardrails and public accountability)

Important: This historical ISP-track experience is separate from Australia's current platform social-media age-duty regime (implemented Dec 2025).

Ireland's proposal addresses all of these concerns.

Summary

Recommended: Cite UK as proof that ISP filtering works excellently, but emphasise that Ireland's mandatory legislation will achieve far higher adoption than the UK's voluntary "default-on with skip button" approach.

The goal is not to copy the UK - it's to learn from their mistake (voluntary = poor adoption) while building on their success (the product works brilliantly when people use it).


This document accompanies the Ireland Policy Proposal.