In 2026, Brazil is advancing significant changes to its approach to protecting minors in digital environments. The implementation of Law No. 15.211 of September 17, 2025 –known as the Brazilian Digital Statute for Children and Adolescents, or simply “ECA Digital”– marks an inflection point in the country’s regulatory paradigm for digital platforms. The new law requires safety to be embedded in the design of digital systems, adopting a “safety-by-design” approach in clear contrast to the previously prevailing logic of reactive compliance.
The ECA Digital adapts the rationale of Brazil’s Statute of the Child and Adolescent (ECA) to the digital environment. While the original ECA establishes the country’s legal framework for children (under 12) and adolescents (ages 12 to 18), the ECA Digital extends offline child-protection rights to the online world by imposing obligations on content providers, app developers, social media platforms, electronic game providers, and other suppliers of digital products and services.
The new law reflects the country’s learning curve in digital regulation. Since the enactment of the Brazilian Civil Rights Framework for the Internet –Marco Civil da Internet (MCI), in 2014– and the General Data Protection Law –Lei Geral de Proteção de Dados (LGPD), in 2018– digital policies and regulations have increasingly moved from reliance on reactive enforcement toward the adoption of proactive safeguards.
Brazil’s initial regulatory regime conditioned civil liability on judicial notice, meaning that, absent a court order, a platform bore no responsibility for hosting harmful content. In addition, oversight of platforms’ content-moderation efforts was unclear. There was also no proactive duty to moderate content directed at minors or to implement access-control mechanisms, since age verification relied on self-declaration.
A Regulation Built on Three Key Mechanisms
Thus, the ECA Digital no longer asks, “Did the platform know about the harm?” but instead, “Was the platform designed to prevent it?”. The safety-by-design approach rests on three primary mechanisms:
1. Content restrictions: The ECA Digital regulates minors’ access to online content. Children under 12 are prohibited from accessing social networks not specifically designed for children, while adolescents between 12 and 16 may access such platforms only through an account confirmed by a parent or legal guardian. The law also prohibits addictive design features, such as infinite scroll and autoplay, for minors’ accounts; requires mandatory 30-minute breaks and a notification-suspension window from 10 p.m. to 6 a.m.; and classifies loot boxes as gambling, thereby prohibiting them in games accessible to minors.
2. Reliable age verification: The law eliminates self-declaration as a valid verification mechanism for access to adult content, gambling platforms, and any platform likely to be accessed by minors.
3. Platform liability: Platforms bear the burden of ensuring compliance with the law, including by implementing reliable age-estimation methods and parental supervision tools. They also have duties to remove content upon simple notification rather than only after judicial notice.
This set of mechanisms was enabled by the Brazilian Supreme Court’s (STF) decision on Article 19 of the Brazilian Civil Rights Framework for the Internet, which partially invalidated the rule that internet application providers could be held civilly liable for third-party content only upon noncompliance with a prior court order and, in broader categories of unlawful content, allowed for removal obligations based on notice mechanisms.
This shift toward proactive digital safety is not occurring in isolation, but rather as part of a broader international convergence on the need to better protect minors in online environments. During President Luiz Inácio Lula da Silva’s official visit to Spain in April 2026, digital regulation and the protection of minors online were among the topics discussed with Prime Minister Pedro Sánchez. Both leaders underscored the growing concern about the risks associated with digital platforms, including exposure to harmful content and the lack of adequate safeguards for young users, and highlighted the importance of stronger regulatory frameworks, including measures such as age verification and platform accountability.
Implementation: Bridging Vision and Results
Implementation of the ECA Digital still faces important challenges, including the operationalization of age-verification tools, tensions with data protection rules, and the enforcement capacity of the Brazilian National Data Protection Authority (ANPD).
Even so, the ECA Digital has inaugurated a paradigm shift in Brazilian digital law: from ex post liability to ex ante safety instruments. This can also be observed in the recent updating of the regulatory framework for the Brazilian Civil Rights Framework for the Internet through Decrees No. 12.975 and No. 12.976 of May 2026.
In conclusion, the ECA Digital should be understood as part of a broader reorientation in Brazilian digital law. It not only imposes new obligations on platforms but also places companies at the center of efforts to create safer digital ecosystems, as they are no longer merely recipients of court orders but are now responsible for the safe design of their products.
Accordingly, compliance will require more than legal responsiveness, but product governance, accountability and a proactive understating of how the companies’ choices affect their users. Furthermore, policymakers and regulators must ensure that these obligations are enforced with clarity and proportionality, as well as flexibility, considering the inevitable adjustments that the pace of innovation will impose.
To further understand the responsible design and use of online platforms, check out Telefónica’s positioning on the Protection of minors in the digital environment: “Building a Safe Digital Space for Minors: Towards Responsible Design and Use of Digital Devices and Services”.
