India's apex child protection body National Commission for Protection of Child Rights (NCPCR) is set to approach the Ministry of Electronics and Information Technology (MeitY) to recommend mandating KYC-based system for verifying children's age under the Digital Personal Data Protection (DPDP) Act, sources said.

The body is set to write a letter to MeitY by August 21, they added.

The decision was taken in a closed door meeting NCPCR held on August 13 with social media firms. In the meeting, the body warned platforms to start KYC-based age verification for children.

"Companies were warned and have been asked to verify children's age as mentioned in Section 9 of the DPDP Act. We will make strong recommendations to the IT ministry regarding this and about mandating KYC-based norms for verifying the same," a government source said.

The DPDP Act defines a child as someone below the age of 18 and Section 9 of the legislation mandates that such children have to be verified and parental consent will be required before processing their.

Also read: Educational, health institutions may be exempted from restrictions on children’s data processing

This development comes, even as the Ministry of Electronics and Information Technology has reportedly "solved" the children's age-verification issue in the DPDP Rules. The rules are expected to be released for consultation within the next month.

While the DPDP Act, 2023, introduces a legal framework for the protection of personal data in India, the Rules, formulated under this Act, will detail how the provisions of the Act are implemented and enforced.

What happened in the meeting

Social media platforms who were part of the meeting were X (formerly Twitter), Instagram, WhatsApp, YouTube, Snap, Sharechat, Reddit and Bumble. Signal, too, was invited, but a representative during the meeting was not present.

An industry source mentioned that during the meeting, NCPCR noted that they had not been consulted by MeitY on the matter related to children's age.

The body also quizzed social media platforms on how platforms identify and report offensive children-related content, another stakeholder said. Stakeholders were also asked to make their oral submission regarding the issue.

Also read: Verify parents through govt ID: Draft DPDP Rules on avoiding self verification by children

Platforms informed NCPCR that report to the National Center for Missing & Exploited Children (NECMEC), a private, nonprofit organization established in 1984 by the United States Congress.

NCPCR reportedly said that Indian law enforcement agencies face delays upto six months in getting required data from NECMEC. Moneycontrol could not independently verify these claims.

Moneycontrol has reached out to the attendees of the meeting with queries on the matter, and the article will be updated when a response is received.

DPDP Rules and children's age issue

On July 18, the IT ministry held a meeting with social media platforms in the context of the government being unable to zero in on a single, full-proof method for verifying children's age.

The ministry had earlier explored leveraging Aadhaar or Digilocker for the same. However, the methods were found to be unfeasible, sources said.

Also read: DPDP Bill: Restrictions on processing children's data will curtail innovation, say experts

At the end of the meeting, it was decided that MeitY will not prescribe any method to the industry for verifying children's age, and industry was asked to send in their solutions. Over the next two weeks industry sent their submissions in this regard.

Last week, government sources said, MeitY held a review meeting on the DPDP Rules, where they zeroed in on a mechanism for verifying children's age. However, right now, the ministry is incorporating a few other changes, post which the rules will be released for consultation.

NCPCR's KYC argument

This is also not the first time that NCPCR has brought up the issue of how easily accessible adult content is for minors, and the lack of KYC-based systems for children accessing such platforms.

In March, IPO-bound Ullu, an OTT platform which offers movies and series targeted at an adult audience, courted trouble after NCPCR asked MeitY take action against the platform for making sexual content easily available for minors.

“The app is easily accessible on Google and Apple and does not seem to have any KYC requirement for downloading or viewing any content it makes available to its private group,” NCPCR's letter to MeitY read.