On July 10, 2026, the European Commission issued a preliminary finding that Meta's Facebook and Instagram violate the Digital Services Act (DSA) by failing to adequately assess and mitigate "addictive design." The Commission is demanding that infinite scroll and video autoplay be disabled by default, that mechanisms interrupting usage be strengthened, and that recommendation systems be reformed away from their engagement-first bias. This is not yet a final decision. Even so, the finding makes clear a judgment: existing safety measures that leave control in the hands of users and parents are insufficient, and Meta itself must change the design that starts working the moment a service is opened.
Demand to Remove Infinite Scroll from "Default" Settings
What the European Commission flagged as problematic were infinite scroll and autoplay. It also included push notifications and personalized recommendations tailored to each individual. All of these continuously feed new content without interruption, delivering the next stimulus before users can decide to stop. According to the preliminary findings reported by the Associated Press, the Commission believes such designs can push users into an "autopilot"-like state and encourage compulsive use.
However, the Commission has not diagnosed individual users with addiction in a medical sense. What the DSA questions is whether companies have adequately investigated the "systemic risks" that large-scale service designs pose to physical and mental health, and whether they have implemented effective countermeasures. This includes minors and vulnerable adults among those affected.
Meta already offers usage time notifications and parental control features. But the Commission determined that time limits can be easily disabled or ignored, and that parents need knowledge and effort to understand and operate the settings. What divided the two sides was not the number of features, but what happens by default. The responsibility shifts from a structure where users must search for settings to stop themselves, to one where operators suppress features that invite excessive use from the outset.
Two Meta Cases Building Since 2024
This preliminary finding is an extension of an investigation that began in May 2024. At the time, the European Commission explained that Facebook and Instagram's algorithms might stimulate children's behavioral addictions and create a "rabbit hole effect" that draws them deeply into specific content. The investigation began with the risk assessment report Meta submitted in September 2023, the company's responses, public materials, and the Commission's own analysis.
The same proceedings also included the issue of age verification. In April 2026, the Commission issued a separate preliminary finding of violation regarding measures to prevent use by children under 13. The finding stated that even when children enter false birth dates during registration, no effective verification is in place, and detection and removal after registration are also inadequate.
While the two findings address different issues, they overlap in practice. If age cannot be accurately determined, protections for minors cannot be reliably applied. Meanwhile, infinite scroll and autoplay operate by default even for users who have passed age verification. By reviewing both the age verification at entry and the usage design after entry in parallel, the European Commission has expanded protection for minors from an account-settings issue to a matter of the entire service structure.
DSA Articles 34 and 35 Reach Product Design
DSA Article 34 requires very large online platforms to identify, analyze, and assess systemic risks arising from a service's design, features, and algorithms. Article 35 requires implementing "reasonable, proportionate, and effective" mitigation measures based on those results, explicitly citing changes to interface design and features as examples of countermeasures.
The law's recitals go further still. They state that the very optimization of services to fit advertising-centric business models can itself give rise to societal concerns, and include recommendation systems, advertising systems, and related data use within the scope of assessment. The DSA is not a law that uniformly bans a specific feature such as infinite scroll. But if a design that a company adopted to boost usage increases health risks, enforcement can reach as far as changing that design itself.
At this stage, no confirmed sanctions or implementation deadlines have been set for Meta. Under DSA Article 73, after the European Commission presents its preliminary findings and what it considers necessary measures, the company can review the investigation materials and respond in writing. If a violation is ultimately confirmed, the Commission can order corrective action within a set deadline. The maximum fine is 6% of global revenue from the previous fiscal year, and Meta could also be subject to enhanced oversight combining a corrective action plan with independent audits.
The Same Prescription Following TikTok
In February 2026, the European Commission issued a preliminary finding of violation against TikTok on the same grounds of addiction-promoting design. There, too, infinite scroll and autoplay, along with notifications and highly personalized recommendations, were flagged as problems. Time management tools were deemed insufficiently effective because they could be easily disabled. The improvements the Commission proposed were stopping infinite scroll, effective pauses including at night, and changes to the recommendation system.
This latest ruling on Facebook and Instagram extends the same evaluative framework from TikTok, centered on short-form video, to Meta's services, which combine feeds, Reels, and friend relationships. Even though the products look different on the surface, they share a common mechanism: using behavioral data to select the next piece of content, displaying it without interruption, and prompting return visits through notifications. The Commission is looking not at the names of individual apps, but at the series of actions that prolong usage.
The same standard was also reflected in the July 2025 guidelines on minor protection. The guidelines recommend disabling features such as autoplay and push notifications by default, and prioritizing users' explicitly stated intentions over their behavioral history in recommendations. Compliance is voluntary, and the document does not automatically guarantee DSA conformity. Still, because the Commission uses it as a reference point for judging compliance with Article 28, it functions as a de facto design checklist for companies.
Regulation may expand further still. In an EU-wide survey of approximately 5,000 children published by the European Commission on July 9, 48% called for rules against addictive designs that keep users engaged for longer periods. The results will also be used in preparations for the Digital Fairness Act, planned for sometime in 2026. This represents a trend of incorporating design regulation into consumer protection law even as DSA enforcement advances individual cases against major platforms.
The Question That Remains with Teen Accounts
In response to the preliminary finding, Meta countered that it introduced Teen Accounts after the investigation began, automatically placing minors into stricter settings. According to the company, parents can block nighttime use and reduce daily limits to as little as 15 minutes. The system, which started on Instagram, expanded to Facebook and Messenger in 2025, incorporating private-by-default settings and restrictions on contact and content.
Teen Accounts enhance safety in terms of who users can interact with and what content they can see. However, the approach of having parents set time limits does not answer the question of designs like infinite scroll and autoplay that operate by default. The Commission's preliminary view holds that the more protection depends on individual households' management capacity, the greater the disparity in its effectiveness.
What Meta should demonstrate going forward is not the mere fact that it added features, but results: how much these features reduced late-night and prolonged usage, and what differences emerged across age groups. How the European Commission defines the scope of default-setting changes and implementation deadlines in its final decision, and whether it demands metrics that can measure effectiveness through independent audits—these two points will determine whether Facebook and Instagram's design for European users actually changes.