Regulatory Watch – January 2026

Australian social media ban ‘is not improving teen safety’

Meta has deleted over 500,000 Australian accounts in order to comply with the country’s under-16s ban. The company said that it removed 330,000 users from Instagram and 173,000 from Facebook between 4 and 11 December. In its statement Meta argued that early data suggests the ban is not improving teen safety or wellbeing. Age verification measures are inconsistent and pushing teenagers towards smaller, less regulated apps, the company said.

X under continued pressure over Grok’s sexualised image generation

Governments around the world have condemned the sexually explicit content generated by Grok on X, including ‘undressed’ depictions of minors. Grok has restricted image generation and editing to paying subscribers, allowing users behaving illegally to be easily identified. However, regulators are questioning whether the company has gone far enough. In the UK, Ofcom has announced an investigation into whether Grok has complied with obligations under the Online Safety Act, and French regulator ARCOM is similarly looking at the company’s compliance under the Digital Services Act. Germany’s media minister has urged the EU to take legal action to stop the ‘industrialisation of sexual harassment’ on X. Action is also being taken in India, Malaysia and Australia.

Polish president vetoes the EU’s Digital Services Act

President Karol Nawrocki has vetoed legislation designed to enable the implementation of the Digital Services Act (DSA)  in Poland, despite the bill having been adopted by parliament at the end of 2025. Nawrocki says that the bill gives excessive powers to government officials to decide what content is allowed online, arguing that there is insufficient judicial oversight. The European Commission has already referred Poland to the EU Court of Justice for failing to appoint a DSA coordinator. Under the Polish constitution, parliament can override a presidential veto with a three-fifths majority, a margin the government does not have. In the meantime, core DSA obligations apply to large platforms operating in Poland.

EU to mandate exclusion of ‘high-risk’ suppliers

Chinese-made equipment is set to be phased out from use in critical infrastructure under the EU’s new Cybersecurity proposal. The move would bar Huawei and ZTE from telecoms networks as well as solar energy systems and security scanners in a revision to the existing voluntary regime. A previous draft of the Cybersecurity Act noted that ‘fragmented national solutions have proven insufficient to achieve market-wide trust and co-ordination’. Industry representatives have expressed concern about the lack of viable alternatives – 90 per cent of solar panels installed in the EU are made in China for example, while telecoms operators have warned about the impact on consumer prices.

OpenAI to test ads in ChatGPT

OpenAI has announced that it will begin showing ads in the free and lower-priced tiers of its ChatGPT platform for some users in the US. They will appear in the coming weeks. The company says the advertising won’t affect any of ChatGPT’s answers, nor will data be shared with marketers. The move is seen as a departure from OpenAI’s current dependence on subscriptions and a reflection of the pressure to increase revenues to fund the company’s heavy spending on datacentres.

Sources:  The Financial Times, The Wall Street Journal, Bird and Bird, APNews, Euronews, CNN, The Guardian, The Daily Telegraph, Bloomberg, Euractiv, Ars Technica, Reuters, BBC, Politico, Telecompaper