Children's Product Meta Ads — Under-18 Audience Compliance in India

A toy brand in Bangalore was scaling Meta ads at 4x ROAS in 2025. One audience targeting choice — interest-based reach that bled into under-13 users — triggered a DPDP notice and a Meta account-level pause. Six weeks of revenue paused, and the founder spent three months rebuilding.

Indian D2C brands selling children’s products operate inside the tightest legal sandbox in advertising. The Digital Personal Data Protection Act 2023, ASCI’s child-specific code, the Cable Television Networks Act, and Meta’s under-18 safeguards stack on top of each other. Compliance is not optional — but it is achievable.

The Compliance Context

Four overlapping regulators apply to advertising children’s products in India in 2026:

• DPDP Act 2023 — Section 9 explicitly governs processing personal data of children under 18, requires verifiable parental consent.

• ASCI Guidelines for Advertising to Children (revised 2022) — restrictions on language, imagery, and inducement.

• Consumer Protection (E-Commerce) Rules 2020 — child-related transactions require parental consent at point of sale.

• Meta Ad Policy + Audience Restrictions — under-18 targeting is restricted on most product categories.

The DPDP Act in particular has reshaped the landscape. Section 9 requires verifiable parental consent before processing the data of any minor — and the definition of ‘processing’ is broad enough to include Meta ad targeting.

The Targeting Rules — Where Most Brands Go Wrong

Meta’s India ad system restricts under-18 targeting for several product categories. But the more common compliance failure is indirect targeting that reaches minors through interest, lookalike, or behaviour signals. Patterns that have triggered enforcement:

1. Interest-based targeting that includes minors via ‘parenting’, ‘school’, or ‘cartoon’ adjacency without proper audience filters.

2. Lookalike audiences seeded on customer data that includes minor purchasers.

3. Retargeting based on pixel events from a kids-content website without age-gating on the source.

4. Broad-audience targeting without age-floor exclusions for restricted categories.

5. Engagement audiences built from interactions where minors are likely participants.

Compliant targeting for children’s products always points at parents and guardians, not at children directly. Even ‘parents of 5-10 year-olds’ targeting needs to be assembled without using the child’s data as an input.

Creative Restrictions Under ASCI Child Guidelines

ASCI’s 2022 revised guidelines for advertising to children prohibit specific patterns:

• Direct exhortations — ‘ask your parents to buy this’ or ‘pester your mom for one’.

• Imagery that pressures purchase — children visibly upset for not having the product.

• Misleading scale or context — toys shown bigger than they really are.

• Health, education, or development claims without rigorous substantiation.

• Inducement language that bypasses adult judgement — ‘the cool kids have it’.

These rules apply whether the creative is shown to children or to parents. ASCI’s interpretation focuses on the depicted child relationship, not just the audience profile.

The DPDP Section 9 Parental Consent Requirement

DPDP Section 9 requires verifiable parental consent before processing any personal data of children. For D2C brands selling kids’ products, this has three implications:

1. Account creation by anyone under 18 requires parental consent before the brand can collect any data.

2. Marketing list inclusion — children’s email or phone numbers can only be processed with documented parental consent.

3. Behavioural advertising to or about a child is restricted — Meta’s ad targeting choices ripple through here.

Operationally, the simplest compliant path: build all marketing data lists with adults only. Treat any signal that the user might be under 18 as a reason to suppress the contact from advertising audiences and seek explicit parental consent before re-engaging.

Safe Creative Patterns That Convert

Indian kids-product D2C brands that scaled in 2024-2026 — FirstCry, SuperBottoms, R for Rabbit — all follow recognisable patterns:

• Parent-led narratives — the parent making the choice, the child experiencing the benefit.

• Educational benefit copy — substantiated developmental or learning outcomes.

• Practical-problem solutions — the parent’s pain point (sleep, mess, safety) as the hero.

• Influencer collaborations with mom-creators who personally use the product.

• Soft community language — ‘parents like you trust this’ rather than ‘moms buy this for their kids’.

Categories With Even Tighter Restrictions

Three categories where the compliance bar is highest:

• Children’s food and supplements — FSSAI Schedule II restrictions plus DMR Act.

• Edtech and learning products — extra ASCI scrutiny since the 2022 Byju’s case.

• Children’s health and personal care — Drugs and Cosmetics Act, plus the Drug and Magic Remedies Act.

For edtech specifically, ASCI has issued category-specific guidelines that prohibit success-rate claims, age-mismatch suggestions, and any creative that pressures parents on academic outcomes. See our [Meta Ads benchmarks for Indian e-commerce](https://www.wittelsbach.ai/post/meta-ads-benchmarks-for-indian-e-commerce-brands-2026) for the broader category context.

Verifiable Parental Consent Mechanisms

DPDP Section 9 ‘verifiable’ standard requires more than a checkbox. The patterns that hold up in enforcement:

• OTP-based parent verification at the point of account creation.

• Payment-based verification — a real payment from a parent’s account links the consent to a verified adult.

• Government ID verification for high-sensitivity products (rare for D2C).

• Verified-buyer flag mapped to an adult email and phone.

How Wittelsbach AI Audits Child-Audience Risk

Bach AI scans your audience definitions, creative content, and targeting setup against a child-audience compliance fingerprint. DPDP Section 9 exposures, ASCI creative pattern risks, and Meta India audience-policy mismatches are flagged before they trigger enforcement. Try Bach AI on your account at [app.wittelsbach.ai](https://app.wittelsbach.ai).

Frequently Asked Questions

Can I retarget visitors to my kids-product website?

Yes, but only on visitors whose adult status is established. Anonymous pixel-based retargeting that catches a minor browsing your store is a DPDP exposure. The compliant path is pixel-based retargeting filtered by login state where the logged-in account is verified-adult, or filtered by checkout-completion (which implies an adult payment method).

Is showing a child in my ad creative ever a problem?

Showing children is allowed — Indian advertising regulates the context, not the presence. The problems start with imagery that pressures purchase (child upset without the product), implies medical or developmental outcomes without substantiation, or shows scale and context misleadingly. Documentary-style imagery of children using the product as intended is generally safe.

Do educational D2C brands face stricter ad rules than physical-product brands?

Yes. ASCI’s 2022 edtech-specific guidelines added scrutiny that does not apply to physical kids’ products. Specifically: no guaranteed success language, no fear-based copy (‘your child will fall behind without this’), and accurate representation of the time commitment and the realistic outcomes.

Does the DPDP Section 9 consent requirement apply if my product is sold through a marketplace?

It applies to whoever is processing the personal data. If you collect any data — email signup, account creation, returning-customer detection — Section 9 applies to you. If the marketplace handles everything and you only see anonymised order data, the marketplace carries the consent obligation. The standard configuration for Indian D2C means the brand carries the obligation either way.

Can I use a child’s name or testimonial in my Meta ad?

Only with documented parental consent that meets the DPDP ‘verifiable’ standard. ASCI also requires that any testimonial be genuine. ‘My 5-year-old loves this’ in a parent’s voice is generally safe. A direct quote attributed to a child by name requires explicit signed parental consent on file before the creative goes live.