What is Safety by Design?

The Paradigm Shift: From Reactive to Proactive

For most of the internet's history, child safety online was framed as a content moderation problem. Build the platform. Let users generate content. Then hire a trust and safety team to find and remove the harmful material. This reactive model was baked into the infrastructure of the modern internet — and it has failed, comprehensively.

The numbers reveal why. NCMEC's CyberTipline received 88.3 million reports of child sexual abuse material in 2022 — a 329% increase over five years. Thorn's Safer platform processed over 42 billion images and videos for hash-matching in the same year. The Internet Watch Foundation's analysts reviewed millions of URLs. And still, harm to children online continues to accelerate. The reactive model cannot keep pace with the scale of user-generated content on modern platforms, the sophistication of bad actors who exploit platform design, or the speed at which harmful content spreads before moderation can catch it.

Safety by Design is the alternative — and it is gaining momentum as the foundational paradigm for child online protection worldwide. Rather than responding to harm after it occurs, Safety by Design requires anticipating the ways a product could be used to harm children, or expose children to harm, and building safeguards in from the earliest stages of product development.

The shift is not just conceptual — it is regulatory. The EU Digital Services Act, UK Online Safety Act, UK Age Appropriate Design Code, California AADC, and Australia's Online Safety Act all embed Safety by Design requirements in binding law. Non-compliance now carries penalties that make proactive investment significantly cheaper than reactive enforcement fines.

The eSafety Commissioner's Three-Principle Framework

Australia's eSafety Commissioner — the world's first standalone government online safety regulator — developed the Safety by Design framework that has become the global reference standard. Built through extensive consultation with industry, civil society, and affected communities, the framework is organized around three principles that together create a comprehensive approach to child safety.

The OECD's Eight Implementation Components (2024)

Building on the eSafety framework, the OECD's 2024 publication Towards Digital Safety by Design for Children identifies eight specific components that a comprehensive Safety by Design implementation should include. This provides a structured framework for companies translating principles into practice:

How Leading Platforms Are Implementing Safety by Design

Safety by Design is no longer theoretical. Regulatory pressure and reputational risk have driven major platforms to implement — with varying degrees of completeness — SbD principles. These examples illustrate both the progress made and the gaps that remain.

Meta: Teen Accounts (2024–2025)

Following years of regulatory pressure and the revelations of the Facebook Files, Meta launched "Teen Accounts" in 2024 — progressively rolled out to Instagram and Facebook globally in 2024-2025. Key features include: automatic enrollment for users under 16, with parental approval required to change most settings; default content filters removing self-harm, eating disorder, and violent content; restrictions on direct messaging (users under 16 can only be messaged by accounts they follow); screen time notifications; and nightly time limits. Teen Accounts represents genuine progress on default privacy, content restriction, and messaging controls — but independent researchers at the 5Rights Foundation and Center for Humane Technology have noted that age detection relies on self-declaration, and that the features can be bypassed by users who claim to be older than they are. Age assurance remains the unresolved core challenge.

YouTube: Supervised Experience and Age-Appropriate Content

Google's YouTube has implemented a tiered approach to age-appropriate content. YouTube Kids provides a separate, heavily curated environment for younger children. For teens on the main platform, YouTube in 2023 introduced "take a break" reminders, bedtime reminders, default autoplay off, and supervised experience settings that allow parents to link their account to a teenager's for oversight. Content recommendation algorithms for signed-in users under 18 are adjusted to reduce exposure to content involving dangerous challenges, violent events, and body image. These are meaningful implementations of Safety by Design principles — though civil society has noted ongoing concerns about how effectively age data is used to differentiate experiences, and how recommendation suppression is validated.

Discord: Server Safety, DM Restrictions, and Family Center

Discord serves a large population of young people (particularly gamers) and has faced significant scrutiny for child safety failures. Since 2022, Discord has launched Family Center (allowing parents to see which servers their children are active in and who they are messaging); default safe messaging settings for users 13-17; AI-based detection of grooming patterns; integration with Thorn's Safer platform for CSAM detection; and restrictions on friend requests from users the young person doesn't share a server with. Discord's approach is notable for its recognition that completely restricting teen access would lose the very users it needs to protect — so it focuses on contextual controls within the existing product architecture.

Phase-by-Phase Implementation Checklist

For companies beginning their Safety by Design journey, implementation is most effective when organized by product development phase — ensuring safety considerations are embedded at each stage rather than applied retrospectively.

Phase 1: Discovery and Risk Assessment

• Determine whether children are or could foreseeably be users of your product — including whether it is primarily aimed at adults but accessible to minors
• Identify the age range of likely child users and their developmental characteristics — what can a typical 8-year-old understand? A 14-year-old?
• Conduct a preliminary Child Rights Impact Assessment (CRIA) using UNICEF's D-CRIA methodology
• Map all foreseeable pathways through which your product could facilitate harm to child users: content, contact, conduct, contract, and data risks
• Map regulatory obligations in each jurisdiction where you operate — EU DSA, UK OSA/AADC, COPPA (US), applicable state laws
• Assess your current Safety by Design maturity against WePROTECT's four-phase Maturity Model

Phase 2: Design Interventions

• Set maximum privacy settings as defaults for child users — geolocation off, profile not searchable, data collection limited to service provision
• Design reporting flows in plain, age-appropriate language with visual cues — test them with actual children in the relevant age range
• Audit all design patterns for "dark patterns" — friction that discourages privacy choices, pre-checked consent, confusing language around data sharing
• Design content recommendation systems with explicit child-safety filters — define which categories are suppressed for child users and how suppression is validated
• Restrict messaging from unknown adults to child accounts by default — require the child to follow the account before accepting messages
• Design age-differentiated interfaces — the experience for a 7-year-old should be meaningfully different from the experience for a 15-year-old
• Remove or disable engagement-maximizing features (autoplay, infinite scroll, streak notifications) for users under 16, or make them opt-in with clear disclosures
• Design parental controls that are both functional and respect children's evolving autonomy

Phase 3: Technical Implementation

• Integrate PhotoDNA or equivalent perceptual hash-matching for user-uploaded image/video content — available free from Microsoft
• Integrate Thorn's Safer platform for CSAM hash-matching — covers 29M+ known hash values and is available to qualifying companies
• Implement NCMEC CyberTipline reporting — legally required under US law (18 USC 2258A) for electronic service providers with actual knowledge of CSAM
• Implement IWF hash lists for UK and European operations
• Build age assurance mechanisms appropriate to the risk level of your product — self-declaration for low-risk services, age estimation or verification for high-risk ones
• Implement COPPA-compliant consent flows for US child users, GDPR-compliant flows for EU users, ensuring age-appropriate language throughout
• Integrate AI-based grooming detection where your product facilitates communication between users

Phase 4: Pre-Launch Validation

• Complete and document the full Child Rights Impact Assessment
• Test all safety features with actual child users of the relevant age range — under appropriate safeguarding conditions
• Publish a child-friendly privacy policy alongside the full legal text
• Establish escalation protocols for content reported by or involving minors — with clear timelines and law enforcement referral pathways
• Ensure CSAM reporting is integrated and tested end-to-end with NCMEC/IWF systems
• Confirm regulatory compliance status in each operating jurisdiction

Phase 5: Ongoing Operations and Improvement

• Publish an annual transparency report covering child safety metrics — CSAM reports, content removal, age assurance implementation, enforcement actions
• Conduct annual risk assessment updates — especially as new features are launched or user demographics change
• Participate in industry hash-sharing consortia (NCMEC, IWF) — expanding the collective detection capability
• Engage with Ofcom, DSA, and other regulator consultation processes on children's safety codes
• Conduct periodic third-party audits of safety feature effectiveness
• Review and update the CRIA after any major product change affecting child users

The Business Case for Safety by Design

Beyond regulatory compliance and moral obligation, there is a compelling business case for Safety by Design investment — one that the most sophisticated companies are increasingly recognizing.

• Proactive is cheaper than reactive: Building safety into a product during design costs a fraction of what it costs to retrofit safety after a product has scaled. The moderation costs that platforms like Meta, YouTube, and TikTok bear — hundreds of millions annually — are largely the consequence of failing to build safety in from the start.
• Regulatory risk reduction: The maximum penalty under the UK Online Safety Act is 10% of global annual turnover. For a large platform, a single enforcement action could cost billions. The investment in proactive SbD implementation is trivial by comparison.
• Reputational protection: The past decade has seen multiple major platforms suffer severe reputational damage from child safety failures — Facebook/Instagram's mental health revelations, YouTube's COPPA violation fine, TikTok's regulatory investigations globally. The reputational cost of failure vastly exceeds the cost of prevention.
• User trust and retention: Parents are significant gatekeepers of children's platform adoption — particularly for younger age groups. Platforms with demonstrably strong child safety records are more likely to receive parental approval, driving acquisition and retention of younger user cohorts.
• Competitive differentiation: In a market where regulatory compliance is becoming table stakes, demonstrable safety leadership is emerging as a genuine competitive differentiator — particularly for platforms seeking enterprise and education market access.

Common Mistakes to Avoid

Based on regulator enforcement actions and civil society audits, these are the most common Safety by Design failures that lead to regulatory action:

• Age as an afterthought: Designing a product for a general adult audience, then applying child safety features as an overlay after the core architecture is fixed. The architecture must be designed with child use in mind from the beginning.
• Self-declaration as age assurance: Asking users to enter their date of birth and accepting any answer. Self-declaration is not age assurance — it is an absence of age assurance. Regulators are moving rapidly toward requiring verifiable age estimation or verification for high-risk services.
• Safety features buried in settings: Building technically functional safety controls that are accessible only through complex settings menus that most users never visit. Prominence and accessibility matter as much as functionality.
• One-size-fits-all for "minors": Applying identical settings and controls to all users under 18. A product that treats a 7-year-old and a 17-year-old identically fails both groups.
• Transparency theater: Publishing impressive-sounding child safety commitments without the transparency reporting, independent audit, or regulatory access that would allow those commitments to be verified.
• Compliance as ceiling, not floor: Treating regulatory minimum requirements as the target rather than the floor. Regulations typically lag behind the state of the art. Companies that meet only the minimum will find themselves re-exposed as requirements advance.

Regulatory Landscape: Where SbD Is Now Mandated

Further Reading and Key Resources

• eSafety Commissioner: Safety by Design Toolkit (Free) ↗
• OECD: Towards Digital Safety by Design for Children (2024) ↗
• UNICEF D-CRIA Toolbox ↗
• 5Rights: Child Rights by Design Framework ↗
• Regulatory Compliance Checklists →
• All Private Sector Guidance (17 articles) →
• Foundation: The UN Convention on the Rights of the Child →