hekate/attestation-findings
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
attestation-findings/data/processed/global_coordination_research.md
hekate b6b7a23cec Upload files to "/"
2026-03-14 07:10:42 +00:00

17 KiB
Raw Blame History

Global Coordination of Age Verification & Child Safety Legislation

Research Date: March 14, 2026

Sources: EU Transparency Register (via LobbyFacts), RSF/Agencia Publica cross-country investigation, Corporate Europe Observatory, Brazilian legislative records, ICMEC press releases, EFF, IAPP, HRW

1. The Global Wave: Bills Introduced Simultaneously Across 30+ Jurisdictions

Country Law/Bill Status Effective Burden On Model
United States (20+ states) ASAA variants (UT SB-142, TX SB-2420, LA HB-570, AL HB-161, KS SB-372, etc.) 4 enacted, 17+ pending Various 2025-2026 App stores DCA/ASAA template
United States (CA) AB-1043 (Digital Age Assurance Act) Enacted Oct 2025 Jan 1, 2027 OS/device makers ICMEC/DAAA template
United States (CO) SB26-051 (Age Attestation on Computing Devices) Pending TBD OS/device makers ICMEC/DAAA template
Brazil Digital ECA (Lei 15.325/2025) Enacted Sep 2025 Mar 17, 2026 Platforms directly Brazilian original
Australia Online Safety (Social Media Minimum Age) Act Enacted Dec 2025 Phase 1 active, Phase 2 Mar 2026 Platforms directly Australian original
United Kingdom Online Safety Act 2023, age verification provisions Enforcement began Jul 2025 Active Platforms hosting harmful content UK original
France Under-15 social media ban (proposed) Announced by Macron, Jun 2025 Target Sep 2026 Platforms EU-aligned
Spain Under-16 social media ban (proposed) Announced Feb 2026 TBD Platforms EU-aligned
Italy Age verification regulation Adopted 2025 TBD Platforms EU-aligned
EU (5-country pilot) EU Age Verification App Pilot launching Mar 2026 Pilot phase Government-issued digital wallet EU EUDIW
EU (11 member states) Joint call for under-15 verification France, Cyprus, Denmark, Greece, Italy, Slovenia, Spain + others Policy proposal Platforms EU DSA framework
EU (Parliament) Digital minimum age of 16 proposal EP committee recommendation Proposed Platforms EU DSA framework

Temporal Clustering

  • Oct 2024: ICMEC publishes DAAA model bill
  • Dec 2024: DCA domain registered, website live within 24 hours
  • Jan-Jun 2025: Wave of US state ASAA introductions
  • Mar 2025: Utah SB-142 enacted (first US ASAA)
  • May 2025: Texas SB-2420 enacted
  • Jun 2025: Louisiana HB-570 enacted, Macron announces French under-15 ban
  • Jul 2025: UK Online Safety Act age verification enforcement begins
  • Sep 2025: Brazil Digital ECA enacted
  • Oct 2025: California AB-1043 enacted
  • Dec 2025: Australia under-16 ban enacted
  • Feb 2026: Alabama HB-161 enacted, Spain announces under-16 ban
  • Mar 2026: Brazil Digital ECA takes effect, EU pilot launches

This clustering within 18 months across 30+ jurisdictions is unprecedented.

2. Meta's EU Lobbying Operation

Financial Scale

  • Annual EU lobbying spend: EUR 10 million (largest single company spender)
  • Increase: EUR 2 million over 2023 levels
  • Retained consulting firms: EUR 1.5 million across 18+ firms

Personnel

  • 30 declared lobbyists (13.8 FTE)
  • 8 European Parliament accredited lobbyists:
    • Anna Helseth
    • Stacey Featherstone
    • Maria Luisa Jimenez Martin
    • Cesare Marco Pancini
    • Doreen El-Roeiy
    • Bartolomeo Poggi
    • Yuliia Kulakovska
    • Simone Gobello

Retained Lobbying Firms (2024, by spend bracket)

Spend Firm
EUR 300K-400K Shearwater Global
EUR 200K-300K EU Strategy, Fourtold, Milltown Partners Group Limited
EUR 100K-200K Utopia Lab S.R.L., Afore Consulting, Oxera Consulting LLP
EUR 50K-100K Trilligent, White & Case LLP, Hogan Lovells International LLP, Vinces Consulting, Political Intelligence Brussels, Nove
EUR 25K-50K Arthur Cox LLP, Plum Consulting Paris, Giuseppe Cassano
EUR 10K-25K Policy Impact Partners Limited, FTI Consulting Belgium, Ipsos Public Affairs LLC

Meetings with EU Officials (H1 2025)

  • 63 meetings with MEPs (most of any tech company)
  • 27 meetings with high-level Commission staff
  • Big Tech collectively: 232 MEP meetings, 146 Commission meetings in H1 2025

Documented Commission Meetings on Child Safety

  • June 2024: "Children on internet protection" (VP Vera Jourova)
  • February 2024: "Minor protection online"
  • 2025: Meetings with Commissioner McGrath on "Digital Fairness Act, protection of minors, data protection"
  • 277 total documented Commission meetings (Dec 2014 through Dec 2024)

Legislative Dossiers Targeted (declared)

  • Digital Services Act (DSA)
  • Digital Markets Act (DMA)
  • AI Act, AI Liability Directive
  • CSAM regulation
  • Age-Appropriate Design Code
  • European Media Freedom Act
  • GDPR, EU-US Data Flows
  • Digital Networks Act

70+ Organizational Memberships Including:

  • DigitalEurope
  • Business Europe
  • Chamber of Progress
  • European Internet Forum
  • CEPS, CERRE, Bruegel
  • Country-specific associations in Germany, Spain, Belgium, Finland, Denmark, Italy

Source: EU Transparency Register via LobbyFacts (lobbyfacts.eu), Registration ID 28666427835-74, Corporate Europe Observatory report (Oct 2025)

3. Brazil: Meta's Lobbying Against the Digital ECA

The Law

Brazil's Digital ECA (Estatuto da Crianca e do Adolescente Digital) was enacted September 17, 2025. Takes effect March 17, 2026 (3 days from this writing).

Key provisions:

  • Applies to any product/service directed at or "likely to be accessed by" minors
  • Bans self-declaration for age verification (must use "proportionate, auditable, and secure" methods)
  • Requires parental consent for minors under 16 on social networks
  • App stores must obtain parental consent for downloads by minors
  • Prohibits profiling minors for advertising
  • Bans loot boxes in games
  • Default settings must prevent compulsive use
  • Fines up to 10% of Brazilian revenue or R$50 million per violation
  • Enforced by ANPD (National Data Protection Agency)

How the Bill Differs from US ASAA

Brazil's Digital ECA puts the compliance burden on platforms directly, not on app stores or OS manufacturers. This is the opposite of Meta's preferred US approach. Meta failed to shift the burden in Brazil.

Industry Lobbying

  • Passage occurred "despite fierce opposition from tech companies"
  • Industry lobbying successfully removed the loot box ban from the Chamber of Deputies version; it was reinstated by the Senate in the final text
  • Over 200 meetings with Brazilian lawmakers documented
  • Former President Michel Temer acted as "unofficial intermediary for big tech" during regulation negotiations (revolving door)
  • Meta ran a paid advertising campaign against Brazil's earlier "Fake News Bill" (PL 2630), falsely claiming it would "ban the Bible"

Trade Associations

  • Brasscom (Brazilian Association of Information and Communication Technology Companies): main tech trade association, promotes ICT sector jointly with public authorities
  • Specific Brasscom positions on Digital ECA not yet documented in available sources

Sources: HRW, Inside Privacy, IAPP, RSF/Agencia Publica investigation, ProMarket

4. The RSF Cross-Country Investigation

Reporters Without Borders (RSF) coordinated a 9-month investigation with Agencia Publica and CLIP into big tech lobbying across countries:

Scale

  • 2,977 documented lobbying actions across 10 countries plus the EU
  • 1,414 company representatives involved
  • 2,506 public officials contacted
  • 40+ journalists from 17 media outlets
  • Countries investigated: Brazil, Canada, Colombia, Indonesia, Australia, Ecuador, Paraguay, El Salvador, Argentina, Chile, Mexico, USA, South Africa

Findings: Common Tactics Across Countries

  1. Disinformation campaigns: Meta orchestrated false claims in Brazil that regulation would "ban the Bible"; launched paid ad campaigns against legislation
  2. Revolving door lobbying: Former heads of state and government officials recruited as intermediaries (Michel Temer in Brazil)
  3. Astroturfing: "Funding civic or academic initiatives that appear independent, but oppose regulation"
  4. Legal evasion: In Ecuador and Colombia, argued extraterritoriality (national laws don't apply when data processed abroad)
  5. Divide and conquer: In Indonesia, Google signed confidential deals with select media outlets to weaken collective bargaining on content remuneration
  6. Decentralized influence: Operating "through former officials, trade associations and front groups that hide the platforms' direct involvement"

Connection to US Findings

The RSF investigation's description of Meta's global tactics exactly mirrors what we documented in the US:

  • Astroturfing = DCA
  • Front groups hiding direct involvement = DCA, ConnectSafely
  • Trade associations = TechNet, Chamber of Progress, CO Tech Association
  • Revolving door = Heritage Foundation personnel pipeline
  • Disinformation = not documented in US ASAA context (yet)

Source: RSF (rsf.org), Agencia Publica, CLIP

5. ICMEC's International Coordination

Joint International Call for Device-Based Age Verification

ICMEC and Crime Stoppers International (CSI) issued a joint call for mandatory device-based age verification globally. This represents the DAAA track extending beyond US borders.

ICMEC's Global Reach

  • Trained 2,600+ child protection professionals across 30+ countries in 2024
  • Operation Renewed Hope II involved 47 partner countries
  • Publishes model legislation reviewed across 196 countries (CSAM model law, 10th edition)
  • Operates ageverificationpolicy.org for promoting DAAA model to policymakers globally
  • Meta is a confirmed ICMEC donor

ICMEC Personnel Active Internationally

  • Bob Cunningham (Director of Policy Engagement): testified in ND, VA, WV
  • Jessica Marasa (Policy Advisor, former Twitch): supported CA AB-1043
  • Hayley van Loon (Crime Stoppers International Deputy CEO): co-signatory on joint call
  • Travis Heneveld (ICMEC Interim CEO): co-signatory on joint call

Source: ICMEC press releases, ICMEC 2024 Impact Report

6. EU-Level Age Verification Coordination

EU Age Verification Blueprint

The European Commission published guidelines in July 2025 for "user-friendly and privacy-preserving" age verification, including a blueprint being piloted in 5 countries:

  • Denmark
  • France
  • Greece
  • Italy
  • Spain

Pilot app launching March 2026, based on EU Digital Identity Wallet (EUDIW) under eIDAS 2.0.

11 Member States Joint Call

Led by French Delegate Minister, 11 EU member states called for EU-wide age check mechanisms:

  • France, Cyprus, Denmark, Greece, Italy, Slovenia, Spain + 4 others
  • French President Macron threatened unilateral under-15 ban if no EU progress

EP Committee Recommendations

European Parliament's Internal Market and Consumer Protection Committee:

  • Proposed EU-wide "digital minimum age" of 16 for social media without parental consent
  • Stated major platforms "are not doing enough"
  • Urged rapid DSA enforcement

DSA Enforcement Against Meta (ongoing)

  • European Commission found preliminary violations: Meta's Facebook and Instagram failed to provide adequate illegal content reporting and content moderation challenge mechanisms
  • Full enforcement expected to ramp up in 2026

Sources: European Commission, Biometric Update, Lewis Silkin, Taylor Wessing

7. Evidence of Global Coordination

What We Can Prove

  1. Same company, same tactics, multiple countries: RSF documented 2,977 Meta/Google lobbying actions across 10+ countries using identical playbook (astroturfing, revolving door, trade associations, front groups)
  2. ICMEC distributes model legislation internationally: DAAA model bill explicitly designed for adaptation across jurisdictions, promoted to policymakers globally through ageverificationpolicy.org
  3. DCA distributes ASAA model legislation across US states: template provisions shared verbatim across UT, TX, LA, AL, KS, SD, OH
  4. Meta funds both tracks: Confirmed ICMEC donor + confirmed DCA funder
  5. Same temporal window: 30+ jurisdictions introduced age verification bills within 18 months (Oct 2024 to Mar 2026)
  6. EU member state coordination: 11 countries jointly calling for uniform approach, 5 countries piloting shared app
  7. Meta's EU lobbying specifically targets child safety: Documented Commission meetings on "Children on internet protection" and "Minor protection online"

What We Cannot Yet Prove

  1. Whether DCA operates outside the US (no evidence found of international activity, but Casey Stefanski's prior role was "Senior Director of Global Partnerships" at NCOSE)
  2. Whether Meta's US lobbying firms coordinate with its EU lobbying firms (18+ EU firms, 40+ US firms)
  3. Whether Brazil's Digital ECA was influenced by the same model legislation networks (it appears to be Brazilian-original, not derived from ICMEC or DCA templates)
  4. Whether ConnectSafely's $100K/year UK wire connects to EU-level advocacy
  5. The identity of ICMEC's full international signatory list on the device-based age verification call
  6. Whether Meta's EUR 10M EU spend includes age verification lobbying specifically or is spread across other dossiers

Key Difference: US vs. Rest of World

In the US, Meta's preferred model (ASAA) shifts the compliance burden to app stores (Apple/Google). In Brazil, the EU, UK, and Australia, the burden falls on platforms directly. Meta appears to have failed to execute the ASAA playbook outside the US. The question is whether this failure was because:

  • The ASAA approach was tried and rejected internationally
  • Meta didn't attempt it (focused resources on US state legislatures)
  • Different regulatory frameworks (DSA, Digital ECA) made the app-store approach structurally impossible

8. Research Gaps and Next Steps

Immediate (can be done now)

  1. EU Transparency Register direct query: Pull Meta's full meeting log from transparency-register.europa.eu for 2024-2026
  2. UK Charity Commission search: Identify ConnectSafely's unnamed UK grant recipient by searching for US-funded internet safety charities receiving ~GBP 80K
  3. ICMEC 990 Schedule I pull: Check for international grants from ICMEC (EIN 22-3630133)
  4. Brazil Camara API: Query dadosabertos.camara.leg.br for lobbying interactions on PL 3628/2024 (Digital ECA)

Medium-term

  1. Bill text comparison: Diff legislative text across all jurisdictions to identify shared template language
  2. WeProtect Global Alliance: Check membership/attendee lists for Meta personnel and DCA-affiliated organizations
  3. Cross-reference Meta's EU and US lobbying firms: Check if any of the 18 EU firms also appear in US state lobbying registrations
  4. RSF investigation full dataset: Request access to the 2,977 documented lobbying actions for Meta-specific analysis
  5. Australian lobbying records: Check Meta's registered lobbyists and positions on the Online Safety Act

Long-term

  1. FOIA to European Commission: Request all meeting minutes between Meta representatives and Commission officials mentioning age verification, child safety, or minors (2024-2026)
  2. Brazilian ANPD transparency: Request Meta's regulatory submissions related to Digital ECA compliance
  3. Cross-country personnel tracking: Map whether any individuals appear in lobbying records across multiple countries

Sources