Brazil’s House of Representatives approves Bill to protect minors in the digital environment

August 21, 2025

Brazil’s House of Representatives approves Bill to protect minors in the digital environment

This Wednesday, August 20, the Brazilian House of Representatives approved Bill #2,628/22, outlining rules for the protection of children and adolescents online. The Bill had previously passed in the Senate and will now return for ratification due to amendments introduced by the House.

The Bill gained renewed urgency following a viral video by influencer Felipe Bressanim Pereira, known as “Felca”, denouncing the sexualization of minors on social media platforms. The video, which garnered over 45 million views, sparked widespread public debate over the protection of minors online and accelerated legislative action.

In addition to the legislative text, the House also approved the creation of a working group tasked with studying and proposing further legislative solutions for the protection of children and adolescents in digital environments. This group has a 30-day deadline to present its findings.

The Bill introduces extensive obligations for Internet Service Providers (ISPs) operating in Brazil. Key provisions are:

  • Scope and applicability: the new rules are applicable to all ISPs whose products or services are targeted at or likely to be accessed by minors. “Likely access” is defined as (i) sufficient probability of use and attractiveness to minors; (ii) considerable ease of access and use; and (iii) a significant degree of risk to privacy, safety, or biopsychosocial development.
  • Priority protection and best interests: digital products and services targeted at or likely to be accessed by minors must ensure priority protection of these users. They must be guided by the minors’ best interests and incorporate adequate and proportionate measures to ensure a high level of privacy, data protection, and safety.
  • Risk prevention by design: providers of digital products and services targeted at or likely to be accessed by minors must adopt reasonable measures from the design stage to prevent and mitigate risks of exposure to harmful content, including content related to sexual exploitation and abuse, physical violence, cyberbullying, incitement to self-harm or substance abuse, gambling, predatory advertising, and pornography.
  • Age verification and restrictions:
    • Providers of digital products and services targeted at or likely to be accessed by minors must implement mechanisms that ensure age-appropriate user experiences. These service providers must ensure that user accounts belonging to minors up to 16 years must be linked to the account of one of their parents.
    • Providers of app stores and operating systems must implement proportional, auditable, and technically secure measures to verify users’ age or age range, and enable, through API, the transmission of age signals to ISPs.
    • ISPs offering content, products or services deemed inappropriate for minors must implement effective measures to prevent access by minors. This includes deploying reliable age verification mechanisms at each access. Self-declaration is explicitly prohibited. For the scope of this rule, “inappropriate” content, products or services are defined as those containing pornographic material, as well as those classified as not recommended for the corresponding age group, according to age rating guidelines or any other restrictions established by current legislation.
  • Parental supervision:
    • ISPs must offer accessible and user-friendly parental supervision features allowing parents to: (i) view, configure, and manage account and privacy settings; (ii) restrict purchases and financial transactions; (iii) identify adult profiles interacting with the minor; (iv) access consolidated metrics on total usage time; (v) activate or deactivate safeguards through accessible controls; and (vi) access all information and control options in Portuguese.
    • Providers of app stores and operating systems must allow parents to configure voluntary parental supervision mechanisms and actively monitor the access of minors to applications and content.
  • Reporting obligations: ISPs must report any detected content involving apparent sexual exploitation, abuse, abduction, or grooming of minors to the appropriate national and international authorities, following the requirements and deadlines to be defined in further regulation.
  • Data preservation: ISPs are required to retain, for 6 months, relevant data from cases reported as sexual exploitation. This includes the reported content, metadata referring to said content, and data and metadata from involved users.
  • Notice-and-takedown: ISPs must promptly remove content that violates the rights of children and adolescents upon notification, regardless of a court order. For the purpose of this rule, content related to sexual exploitation and abuse, physical violence, cyberbullying, incitement to self-harm or substance abuse, gambling, predatory advertising, and pornography is considered a violation. Users whose content is removed must be notified and granted the right to appeal, with clear justification, access to the appeal process, and defined procedural deadlines. This rule does not apply to content of a journalistic nature and subject to editorial control.
  • Transparency reports: ISPs with over 1 million underage users must publish semi-annual transparency reports in Portuguese. These must include at least: (i) the channels for receiving complaints; (ii) the number of complaints received; (iii) the number of content or account moderation actions, by type; (iv) the measures to identify child accounts and detect illicit activities; (v) the technical improvements for data protection and privacy; (vi) the mechanisms for verifying parental consent; and (vii) the methods and results of impact assessments and risk management related to the safety and health of minors.
  • Local legal representation: ISPs operating in Brazil must maintain a legal representation in the country with the authority to receive judicial and administrative summons, notices, and communications and to respond to Executive, Judiciary, and Public Prosecutor’s Office authorities;
  • Sanctions: non-compliance with legal obligations may result in: (i) warning; (ii) fines of up to 10% of the economic group’s revenue in Brazil or up to BRL 50 million per violation; (iii) temporary suspension of activities; or (iv) permanent ban.
  • Governance: the government will create an autonomous regulatory authority to oversee enforcement and issue guidelines.

The Bill will now be submitted to the Senate for ratification. Our team is closely assessing the new framework and its impacts on ISPs operating in Brazil.

For further information, please contact us at info@lickslegal.com.

RECENT ALERTS

Brazil’s House of Representatives approves Bill to protect minors in the digital environment

August 21, 2025

BRPTO Opens Public Consultation on New Examination Guidelines for AI-Related Inventions

August 18, 2025

Ministry of Health establishes Technical Advisory Committee to support the PDP Program

August 11, 2025

LINKEDIN FEED

FOLLOW US ON SOCIAL MEDIA

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Av. Nações Unidas, 12.901
North Tower - 15th floor
Sao Paulo/SP Brazil
04578-910
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Curitiba PR – Brazil
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2025 Licks Advogados

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office