The ANPD has set a final deadline of February 13, 2026 for selected companies to submit detailed information on the technical and organizational measures adopted to comply with the Digital ECA. Although this initial phase involves only 37 organizations, it anticipates the mandatory entry into force of the Digital ECA for the entire market as of March 2026.

Regulatory enforcement focuses on digital products and services aimed at children and adolescents, or those likely to be accessed by this audience, including platforms, applications, games, educational environments, social networks, marketplaces, and streaming services.

The ANPD seeks to ensure the protection of this public’s fundamental rights in the digital environment, mitigating risks related to:

• Sexual exploitation and violence;
• Harassment and encouragement of practices harmful to health;
• Gambling;
• Abusive advertising;
• Inappropriate or pornographic content.

In addition, the Digital ECA requires companies to adopt effective age-verification mechanisms, as well as provide clear and accessible information to parents or legal guardians regarding risks, operation, and limitations of the products and services offered.

Risks and implications for companies

Failure to comply with the obligations set forth in the Digital ECA may result in significant impacts:

• Severe administrative sanctions, including warnings and fines of up to BRL 50 million per violation;
• Temporary suspension or prohibition of activities in more serious cases;
• Exposure to multiple layers of liability, including under the LGPD, the ECA, the Consumer Defense Code (CDC), and other sector-specific regulations;
• Significant reputational risks, especially in sectors with high public exposure and social sensitivity;
• Disruption of digital operations, with direct impacts on revenue, users, and investors.

For executives and boards, the issue goes beyond a purely legal matter and becomes strategic, regulatory, and reputational.

Strategic solutions and recommendations

In light of the regulatory landscape, certain measures are essential to mitigate risks and ensure compliance:

• Mapping products and services that are accessible, directly or indirectly, to children and adolescents;
• Implementing technical and organizational measures, such as age verification, content filters, and appropriate access controls;
• Continuous risk assessment and monitoring, with periodic reviews of functionalities, content, and data flows;
• Structuring incident response plans, with clear protocols for swift and effective communication;
• Strengthening digital governance and compliance, integrating data protection, information security, and the rights of children and adolescents;
• Developing clear and accessible communications for parents or guardians, ensuring transparency regarding risks and service operation.

The entry into force of the Digital ECA requires a preventive and structured approach, capable of demonstrating compliance before the ANPD and reducing future regulatory impacts.

PDK continuously monitors regulatory developments related to the Digital ECA, data protection, and digital governance, producing practical analyses focused on corporate risk management. Access other content on the PDK website.