€ USD
BizLawyer
CMS | Romania approves draft law creating stricter rules for protecting children online.
10 Octombrie 2025 Cristina Popescu (Partner), Carmen Turcu (Associate) - CMS Romania
For more information on the obligations for digital-service providers in Romania, contact your CMS client partner or the CMS experts who wrote this article: Cristina Popescu and Carmen Turcu.
On 6 October 2025, the Romanian Senate approved the “Digital Age of Majority Law” (Legea Majoratului Online), a draft law introducing a robust child-protection regime for online environment. The proposal has moved to the Chamber of Deputies, which has final decision-making authority. If enacted in its current form, the law will strengthen online protection for children, complementing Article 28 of the Digital Services Act (DSA) and Article 8 of the GDPR on parental consent.
The draft law was designed to shield minors under 16 years from harmful online content, including violence, pornography, self-harm, hate speech, fraud, substance abuse, and any material likely to impair a child’s healthy development.
Key measures include requiring verifiable parental consent for access to most online services, mandating age-appropriate design and content labelling, and prohibiting advertising based on profiling when the recipient is a minor.
The law introduces the notion of “online adult” (i.e. major online) as the person who, upon reaching the age of 16, acquires full legal capacity in the online environment.
Key takeaways for minors and parents/legal guardians
→ Minors under 16 may access online services and create personal accounts only with verifiable parental consent.
→ Parents or legal guardians have the right to request the suspension or deletion of a minor’s account and restrict the minor’s access to online content deemed harmful.
Main obligations for service providers
If the draft law is adopted without significant amendments, providers in or accessible from Romania will be required to:
→ obtain and validate explicit parental consent before allowing users under 16 to use online services;
→ secure parental consent for all existing accounts used by minors in Romania, block accounts lacking such consent and delete them within a 120-day grace period;
→ implement technical mechanisms for parents or legal guardians to request suspension, deletion, or restricted access to accounts and pages that display content deemed harmful;
→ design settings, interfaces and filters that maximise confidentiality, safety, and security for minors;
→ refrain from delivering advertising that relies on profiling where the service recipient is a minor;
→ introduce compulsory age-rating labels for all online content and install identity-checking filters.
Sanctions and enforcement
The National Authority for Administration and Regulation in Communications (ANCOM) will serve as the digital services coordinator and lead enforcement authority.
Non-compliance with parental consent or age-labelling requirements may result in fines ranging from 0.1 % to 0.2 % of the provider’s annual turnover, rising to 0.4 % for failure to implement technical measures. Five or more infringements within a calendar year entitle ANCOM to suspend a provider’s activities in Romania until all deficiencies are remedied.
Who will be impacted
While minors risk having their accounts blocked or deleted without parental consent, the primary obligations fall on online service providers. The law’s definition of “online services” is broad, covering any service provided electronically at the request of the user, regardless of monetisation. This includes social media platforms, streaming services, e-commerce, online games, banking services, mobile applications, and other digital interfaces.
What comes next
The proposal now moves to the Chamber of Deputies, which has final legislative power.
When the law is adopted, online service providers will be required to comply with the new obligations. Certain provisions will apply immediately upon the law’s entry into force, while others must be implemented within 180 days. The adoption will also trigger a 180-day countdown for ANCOM to issue the implementing order detailing technical consent procedures and for providers to align their systems. A separate joint ministerial order will follow within 120 days to establish detailed procedures.
Whether the draft law will be enacted in its current form, however, remains to be seen. Other legislative initiatives addressing similar issues are also under discussion. For instance, a draft law on protecting minors under 18 from harmful content distributed on very large online platforms (VLOPs) is currently under debate in the Romanian Senate. A coherent and consistent legislative approach will be needed to ensure effective protection of minors in the online environment.
For more information on the obligations for digital-service providers in Romania, contact your CMS client partner or the CMS experts who wrote this article: Cristina Popescu and Carmen Turcu.
The draft law was designed to shield minors under 16 years from harmful online content, including violence, pornography, self-harm, hate speech, fraud, substance abuse, and any material likely to impair a child’s healthy development.
Key measures include requiring verifiable parental consent for access to most online services, mandating age-appropriate design and content labelling, and prohibiting advertising based on profiling when the recipient is a minor.
The law introduces the notion of “online adult” (i.e. major online) as the person who, upon reaching the age of 16, acquires full legal capacity in the online environment.
Key takeaways for minors and parents/legal guardians
→ Minors under 16 may access online services and create personal accounts only with verifiable parental consent.
→ Parents or legal guardians have the right to request the suspension or deletion of a minor’s account and restrict the minor’s access to online content deemed harmful.
Main obligations for service providers
If the draft law is adopted without significant amendments, providers in or accessible from Romania will be required to:
→ obtain and validate explicit parental consent before allowing users under 16 to use online services;
→ secure parental consent for all existing accounts used by minors in Romania, block accounts lacking such consent and delete them within a 120-day grace period;
→ implement technical mechanisms for parents or legal guardians to request suspension, deletion, or restricted access to accounts and pages that display content deemed harmful;
→ design settings, interfaces and filters that maximise confidentiality, safety, and security for minors;
→ refrain from delivering advertising that relies on profiling where the service recipient is a minor;
→ introduce compulsory age-rating labels for all online content and install identity-checking filters.
Sanctions and enforcement
The National Authority for Administration and Regulation in Communications (ANCOM) will serve as the digital services coordinator and lead enforcement authority.
Non-compliance with parental consent or age-labelling requirements may result in fines ranging from 0.1 % to 0.2 % of the provider’s annual turnover, rising to 0.4 % for failure to implement technical measures. Five or more infringements within a calendar year entitle ANCOM to suspend a provider’s activities in Romania until all deficiencies are remedied.
Who will be impacted
While minors risk having their accounts blocked or deleted without parental consent, the primary obligations fall on online service providers. The law’s definition of “online services” is broad, covering any service provided electronically at the request of the user, regardless of monetisation. This includes social media platforms, streaming services, e-commerce, online games, banking services, mobile applications, and other digital interfaces.
What comes next
The proposal now moves to the Chamber of Deputies, which has final legislative power.
When the law is adopted, online service providers will be required to comply with the new obligations. Certain provisions will apply immediately upon the law’s entry into force, while others must be implemented within 180 days. The adoption will also trigger a 180-day countdown for ANCOM to issue the implementing order detailing technical consent procedures and for providers to align their systems. A separate joint ministerial order will follow within 120 days to establish detailed procedures.
Whether the draft law will be enacted in its current form, however, remains to be seen. Other legislative initiatives addressing similar issues are also under discussion. For instance, a draft law on protecting minors under 18 from harmful content distributed on very large online platforms (VLOPs) is currently under debate in the Romanian Senate. A coherent and consistent legislative approach will be needed to ensure effective protection of minors in the online environment.
For more information on the obligations for digital-service providers in Romania, contact your CMS client partner or the CMS experts who wrote this article: Cristina Popescu and Carmen Turcu.