The Children’s code (or the Age appropriate design code) contains 15 standards that online services need to follow. This ensures they are complying with their obligations under data protection law to protect children’s data online.

The code applies to “information society services likely to be accessed by children”. The definition of an ISS is “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.” 

Online services covered by the code are wide ranging and include:

  • apps;

  • programs;

  • search engines;

  • social media platforms;

  • online messaging or internet based voice telephony services;

  • online marketplaces;

  • content streaming services (eg video, music or gaming services);

  • online games;

  • news or educational websites; and

  • any websites offering other goods or services to users over the internet.

If children are likely to access your service, even if they are not your target audience or user, then you need to consider the Children’s code. The code is intended to ensure that online services are designed with the best interests of children in mind, taking into account their age and the potential risks associated with processing their personal data.

An edtech service used by a school can be subject to the code. The rules are complex.

You can contact our specialist team at 

The law and practice referred to in this article or webinar has been paraphrased or summarised. It might not be up-to-date with changes in the law and we do not guarantee the accuracy of any information provided at the time of reading. It should not be construed or relied upon as legal advice in relation to a specific set of circumstances.