Germany is advancing significant changes to its youth protection framework, with the federal states adopting amendments to the Interstate Treaty on the Protection of Minors in the Media (JMStV). The revised rules entered into force on 1 December 2025.
The new rules impose comprehensive youth-protection obligations on operators of operating systems commonly used by children and adolescents. Some changes raise questions about their alignment with broader European regulations and have already prompted concerns from the European Commission about potential conflicts with EU law.
A new primary obligation at operating system level
The amended Section 12 JMStV establishes a primary obligation for designated operators of operating systems commonly used by children and adolescents to implement an effective youth protection mechanism.
Key requirements for designated operators include:
- Integrating a youth protection mechanism that is easy to adjust and supports age-based settings.
- Ensuring browsers enable safe search by default (unless an exception is deliberately enabled) and ensuring apps may only be installed and used if age-appropriate, via distribution platforms that recognize age ratings and use automated rating systems approved by the Commission for the Protection of Minors in the Media (Kommission für Jugendmedienschutz; KJM).
- Allowing parents to individually block specific apps or browsers, even if these comply with the general age-based settings.
Which operating systems will be covered?
The new rules apply only to operating systems “commonly used by children and adolescents.” The responsible German authority will determine which operating systems fall within scope, based on relevant studies. A formal designation process is required.
Timeline at a glance
- 1 December 2025: Amendments enter into force.
- Until 1 December 2026: The authority must issue formal designations.
- After designation: One month to lodge a challenge.
- After designation: 1–3 years allowed for technical implementation.
Additional youth-protection requirements and enforcement tools
In addition, the amendments introduce updated information and age-labelling requirements for certain online content providers, expand the powers of the competent authorities to address youth-endangering content, and include new data-protection provisions linked to the operation of youth-protection mechanisms.
Potential conflicts with EU law
Some of the amendments have sparked debate about their compatibility with EU law, including the DSA. Central to this discussion is the country-of-origin principle, which provides that online service providers are generally regulated by the EU Member State in which they are established, rather than by divergent national rules in every country where their services are accessible. Where German law imposes additional obligations on a provider established elsewhere in the EU, this may conflict with that principle unless the strict conditions set by EU law are satisfied.
The European Commission has already raised concerns about the JMStV amendments, which may create grounds for future legal challenges. Recent German case law has also emphasised that certain JMStV provisions that were already in force breached the country-of-origin principle. The new obligations may be subject to similar scrutiny.
Next steps
For the operating system-level obligations, the implementation will depend on the formal designation of the operators, which will determine when the statutory implementation periods begin to run. We will continue to monitor the designation process and related EU-law developments, so stay tuned for updates.