Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Ban first, figure it out later? Why Andhra, Karnataka ban on social media for kids may run into firewall

March 07, 2026 6 min read Polity & Governance Science & Technology GS2 (Governance Centre-State Relations) GS3 (Science & Technology)
On This Page

What Happened

  • Andhra Pradesh and Karnataka announced bans on social media use for children — Andhra for under-13 and Karnataka for under-16 — triggering immediate debate about whether states have the constitutional authority to regulate internet platforms.
  • Legal experts pointed out that internet and telecommunications regulation falls exclusively under the Union List (Entry 31, Seventh Schedule), placing such regulation outside state legislative competence.
  • Questions were also raised about technical enforceability: age verification systems are imperfect, easily circumvented, and involve tradeoffs between child safety and user privacy.
  • The Union Minister for Electronics and IT stated the central government was already discussing age-based restrictions — implying the Centre, not states, is the appropriate regulatory actor.
  • Social media platforms like Instagram, YouTube, and Snapchat operate under central regulation (IT Act, 2000 and IT Rules, 2021) and respond to central government orders — not state government notifications.

Static Topic Bridges

Centre-State Legislative Relations — Article 246 and the Seventh Schedule

The constitutional division of legislative powers is the primary obstacle to state-level internet regulation.

  • Article 246(1): Parliament has exclusive legislative competence over subjects in List I (Union List). No state legislature can make laws on Union List subjects.
  • Article 246(3): State legislatures have exclusive competence over List II (State List) subjects.
  • Article 246(2): On List III (Concurrent List) subjects, both Parliament and states can legislate; in case of repugnancy, central law prevails (Article 254(1)).
  • Entry 31, Union List: "Posts and telegraphs; telephones, wireless, broadcasting and other like forms of communication." — Internet regulation has been authoritatively placed within this entry.
  • Internet services are governed centrally through the IT Act, 2000 (enacted under Entry 31) and the Telecommunications Act, 2023 (which replaced the Indian Telegraph Act, 1885, also under Entry 31).
  • A state law purporting to regulate internet platforms would be unconstitutional under Article 246(1) — it would be void, not merely subject to repugnancy testing (which applies only to Concurrent List subjects).

Connection to this news: Even if Karnataka or Andhra Pradesh enacts a state law mandating social media platforms to ban under-age users, such a law would be ultra vires the Constitution — platforms have no obligation to comply with state mandates on internet regulation, only with central government orders under the IT Act.

IT Act 2000 — Section 69A and Blocking Powers (Central Government Only)

The architecture of India's internet regulation framework concentrates regulatory power entirely in the central government.

  • Section 69A of the IT Act, 2000: The Central Government may block access to information if it is "in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign states, public order or for preventing incitement to the commission of any cognizable offence."
  • IT (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009: Govern the procedure for blocking — a central executive action with no state equivalent.
  • Shreya Singhal v. Union of India (2015): Supreme Court struck down Section 66A of the IT Act (speech restriction) but upheld Section 69A as constitutional, with procedural safeguards. The judgment confirmed the central government's exclusive blocking authority.
  • No provision in the IT Act or any other central legislation delegates age-based blocking authority to states.
  • Even the proposed bans by Karnataka and AP cannot be enforced on platforms without a central government Section 69A order or equivalent central direction.

Connection to this news: State governments cannot order platforms to block under-age users. Any enforceable mechanism — such as platform-level age gates or access restrictions — would require the Centre to issue directions under Section 69A or through an amendment to the IT Rules.

Age Verification — Technical Challenges and Privacy Tradeoffs

Even if legislative competence existed, technically enforcing an age-based social media ban raises significant practical and rights-based challenges.

  • Age assurance methods range from self-declaration (weakest; easily bypassed) to document-based identity verification (strongest; raises data privacy concerns) to inferred age estimation via facial recognition or behavioural patterns (emerging; accuracy disputed).
  • The DPDP Act, 2023 (Section 9) mandates "verifiable parental consent" for processing children's data, but does not specify the verification method — leaving the technical standard to be determined by DPDP Rules, 2025.
  • DPDP Rules, 2025 require platforms to implement age verification mechanisms but do not mandate a specific technology — giving platforms flexibility while creating an accountability obligation.
  • Privacy concern: Document-based age verification (e.g., Aadhaar-based) creates large databases of user identity linked to platform use — raising surveillance and data breach risks.
  • Children can bypass age verification by lying, using a sibling or parent's account, or using VPNs — technical measures alone cannot guarantee compliance.
  • Australia's approach: placed legal obligation on platforms (not users) to ensure age compliance, with platforms facing fines; shifted responsibility from individuals to corporations.

Connection to this news: The "ban first, figure it out later" criticism reflects a genuine policy sequencing problem — without a robust, privacy-respecting age verification infrastructure, even a constitutionally valid central law would struggle with enforcement. States announcing bans face this challenge amplified by their lack of legal authority over platforms.

Digital Personal Data Protection Act, 2023 — Section 9 and Children's Data

The DPDP Act provides the existing national framework most directly relevant to children's social media safety.

  • Section 9(1): A data fiduciary must not process personal data of a child without verifiable parental consent.
  • Section 9(2): A data fiduciary must not undertake profiling, tracking, or targeted advertising of children.
  • Section 9(3): Categories of data fiduciaries for whom additional restrictions apply may be notified by the Central Government.
  • "Child" under DPDP Act = any person under 18 years — a broader definition than the 16-year threshold proposed by Karnataka or the 13-year threshold proposed by Andhra Pradesh.
  • Enforcement: Data Protection Board of India (DPBI) — a central body. States have no parallel enforcement authority.
  • DPDP Rules, 2025 (notified after the Act came into force): Detail the consent mechanism, age verification requirements, and obligations on Data Fiduciaries regarding minors.

Connection to this news: The DPDP Act already mandates parental consent for all under-18s — a stronger protection than what Karnataka (16) or AP (13) propose. The state bans are partly addressing a gap in enforcement, but enforcement of the DPDP Act itself lies exclusively with the central DPBI. States proposing their own parallel bans risk constitutional invalidity while the central framework remains underenforced.

Key Facts & Data

  • Article 246(1): Exclusive Parliamentary competence over Union List subjects — state laws on Union List = void.
  • Entry 31, Union List: "Posts and telegraphs; telephones, wireless, broadcasting and other like forms of communication" — includes internet.
  • IT Act, 2000: Section 69A — central government blocking power (upheld in Shreya Singhal v. Union of India, 2015).
  • IT Rules, 2021: Govern Significant Social Media Intermediaries (50 lakh+ users); no state-equivalent rules.
  • DPDP Act, 2023: Section 9 — parental consent for processing children's (under-18) data; no targeted advertising of children.
  • DPDP Rules, 2025: Age verification and parental consent workflow obligations on platforms.
  • Telecommunications Act, 2023: Replaced the Indian Telegraph Act, 1885; governs telecom under Entry 31.
  • Karnataka proposed ban: under-16 years; announced by CM Siddaramaiah (2026 state budget).
  • Andhra Pradesh proposed ban: under-13 within 90 days; 13–16 under consideration.
  • Australia's ban: under-16 (national legislation, 2025); fines up to AUD 49.5 million for platforms.
  • MeitY: confirmed Centre is examining age-based restrictions at national level (March 2026).
  • Data Protection Board of India (DPBI): central enforcement body under DPDP Act.