Portugal: Parliament passed Bill concerning the Protection of Children in Digital Environments (PL 398/XVII/1) including age verification requirement by general vote

On 12 February 2026, Parliament passed the Bill concerning the Protection of Children in Digital Environments (PL 398/XVII/1), including an age verification requirement by general vote. The Bill establishes a minimum digital age of 16 for autonomous access to platforms, services, games, and applications within its scope and prohibits access for children under 13. Children aged 13 to 15 may access such services only with the informed, express, and verified consent of a parent or guardian. Parental consent must be provided through an identity verification mechanism using the Chave Móvel Digital system or an equivalent system. Consent may be withdrawn at any time and automatically expires when the child reaches the age of 16. Furthermore, Article 9 requires high-risk content providers, including providers that make available content subject to age restrictions or content likely to harm the physical or mental development of children, such as violent, sexual, or addictive content, to implement suitable systems to prevent access by children under 16. In cases of non-compliance, the National Communications Authority may order the de-indexing of the service by search engines, suspend access to the service within the national territory, or adopt urgent precautionary measures where there is a risk to children. Regarding age verification systems, Article 7 establishes a general obligation for service providers that make services accessible to children residing in Portugal to implement an age verification mechanism compatible with Chave Móvel Digital or an equivalent system, in line with the National Technical Reference Framework for Age Verification. Age verification mechanisms based solely on user self-declaration are prohibited. Article 8 further sets out the technical requirements for age verification systems. These must ensure a high level of reliability and resistance to fraud, minimise the collection of personal data, and be compatible with Chave Móvel Digital or equivalent systems, including the use of anonymised attributes where available. They must also accept digital credentials issued by public authorities or certified entities, including those integrated into the European Digital Identity Wallet, and support privacy-preserving age-threshold proof systems, such as zero-knowledge proofs.