Online Safety industry bulletin – June 2026

Published: 29 June 2026

Welcome to the latest Online Safety industry bulletin, bringing together key updates, actions and resources relating to the Online Safety Act.

On 15 June the UK Government announced plans for further regulations to restrict access to social media for under 16s. The UK Government has said it aims to lay the first set of regulations in Parliament by the end of the year, coming into force in Spring 2027. The scope of services is still to be determined but the Government has said it will include Instagram, YouTube, TikTok, Snapchat, Facebook and X. It does not intend for messaging services like WhatsApp and Signal to be included. 

We have been entrusted to build on the protections for children that many services have already introduced since the Online Safety Act came into force, and we are ready to work closely with the UK Government as the detailed regulations take shape to ensure these protections can be robust, effective and implemented quickly. We will also continue to prioritise enforcement of existing protections for children and citizens more generally under the Online Safety Act. We responded to correspondence from the Secretary of State setting out priorities for action. 

In May, Oliver Griffiths, Group Director for Online Safety, published a blog outlining our priorities for the year ahead and how Ofcom will drive change. On the same day, we published an update on our Online Safety Act implementation plans with a month-by-month roadmap of key milestones from March 2026 to May 2027. This will be updated in due course with any new duties arising from future UK Government legislation. 

This bulletin highlights the important progress made in the last quarter by major platforms to strengthen protections for children online, and how we intend to continue to drive change. We also highlight enforcement action where services have fallen short, alongside new investigations into compliance with illegal content and child safety duties.  

We provide practical next steps on the actions you should take now, including: 

  • updating your risk assessments as soon as practicable to align with our statement on new priority offences; 
  • submitting risk assessments (if you have been asked to do so); and 
  • preparing for the next cycle of Online Safety fees (where required). 

The bulletin also includes a round-up of recent and upcoming publications that service providers should familiarise themselves with. These include new measures to tackle intimate image abuse, new expectations for how services should respond in crisis situations, and in July, the publication of the register of categorised services and consultation on additional duties for categorised services. 

In July we will also publish a statutory report on the use and effectiveness of age assurance from the first year of the child safety duties being in force. 

Finally, we have released new resources to help services meet their duties, which are listed at the end of this bulletin.  

We want to hear from you 

We are collecting feedback to improve the Online Safety industry bulletin and understand how you use it. The form takes around 2 minutes to complete. Your responses will help us shape future editions and the resources we signpost. 

Complete the feedback form.

What’s in this bulletin 

Taking action on online safety  

Update on children’s safety initiative 

On 21 May 2026, we published a report setting out how major online platforms have responded to our call for urgent action to strengthen protections for children online. We wrote to some of the largest online services—including Facebook, Instagram, Roblox, Snap, TikTok and YouTube— requiring them to prove to parents a genuine commitment to protecting children online. As a result,  Snap, Meta and Roblox agreed to introduce significant new antigrooming measures.  

We have set out a five-point action plan to drive further change including closer monitoring, potential use of new inspection powers, and enforcement action where necessary. We will also monitor the real-world experiences of children online 

Letter to industry regarding civil unrest in Belfast 

In the wake of recent civil unrest in Belfast following a serious knife attack on 8 June 2026, we wrote to services to remind them of their duties under the Online Safety Act to assess and mitigate the risks of illegal activity occurring on their sites and apps. This can include content amounting to offences of stirring up hatred or provoking violence. The letter to industry can be read in full here. 

Letter to industry ahead of the World Cup 2026 

In preparation for the FIFA World Cup 2026, we wrote to online platforms to make sure they protect sportspeople and pundits from harm in line with their duties under the Online Safety Act. The letter sets out the research we have on this issue to support services’ understanding of the risks involved, as well as the preparation we expect services to take to ensure a safer life online for people in the UK during this World Cup. The letter in full is available here. 

  • Protecting children: Ofcom has fined Youngtek Solutions Ltd £600,000 for failing to implement highly effective age assurance to prevent children accessing pornographic content, and for failing to respond to a formal information request. This follows non-compliance identified during Ofcom’s investigation. The company has since introduced age checks.  
  • Protecting children: Ofcom has fined First Time Videos LLC £80,000 for failing to implement highly effective age assurance to prevent children accessing pornographic content. This follows non-compliance with its duties under the Online Safety Act identified during Ofcom’s investigation. 
  • Illegal content: Ofcom has fined 4chan a total of £540,000 for failing to carry out an adequate illegal content risk assessment, failing to set out protections in its terms of service, and failing to implement highly effective age assurance to prevent children accessing pornographic content (with daily penalties of up to £800 until compliance deadlines are met). Further enforcement action may follow should non-compliance continue. 
  • Illegal content: Ofcom has fined the provider of an online suicide forum £950,000 for failing to prevent illegal content encouraging and assisting suicide. This follows evidence that such content has been present on the service during Ofcom’s investigation, alongside concerns that measures to restrict UK access have not been consistently effective. 
  • Illegal content: Ofcom opened an investigation into Telegram to assess whether it is complying with its duties to protect users from illegal content, following evidence from the Canadian Centre for Child Protection regarding the alleged presence and sharing of child sexual abuse material on the platform. 
  • Illegal content: Ofcom opened investigations into the providers of Teen Chat and Chat Avenue to assess whether they are complying with their duties to protect users from illegal content and activity, including grooming, following concerns identified through work with child protection agencies. This follows engagement with the providers of these services, where Ofcom remains unsatisfied as to whether adequate protections are in place for UK children, including measures to prevent exposure to harmful content such as pornography on Chat Avenue. 
  • Protecting children: Ofcom opened investigations into the providers of Kemono.cr and Pimpbunny to assess compliance with duties to prevent children from encountering pornographic content through highly effective age assurance. 

What you need to do 

Industry fees update: 2027-28 charging year 

We expect to publish the tariff and issue invoices for the initial 2026/27 charging year for Online Safety fees in September.  

The notification window for the 2027/28 charging year is now open and will close on 30 September 2026.  

Providers who notified us for the initial 2026/27 charging year will need to respond to a request for information requesting details of their regulated service(s) and Qualifying Worldwide Revenue for the 2027/28 charging year. New fee-liable providers should register for the Online Safety Fees portal and submit a notification prior to the window closing on 30 September 2026.  

We encourage providers to engage with us as early as possible and consult our updated user guide for assistance navigating the portal. Further fees information, including our Notification Guidance, can be found on our Online Safety fees webpage 

Please direct any queries or issues regarding the portal to OSFeesMID@ofcom.org.uk. For any other questions or concerns related to Online Safety fees, please contact OSFeesRegime@ofcom.org.uk.

Keeping your risk assessments up to date 

You should take appropriate steps to keep your risk assessments up to date. This includes reviewing your risk assessments at least once a year, or in response to key triggers, such as before making a significant change to your service’s design or operation and after Ofcom makes a significant change to a Risk Profile relevant to your service. 

You will need to update your illegal content risk assessment as soon as practical following our new priority offences statement on serious self-harm and cyberflashing, published 25 June. This is because the requirement to conduct a risk assessment and consult Ofcom’s Risk Profiles will apply to these new priority offences.  

Relevant service providers have until 31 July 2026 to submit risk assessment records 

On 1 April 2026, we issued legal notices to a range of providers, requiring them to submit records of their services’ latest risk assessments to us by 31 July. Relevant providers will need to submit records for specified services by this date or risk enforcement action. 

Additional duties relating to risk assessments for categorised services 

Once the categorisation register is published in July, Category 1 and 2A providers will have additional risk assessment duties. These risk assessment duties will not be subject to consultation and will come into force when the register is published. 

We have published more information about how we expect service providers to meet these duties in our guide to illegal content duties (relating to illegal content risk assessments) and our guide to protection of children duties (relating to children’s risk assessments). 

Extreme pornography – a reminder of service providers’ duties 

As published on 22 May 2026, Ofcom is aware that so-called “sleep content” may be present on some pornography sites available to UK users. Pornographic content featuring explicit and realistic depictions of non-consensual sexual activity, for example where someone is asleep or otherwise unconscious, may amount to illegal content under the extreme pornography offence. 

Providers of regulated online services have a duty to take down illegal content when they become aware of it. More information about what amounts to illegal content, and how providers can make judgements about illegal content, is available in the Illegal Content Judgement Guidance. Providers should also be considering the risk of extreme pornography as part of their illegal content risk assessments. 

Services who do not have appropriate measures in place to tackle illegal content, including extreme pornography, could face enforcement action from Ofcom. 

What you need to know 

Statements and decisions 

Statement on detecting intimate image abuse 

On 18 May 2026, we published a statement setting out a new measure to be included in the Illegal Content Codes to tackle intimate image abuse online. The measure sets out that certain user-to-user and search service providers should use hash-matching technology to detect intimate image abuse and reduce the spread of this illegal content online. 

We expect the amendment to come into force in Autumn 2026 subject to the Parliamentary process. 

Statement on crisis response 

On 9 June 2026, we published a statement setting out new measures in our Illegal Content and Protection of Children user-to-user Codes on crisis response. 

The measure recommends that service providers should prepare and apply a crisis protocol to mitigate and manage the risks arising from a significant increase in illegal content and/or content harmful to children on their services. Certain service providers should also have a dedicated communication channel by which law enforcement can contact them on during a crisis.  

We expect the amendment to come into force in Autumn 2026 subject to the Parliamentary process. 

New priority offences statement – serious self-harm and cyberflashing 

In December 2025 the UK Government created two new priority offences under the Online Safety Act: encouraging or assisting serious-self harm and cyberflashing 

On 25 June 2026, we published a statement confirming updates to our Illegal Harms regulatory documents and guidance following consultation. The duties on service providers to carry out risk assessments and have regard to Ofcom’s Risk Profiles will apply to these offences. Service providers should update their illegal content risk assessments accordingly. 

Media literacy statement of recommendations 

On 24 June 2026, we published our Media Literacy Recommendations for online, broadcast and other content-related services. The ten recommendations set out what ‘good’ looks like in supporting media literacy. They focus on how services: are designed to support informed user choice; empower people while they use them; build trust beyond the point of use; and evaluate what works. We will be collaborating with service providers to support their adoption of the recommendations and report on progress in 2029. We encourage services to reach out to discuss implementation by emailing: medialiteracy@ofcom.org.uk. 

Technology notices 

We have recently published two parts of the framework that underpin Ofcom’s Online Safety Technology Notice powers: our advice for the DSIT Secretary of State on what the minimum standards of accuracy for accredited technologies should be; and our guidance to platforms about how we propose to use this power. Once the Secretary of State has approved and published minimum standards of accuracy, Ofcom is then responsible for setting up a process to accredit technologies as meeting those minimum standards. 

Publication of the categorisation register 

The UK Government's secondary legislation set the thresholds that will determine which services are categorised under the Online Safety Act. In Spring 2026, we gave the services that we believe meet the threshold conditions an opportunity to comment on our provisional decisions before we finalise the register. This representations period has now ended and we are finalising our decisions. We plan to publish the categorisation register and consult on the additional duties that apply to categorised services in July 2026.

Upcoming Consultations: 

Consultation on additional duties for categorised services 

Alongside publishing the categorisation register in July, we will be publishing two consultations on the additional duties that will apply to categorised services. One consultation will cover duties for Category 1 services relating to terms of service, complaints, user empowerment, identity verification, news publisher content, journalistic content, content of democratic importance, and freedom of expression and privacy impact assessments. 

For Category 1 and 2a services there will be a separate consultation relating to fraudulent advertising duties. The consultations will be open until the end of September. We encourage stakeholders to read and respond to both consultations. 

Resources and support  

An update on Online Safety Act implementation 

As mentioned above, in May we published an update on our Online Safety Act implementation plans with a month-by-month roadmap of key milestones from March 2026 to May 2027. The roadmap includes actions that services need to take, statement release dates and actions that Ofcom will take. It was published in May and will be updated in due course with any new duties arising from future UK Government legislation. 

New digital Child Access Assessment toolkit 

Our new digital tool guides services through how to complete a Children’s Access Assessment. The step-by-step process makes it easier for services to understand their duties, taking less than 10 minutes, and provides a downloadable record of the assessment. 

Regulation Checker 

We have recently updated our tool to help services quickly check if they are likely to be in scope of the Online Safety Act. Services using the tool will experience a new and improved user journey that makes it even simpler to understand their duties. 

Dating and social discovery: know the online safety risks, rules and how to comply 

In May, we published a guide to support dating and social discovery services understand how the Online Safety Act applies to them and what actions they should take to comply. Service providers should assess and mitigate risks such as fraud, harassment and abuse, implement effective reporting and takedown measures, and use robust age assurance where required. 

What else is coming up for Ofcom 

Age assurance report 

In July we will publish a statutory report looking at the use and effectiveness of age assurance based on early data from the first year of the child safety duties being in force. This report will assess how different services have used age assurance to comply with their duties under the Online Safety Act, including the pornography, social media, and dating sectors. 

The report will provide services with practical actions we expect them to take to ensure their age assurance process is highly effective at correctly determining whether a user is an adult, in line with our age assurance guidance. 

Women and girls online safety report 

We committed to publishing a report on industry uptake of our guidance on a safer life online for women and girls 18 months after publication, in summer 2027. The purpose of the report is to share information with the public and the wider sector to increase awareness and understanding about what services are doing to address online gender-based harms and the progress they are making in introducing the good practice steps. 

We will be reaching out to services to gather more information on their uptake, and we will be holding a call for evidence in early Autumn 2026.