Law 15.211/25: Protection for Children and Adolescents in the Digital Environment

Known as the Digital Child and Adolescent Statute (ECA Digital), the new regulation will require companies to implement measures to ensure compliance and mitigate regulatory and reputational risks.

03 December 2025

Law 15.211/25, known as the Digital Child and Adolescent Statute (ECA Digital), establishes a new regulatory framework for the use of technology by individuals under 18 in Brazil. Published in the Official Gazette on September 18, the new regulation aims to address the increasing risks in the digital environment, aligning with the Child and Adolescent Statute (ECA) and the General Data Protection Law (LGPD).

The law, originating from Bill 2.628/22, establishes obligations for suppliers of information technology products and services directed to or accessible by children and adolescents in the national territory.

The central objective is to ensure that the rights of children and adolescents are prioritized, raising standards of data protection, privacy, and security, as well as promoting governance and accountability in the digital ecosystem.

The new law has a broad scope, applying to any IT product or service available in Brazil, regardless of its origin. The text defines concepts such as social networks, child monitoring, loot boxes, and user profiling.

Among the main provisions, the following stand out:

- The obligation of integral protection and the prevalence of the interests of children and adolescents;

- The duty to prevent the use of products inappropriate for the age group;

- Prevention of exposure to illegal and harmful content;

- Strong privacy and data protection for the processing of children’s and adolescents’ data; and

- Mechanisms to prevent access to illegal content.

Parental control is strengthened. The law establishes that accessible tools must be offered for blocking accounts, limiting content and usage time, in addition to more protective default settings. It also requires transparency about risks and security measures. Monitoring products must ensure data inviolability and inform children and adolescents about the monitoring.

In the electronic gaming sector, the new regulation prohibits loot boxes in games accessible to minors. Additionally, games must provide age ratings, parental controls, and reporting channels.

Digital advertising cannot use profiling and emotional analysis techniques to direct content to children and adolescents. The use of augmented or virtual reality for this purpose is also prohibited.

For social networks, Law 15.211/25 requires that children's accounts be linked to legal guardians. It also establishes continuous monitoring to verify the user's age and prohibits the creation of behavioral profiles for advertising.

The fight against child sexual abuse is reinforced. It becomes mandatory to report illegal content to authorities and to immediately remove violating content, regardless of a court order. Furthermore, mechanisms for reporting and data retention must be provided according to regulations. Providers with more than 1 million users under the age of 18 must publish semiannual reports on complaints, moderation, and protection measures.

The sanctions provided include warnings, fines of up to 10% of the group's revenue (or up to R$ 50 million per infraction), suspension or prohibition of activities, with dosimetry criteria based on severity, recurrence, and social impact. The amount of fines will be allocated to the National Fund for Children and Adolescents.

The impact on companies is significant. It will be necessary to:

- Review user journeys;

- Implement robust privacy and data protection measures;

- Adopt age verification;

- Restrict targeted advertising; and

- Strengthen moderation and transparency processes.

Platforms, social networks, games, device manufacturers, and other technology companies will need to adapt products, contracts, and governance strategies to meet the new requirements.

The enactment of Law 15.211/25 marks a new level of protection for children and adolescents in Brazil’s digital environment, imposing significant challenges for technology companies, digital platforms, social networks, device manufacturers, and other stakeholders in the ecosystem.

The need to review processes, products, privacy policies, advertising, and governance requires strategic planning and multidisciplinary action to ensure compliance and mitigate regulatory and reputational risks.

Our digital law and data protection team is prepared to assist companies in assessing impacts, implementing controls, reviewing contracts, and adapting to the new legislation's requirements, promoting legal security and social responsibility in the digital environment.

LEGAL INTELLIGENCE

Law 15.211/25: Protection for Children and Adolescents in the Digital Environment

Known as the Digital Child and Adolescent Statute (ECA Digital), the new regulation will require companies to implement measures to ensure compliance and mitigate regulatory and reputational risks.

Authors

Who we are

CAREER

CAREER

Privacy

Information Security

Integrity

LEGAL INTELLIGENCE

Law 15.211/25: Protection for Children and Adolescents in the Digital Environment

Known as the Digital Child and Adolescent Statute (ECA Digital), the new regulation will require companies to implement measures to ensure compliance and mitigate regulatory and reputational risks.

Authors

Related Content

Ebook: COP30 in Belém - Brazil at the center of global climate action

Ebook - What you need to know about redata

States attempt to minimize impacts on exporting companies

Sovereign Brazil plan: MP responds to tariff hike

The Unconstitutionality of the IOF on Drawn-Risk Transactions

Increase in the IOF and the Vices of its Motivation

Ebook: What changes in the IOF and what are the points of attention

Working groups discuss tax procedural reform

Who we are

CAREER

CAREER

Privacy

Information Security

Integrity

Categories