Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
Under German law, the legal age of adulthood, also known as the age of majority, is 18 years old, as established by Sec. 2, 104 of the German Civil Code.
Has the UNCRC been directly incorporated into national law in your jurisdiction?
No.
No, the UNCRC has not been directly incorporated into national law in Germany. Therefore, strictly speaking, the rights set out in the UNCRC cannot be directly relied upon by children before domestic courts albeit that the UNCRC provisions may be applied by domestic courts in their interpretation of children’s rights.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
Yes.
Yes, Germany has a Federal Commissioner for Children's Rights to advocate for children's well-being in line with the UNCRC. Some federal states also have their own children's commissioners. However, there is no specific national statute mandating a federal children's ombudsperson; instead, advocacy for children's rights is integrated into various governmental roles and responsibilities.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
No.
No, the Federal Commissioner for Children's Rights in Germany does not have sole responsibility for upholding children's rights in the digital world. While they may advocate for children's digital rights, specific regulatory bodies like the Federal Commissioner for Data Protection and Freedom of Information (“BfDI”) and the Commission for the Protection of Minors in the Media (“KJM”) have primary competence in regulating digital matters affecting children.
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
Yes.
In general, the parents jointly represent the child, Sec. 1629(1)(2) German Civil Code (BGB) (in cases where guardianship is separated, additional).
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
No national law requirements beyond those set out in the GDPR Article 8; see more information on the GDPR-level requirements here.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
No national law requirements beyond those set out in the GDPR Article 8(2); see more information on the GDPR-level requirements here.
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
No national law requirements beyond those set out in the GDPR Article 12(1); see more information on the GDPR-level requirements here.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes.
Minors above the age of 7 can make their own legally binding declarations, but only those that are only legally advantageous for them. Sec. 107 German Civil Code (BGB). However it is not clear cut to what extent the involvement of parents may still be necessary.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
The data protection authorities do not require a minimum age or an age verification; a complaint can even be submitted anonymously.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
Under Sec. 20 Telecommunications Digital Services Data Protection Act (TDDDG) personal data collected by digital service providers to comply with youth protection regulations (e.g. age verification) must not be used for commercial purposes.
Additionally, see more information on the EU-level requirements here.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
No.
While the German DPAs have not imposed large fines yet, they closely monitor cases involving children and are closely working together with other EU DPA imposing sanctions.
Are there specific rules concerning electronic direct marketing to children?
Yes.
Sec. 7 of the German Act against Unfair Competition (“UWG”) generally includes the prohibition of unreasonable harassment through commercial activities. Unreasonable harassment also includes advertising using electronic mail without the explicit prior consent of the recipient. This includes messages sent by email, SMS or MMS or via comparable communication services. This provision is not explicitly aimed at minors but applies regardless of the age of the recipient of the advertising. With regard to consent, Art. 8 GDPR applies, according to which children can only give effective consent after reaching the age of 16. Prior to this, consent is only effective if it is given by the parents or by the child with the consent of the parents. Section 4a UWG covers the prohibition of aggressive commercial practices and applies to advertising to children as particularly vulnerable consumers. Depending on how it is structured, this may also include harassment via telephone and other means of distance communication. In addition, direct purchase appeals to children are always considered unfair according to No. 28 of the Annex to the UWG.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
In Germany, there are no specific regulations addressing the use of AdTech tracking technologies, profiling, and/or online targeted advertising towards children.
However the general (tech-agnostic) regulations referred to here apply, especially regarding aggressive business practices towards children (Sec. 4a of the Act against Unfair Competition) and the prohibition of directing direct purchase appeals to children (No. 28 of the Annex to the Act against Unfair Competition), which may relate to online targeted advertising.
Profiling is particularly regulated under Art. 8 GDPR and Art. 28(2) EU Digital Services Act. See more information on EU level requirements here.
Are there specific rules concerning online contextual advertising to children?
Yes.
Sec. 6 of the State Treaty for the Protection of Minors in the Media (“JMStV”) contains regulations on the protection of minors in advertising. The provision stipulates that advertising for content is subject to the same restrictions as the content itself. For example, an offer that is harmful to minors may only be advertised within a closed user group (adults only) (see further information here).
In addition, the regulation contains explicit advertising bans for children regarding alcoholic beverages and developmentally harmful content. Above all, advertising that is at least also aimed at children or young people must not harm the interests of children and young people or exploit their inexperience.
Section 4a of the Act against Unfair Competition (“UWG”) applies to advertising to children. According to the provision, it is explicitly unfair to take advantage of (young) age. If an advertisement is aimed at minors, the average minor must be included as the standard for admissibility. In addition, direct sales appeals to children are always considered unfair according to No. 28 of the Annex to the UWG.
There are also product-specific bans on advertising to children in relation to tobacco products (Section 21 (1) No. 2 of the Tobacco Products Act) and medical products (Section 11 (1) sentence 1 No. 12 of the Advertising of Medicines Act).
Additionally, see more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
No.
N/A
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
In Germany, a person acquires full contractual capacity at the age of 18, according to Sec. 2, 104 of the German Civil Code. This means that individuals 18 years and older can enter into agreements, including those for digital services, without parental consent.
However, minors aged 7 to 17 have limited contractual capacity as outlined in Sec. 106 to 113 of the German Civil Code. They can enter into agreements that are legally beneficial or with parental consent. For digital services, if a contract involves payment or obligations beyond what a minor can fulfil with their own resources (e.g., pocket money), parental consent is typically required.
Do consumer protection rules apply to children?
Yes.
The term “consumer” within the meaning of the German Civil Code (“BGB”) also includes children. This applies regardless of whether they are incapable of contracting (under the age of 7) or have limited legal capacity (7-17 years).
The term “consumer” plays a particularly important role in the Act against Unfair Competition ("UWG"). Consumers are explicitly protected against a large number of unfair acts (especially by the UWG Annex), which can include untrue statements or hidden advertising.
Additionally, see more information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
The Annex to the Act against Unfair Competition (“UWG”) contains an explicit list of commercial acts towards consumers that are always unfair. No. 28 of the Annex to the UWG stipulates that direct sales appeals to children are always unfair.
Additionally, see more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
N/A
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
The Interstate Treaty on the Protection of Minors in the Media (JMStV) establishes a tiered model for regulating children’s access to digital services based on content classification.
Section 4(1) JMStV prohibits certain content entirely, including child pornography and incitement to hatred.
Section 4(2) JMStV restricts access to content harmful to minors, such as explicit pornography or extreme violence, requiring strict age-verification systems (AVS) like closed user groups to ensure only adults can access it.
Section 5(1) JMStV covers content that may impair minors' development, mandating age classifications (0, 6, 12, 16, 18 years). Providers need to take care that minors of the relevant age groups do not normally see content beyond their own age classifications (e.g., via ID-card checks).
Are there any specific requirements relating to online/ digital safety for children?
Yes.
German law establishes strict online and digital safety requirements for children through the Interstate Treaty on the Protection of Minors in the Media (JMStV) and the Youth Protection Act (JuSchG), focusing on content restrictions, access controls, and provider responsibilities.
Section 4(1) JMStV prohibits content that is inherently illegal and dangerous (e.g., child pornography, extreme violence, incitement to hatred).
Section 4(2) JMStV mandates strict age-verification systems (AVS) for content harmful to minors (e.g., hardcore pornography, extreme violence), ensuring only adults can access it.
Section 5 JMStV regulates content that may impair minors' development, requiring age classification (0, 6, 12, 16, 18 years) and technical restrictions.
Section 6 JMStV specifically addresses advertising regulations for minors, prohibiting advertisements that exploit their inexperience, encourage dangerous behavior, or directly promote products unsuitable for their age group (e.g., alcohol, gambling).
Section 12 JMStV places obligations on digital service providers to implement protective measures, such as appointing youth protection officers, providing complaint mechanisms, and enforcing technical age restrictions.
Additionally, Section 14a JuSchG strengthens online child safety by requiring effective age-assurance systems, ensuring platforms implement robust content filtering and access controls.
In addition, the EU Digital Services Act also applies, which has also created a specific provision for the protection of children and young people in the digital environment for certain providers under Art. 28 EU Digital Services Act. See more information on EU level requirements here.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
The State Treaty for the Protection of Minors in the Media (“JMStV”) contains regulations on which content may not be made accessible to minors and how this is ensured.
Pornographic content or other content that is obviously seriously harmful to minors is generally prohibited under Section 4 (2) sentence 1 JMStV. Such content is only permitted in telemedia if the provider ensures that it is only made accessible to adults within a closed user group. This must be ensured in two steps. Firstly, an age verification must be carried out via face-to-face contact and a comparison with official ID data. Secondly, authentication is required for each individual user process.
In the case of content that is harmful to development, the provider must ensure that minors of the relevant age group do not normally perceive the content by making it more difficult to perceive (Section 5 JMStV). These criteria are lower than those for content harmful to minors (see above). Here, for example, an ID card check may be sufficient.
Additionally, see more information on the EU-level requirements here.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
With Section 24a of the Protection of Young Persons Act (“JuSchG”), the German legislator has implemented accompanying rules to Article 28(1) of the EU Digital Services Act (see more information on EU level requirements here) with exemplary precautionary measures for the privacy, safety and protection of minors.
Section 24a para. 1 no. 5 JuSchG stipulates that one of the precautionary measures that providers may introduce is the provision of technical means to control and monitor the use of content by persons with parental authority. Such a precautionary measure can also be ordered by the responsible authority under certain conditions. Failure to comply with the order can result in a considerable fine.
Additionally, see more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
Section 24a of the German Protection of Young Persons Act (“JuSchG”) defines a detailed catalogue of measures to accompany the youth protection provision of Art. 28 of the EU Digital Services Act (see more information on EU level requirements here.). Under certain conditions, the responsible authority can request the provider to implement, for example, a reporting and remedial procedure with user guidance suitable for children and young people. Furthermore, the provider can also set up default settings that limit usage risks for children and young people, taking their age into account. If the provider does not comply with these official requests, the authority can order the measures itself.
A violation of such an administrative order can be punished with a fine of up to five million Euros in accordance with Section 28 para. 3 no. 4, para. 5 sentence 1 JuSchG.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are (as yet) no specific national regulations dealing with children and AI. The AI Act (Regulation 2024/1689) also applies in this context. See EU-level response here. Nevertheless, sections 184b and 184c of the German Criminal Code (“StGB”) already cover child and youth pornography generated by AI. Although these provisions were not specifically drafted for AI, they generally apply in such cases as well. In addition, depictions created using generative AI may, in some cases, also be subject to further national regulations, even if these were not intended precisely for the regulation of AI. For example, some of the prohibited content listed in the numbers of Section 4 (1) sentence 1 of the State Treaty on the Protection of Minors in the Media (“JMStV”).
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
In Germany, there are considerations to explicitly include AI systems in the Interstate Treaty on the Protection of Minors in the Media (“JMStV”). This has been advocated in particular by the chairman of the Commission for the Protection of Minors in the Media (“KJM”), the central supervisory authority for the protection of minors on the internet and in private broadcasting.
Furthermore, it is being considered whether providers of AI systems should be obliged to appoint a youth protection officer who would act as a point of contact for users and as an advisor to the provider on matters of youth protection. In October 2024, the Conference of Education Ministers adopted a recommendation for dealing with AI in schools. According to this, the federal states agree to create consistent standards across the federal states with regard to the regulation of AI applications in schools. However, no further details have yet been specified. In addition, Germany, like all member states, must establish a supervisory structure for the national implementation of the AI Act by August 2, 2025. However, details on when this will be established and precisely what form it will take have yet to be announced. Similarly, the details of the national implementation efforts for the AI Act as a whole are as yet unknown.
Additionally, see EU-level response here.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
The KidD initiated around 70 proceedings in its first year. Particularly noteworthy is the removal of thousands of titles without age ratings from a gaming platform, following KidD’s notification to the company about the legal requirements.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
The German Digital Services Act (“Digitale-Dienste-Gesetz”) created the Office for the Enforcement of Children's Rights in Digital Services (“KidD”) to concretize the implementation of the EU Digital Services Act (DSA) (see more information on EU level requirements here) in Germany. It monitors compliance with the DSA and the Protection of Young Persons Act (“JuSchG”) regarding precautionary measures for the protection of minors. The draft law on the protection of children from advertising for foods with a high sugar, fat or salt content (“KLWG-E”) also aims to regulate food advertising aimed at children. In addition to TV advertising, this would also include advertising on websites and video-sharing platform services. However, the law has not yet been passed. Additionally, see more information on the EU-level requirements here.
