Beyond social media: When governments regulate the wrong thing
Tech & Innovation
By
Amos Murumba
| Jul 13, 2026
Is it simply a matter of the wrong vocabulary? Legislative vocabulary, to be precise. If Parliament banned social media tomorrow, would a child stop socialising online? Or would those conversations simply migrate elsewhere, to messaging apps, gaming platforms and other digital spaces that no longer fit the legal definition of "social media"?
When governments first began proposing bans and age restrictions on social media for children, the target appeared obvious. Platforms such as Instagram, TikTok, Snapchat and Facebook quickly became the focus of concerns over deteriorating mental health, cyberbullying, online predators and deliberately addictive design.
Yet as more countries introduce debate restrictions, a more fundamental question is emerging: what exactly counts as social media?
That question has become even more pressing following recent developments on platforms that many governments do not classify as social media at all.
READ MORE
Survival: Why more workers are turning to affordable digital salary advances
Economy rebounds to grow at 5.3 per cent in first quarter
How pre-import vehicle inspection reforms birthed monopoly, unending court battles
KRA posts strong growth in tax collection
Dockers smile to the bank after pay hike in new CBA
Why Kenyans are cashing out retirement savings earlier
EU pushes Kenya to diversify exports beyond agriculture
Kenya to raise its stakes in Africa insurer
Sidian Bank, KBA and CISI partner to strengthen credit risk skills
WhatsApp, the world's most popular messaging application, has introduced personalised usernames, allowing users to connect without sharing their mobile phone numbers. At first glance, the move appears to strengthen privacy by reducing the amount of personal information people must disclose online. Meta has presented the feature as a way of giving users greater control over their identities while preventing unnecessary exposure of their phone numbers.
However, the update also illustrates why future regulation may need to look beyond platform labels. While usernames can improve privacy, they also create another digital identity that can potentially be exploited by scammers, impersonators and individuals seeking to groom or deceive children if adequate safeguards fail. Although there is no public directory and users must know another person's exact username before initiating contact, child safety experts have long cautioned that predators adapt quickly to new technologies designed primarily with convenience in mind.
The debate therefore extends far beyond WhatsApp itself. It asks whether governments are attempting to regulate an increasingly outdated category while children's digital lives continue evolving far more rapidly than legislation.
Digital policy commentator Jennifer Kaberi, Executive Director, Mtoto News, argues policymakers may be concentrating on the wrong target.
Children do not wake up intending to use "social media". They go online to learn, play, communicate, create, collaborate and belong. Increasingly, those experiences occur across gaming platforms, messaging services, educational technology, artificial intelligence assistants and virtual environments that neither describe nor market themselves as social media.
That observation reflects a broader trend emerging across Africa. In her June 2026 working paper Children's Digital Play in Africa, Jennifer Kaberi argues that African children's digital lives increasingly span messaging platforms, gaming ecosystems, educational technology, AI tools and physical gaming spaces, making traditional platform-based definitions of "social media" increasingly inadequate for policymakers seeking to regulate online harms.
If the harms governments seek to reduce exist across many different digital services, should regulation focus less on platform labels and more on the design features that create those harms?
It is a question regulators across the world are already grappling with.
Australia's Online Safety Amendment (Social Media Minimum Age) Act 2024 requires providers of designated age-restricted social media platforms to take reasonable steps to prevent children under 16 from holding accounts, placing the legal obligation squarely on technology companies rather than parents or young users.
Importantly, Australia also attempted something many governments have struggled to achieve: defining what actually constitutes social media. Rather than relying solely on well-known brand names, the legislation considers whether enabling online social interaction is a significant purpose of the service.
Yet even Australia's landmark reforms demonstrate how difficult those distinctions have become.
Several widely used digital services, including WhatsApp, Roblox, Discord, Google Classroom, Steam Chat and YouTube Kids, currently fall outside the list of age-restricted social media platforms because they satisfy exemptions or do not meet the legal definition. At the same time, Australian regulators have acknowledged that these classifications could change as digital products continue evolving.
The distinction immediately raises difficult policy questions.
A child may spend hours chatting with friends on Discord, build entire communities inside Roblox, collaborate with classmates through Google Classroom, exchange messages on WhatsApp or increasingly hold conversations with AI systems. None fits neatly within the traditional understanding of social media. Yet all facilitate interaction between users, all collect personal information to varying degrees and all present potential risks depending upon how they are designed and moderated.
As AI becomes embedded across mainstream digital services, those boundaries are becoming even harder to define. Children increasingly interact not only with other people but also with AI-powered assistants capable of generating realistic conversations, answering questions and maintaining extended interactions. The distinction between a messaging application, educational tool, search engine and a social platform continues to blur.
Dr Mashilo Boloka, Chief Executive Officer of OS Lab in South Africa and an Advisory Board Member at Marketplace Risk, says technology is now evolving far faster than regulation. "Technology is far outpacing regulatory development," he says. "Platform-specific regulation will not work." Instead, he argues regulation should be technology-neutral, focusing on design practices and cross-cutting risks because modern digital services increasingly combine messaging, artificial intelligence, education and social networking within a single ecosystem.
WhatsApp itself reflects this convergence. Alongside usernames, Meta continues expanding AI functionality, private conversations with its Meta AI assistant and increasingly sophisticated methods of organising digital communication. None of these features necessarily makes the platform less safe. Yet collectively they demonstrate that modern digital services are evolving into multifunctional ecosystems that combine communication, productivity, artificial intelligence and social interaction within a single application.
The European Union's Digital Services Act requires very large online platforms to assess systemic risks, including risks to minors, while the UK's Online Safety Act 2023 imposes duties of care requiring online services to identify and mitigate foreseeable harms to children.
Both frameworks recognise that digital harm often arises not simply because people communicate online, but because platforms are designed in ways that amplify engagement, recommendation and interaction.
Researchers from the Oxford Internet Institute, UNICEF, the 5Rights Foundation and other institutions increasingly argue that recommender systems, autoplay and infinite scrolling deserve greater regulatory attention than platform categories. As Baroness Beeban Kidron, founder of the 5Rights Foundation, has argued, safer outcomes require safer design.
That principle is supported by a growing body of academic research examining recommendation algorithms, infinite scrolling, autoplay, persuasive notifications, engagement streaks and personalised content systems. Although these features appear across many different digital services, they frequently produce similar behavioural effects regardless of whether the platform identifies itself as social media, gaming, education or artificial intelligence.
Not everyone agrees that shifting the focus entirely to design provides a complete solution.
Critics argue that age verification itself raises complex questions about privacy, proportionality, and implementation. The Australian Government's age assurance trial, alongside evidence presented during parliamentary scrutiny of the legislation, highlighted concerns about data protection, the accuracy of age verification technologies and the possibility that determined young users may circumvent restrictions through virtual private networks (VPNs), borrowed accounts or emerging platforms beyond the reach of existing laws.
These concerns have also been raised by digital rights organisations, which caution that collecting additional identity information to verify age may itself create new privacy risks if not carefully regulated. The challenge, therefore, is balancing children's safety with the fundamental rights to privacy, freedom of expression and access to information.
The discussion is also gaining prominence across Africa. Kaberi argues that many international digital safety frameworks have historically been developed around Global North experiences and often fail to account for African realities, including shared devices, multilingual users, community-centred digital practices and the rapid convergence of communication, gaming and learning platforms.
Kenya now finds itself confronting similar questions as lawmakers, regulators and the judiciary increasingly grapple with the realities of governing digital spaces.
On July 2, 2026, the High Court of Kenya declared unconstitutional provisions of the Kenya Information and Communications (Amendment) Act that allowed the Communications Authority to direct internet service providers to block websites without prior judicial oversight. The Court held that such powers disproportionately limited constitutional protections for freedom of expression and media freedom, reinforcing the principle that digital regulation must remain subject to due process.
Although the judgment centred primarily on constitutional safeguards rather than child online safety, it illustrates a much broader challenge confronting governments worldwide. Effective regulation is not simply about expanding state powers; it is about designing laws that are both effective and consistent with democratic rights and constitutional protections.
The ruling is likely to become an important reference point as Kenya develops future legislation governing online platforms, artificial intelligence and digital services. It signals that attempts to regulate the internet cannot rely solely on administrative authority but must be carefully balanced against constitutional freedoms.
Technological change continues to outpace regulation.
The introduction of WhatsApp usernames provides a timely illustration. Meta says usernames are intended to enhance privacy by allowing users to communicate without revealing their phone numbers. However, online safety specialists have observed that any system introducing persistent digital identities requires robust safeguards against impersonation, grooming and fraud, particularly where children are concerned. Whether those safeguards prove sufficient will become clearer only after widespread implementation.
This is not an argument against technological innovation. Nor is it an assertion that WhatsApp's latest features make the platform inherently unsafe.
Rather, it illustrates a recurring pattern throughout the digital economy. Every innovation designed to improve convenience, privacy or functionality can simultaneously introduce new risks requiring equally sophisticated safeguards. Effective regulation must therefore remain sufficiently flexible to evolve alongside technology instead of becoming anchored to categories that may no longer reflect how people actually use digital services.
The challenge is not unique to WhatsApp. Across the technology industry, companies are increasingly engaged in a race against organised crime, online predators and malicious actors who rapidly adapt to every new feature intended to improve user experience.
Encrypted messaging services have become essential tools for billions of people, protecting journalists, businesses, activists and ordinary citizens from unlawful surveillance and cybercrime. Yet the same technologies are also exploited by criminals seeking to conceal fraud, distribute illegal content, conduct financial scams and groom children. The result is a continuous technological arms race in which platforms are expected to strengthen privacy while simultaneously preventing abuse.
Artificial intelligence has intensified that challenge. Criminals now use AI to generate convincing phishing messages, clone voices, create deepfake videos and automate scams at unprecedented scale.
According to the Global Anti-Scam Alliance, consumers worldwide lose tens of billions of dollars annually to online fraud, much of it originating through digital platforms, messaging applications and social networks.
Cybersecurity firms have similarly reported significant increases in AI-assisted phishing attacks over the past two years.
CrowdStrike's 2025 Global Threat Report found that threat actors are using generative AI to create more persuasive phishing emails, fake social media personas and deepfake content, allowing them to scale social engineering campaigns more efficiently than before. While the firm noted that AI has not fundamentally changed cybercrime, it has significantly lowered the barriers to producing convincing fraudulent content.
Technology companies are responding by deploying increasingly sophisticated countermeasures. Meta says it removes billions of fake accounts annually, disrupts organised scam networks and increasingly relies on artificial intelligence to detect fraudulent behaviour before users report it. The company has also expanded partnerships with financial institutions and law enforcement agencies to tackle online scams across its platforms.
Other technology companies like Google and TikTok have similarly expanded automated threat detection and identity verification as they attempt to stay ahead of evolving threats.
Yet every new safeguard appears to trigger new methods of circumvention. Fraudsters continually modify tactics, online predators migrate between platforms, while organised cybercriminal groups increasingly exploit emerging technologies before regulators or platform operators fully understand the associated risks.
This constant cycle helps explain why digital safety has become less about reacting to individual incidents and more about anticipating threats before they emerge.
The consequence is that governments and technology companies are no longer confronting separate challenges. They are confronting the same one from different directions. While regulators seek laws capable of protecting citizens without undermining fundamental rights, technology companies are under mounting pressure to redesign products quickly enough to prevent criminals from exploiting the very innovations intended to improve user experience.
Boloka argues that governments must resist responding with intrusive regulation. Instead, he advocates proportionate, adaptable rules built around privacy-by-design, age-appropriate design and accountability, warning that stronger child protection should not come at the expense of privacy, innovation or fundamental rights.
That reality has profound implications for policymakers.
Children increasingly move seamlessly between messaging applications, gaming platforms, educational software, video-sharing services and artificial intelligence assistants, often within the same afternoon. They do not distinguish between "social media", "gaming", "education" or "AI" in the way legislation frequently does. From their perspective, these are simply interconnected digital environments where they communicate, learn, socialise and entertain themselves.
Kaberi argues this convergence shows children's digital experiences are ecosystem-based rather than platform-based, requiring policy to focus on the wider digital environment rather than individual services.
Legislation that regulates only one category risks creating significant blind spots as technology converges. Harmful design features do not become less harmful simply because they appear within a messaging application rather than a social networking platform, or inside an AI assistant rather than a video-sharing service.
Increasingly, researchers argue that the defining question should not be what a platform calls itself, but what it enables, how it functions and whether its design creates reasonably foreseeable risks for children.
This shift in thinking is already influencing international policy discussions. The Organisation for Economic Co-operation and Development (OECD), UNICEF and numerous child rights advocates have all emphasised that digital safety requires a whole-of-ecosystem approach, combining age-appropriate design, transparency, accountability, digital literacy and effective enforcement rather than relying exclusively on age restrictions or platform bans.
For Kenya, the implications are becoming increasingly relevant.
According to Carry1st and Newzoo's 2025 African gaming report, the continent had an estimated 349 million gamers in 2024, with 91 per cent playing primarily on mobile devices. The report identified Africa as the world's fastest-growing gaming market, underscoring how rapidly children's and young people's digital experiences are expanding beyond traditional social networking platforms.
Boloka believes Africa's greatest challenge is no longer recognising online harms but building the regulatory capacity to respond. He argues that effective online safety will require stronger legal frameworks, digital literacy, public awareness and closer collaboration between governments, educators, civil society and industry.
The country continues to expand internet access, digital learning, financial technology, artificial intelligence adoption and online entrepreneurship among one of Africa's youngest populations. Existing legal frameworks were largely developed when digital services could be more easily categorised. Today's platforms increasingly combine communication, commerce, education, entertainment and artificial intelligence within a single ecosystem.
If future legislation concentrates solely on traditional social media platforms, it risks leaving significant regulatory gaps as children migrate towards newer digital environments that fall outside conventional definitions. Conversely, regulating every interactive online service could impose substantial compliance costs, raise legitimate privacy concerns and potentially inhibit innovation.
The challenge, therefore, is not whether governments should regulate children's digital experiences. Few now dispute that some form of intervention is necessary. The real question is whether policymakers are regulating yesterday's internet while tomorrow's digital world is already taking shape.
Perhaps the question is no longer, "Which platforms should children be prohibited from using?"
Perhaps it is becoming, "Which digital design practices should have no platform, regardless of whether it is labelled social media, messaging, gaming, education or artificial intelligence, be permitted to expose children to?"
That conversation is no longer theoretical. It is unfolding in legislatures, courtrooms and regulatory agencies across the world.
Following the High Court's latest ruling, Kenya has an opportunity to shape that conversation through evidence-based regulation that protects children without compromising constitutional rights. As technology continues to evolve beyond the language used to describe it, the countries most likely to succeed will be those that regulate not merely the platforms children use, but the digital environments they inhabit.