Open
Duties under the Online Safety Act (‘the Act’) to protect children from harmful content by implementing highly effective age assurance.
24 July 2025
Ofcom is opening a programme of work, or ‘enforcement programme’, to monitor whether providers of services likely to be accessed by children whose principal purpose is the dissemination of ‘Primary Priority Content’ are complying with their duties to use highly effective age assurance to prevent children of any age from encountering it.
One of our priorities for the new Online Safety regime is to promote the implementation of robust age checks by services whose principal purpose is the dissemination of content harmful to children. The main objectives of this programme are to monitor compliance with the relevant duties in the Act, to monitor how our guidance on highly effective age assurance is being applied by industry, and to support the adoption of best practice.
Section 12 of the Act
Research suggests that there are a number of small but risky services accessible to UK children whose principal purpose is to host harmful content such as eating disorder content, self-harm content, suicide content or serious violent content. The Act defines all of these kinds of content as ‘Primary Priority Content’ or ‘Priority Content’ that is harmful to children.
Part 3 of the Act introduces specific duties for providers of regulated user-to-user services that are likely to be accessed by children. These duties require providers to use proportionate systems and processes which are designed to effectively reduce the risk of harm to children from content available on their platforms, and to prevent children from encountering certain types of harmful content altogether. These obligations - referred to as the Protection of Children Duties - come into force on 25 July 2025.
In particular, section 12 of the Act requires providers to use highly effective age verification or highly effective age estimation (or both) to prevent children of any age from encountering ‘Primary Priority Content’ that the provider identifies on the service. This includes content that encourages, promotes or provides instructions for suicide, self-harm or eating disorders and pornography, unless such content is prohibited on the service.
Ofcom’s Protection of Children Code of Practice for user-to-user services recommends that providers adopt highly effective age assurance to prevent children from accessing any part of a service whose principal purpose is to host content that is harmful to children. This includes both ‘Primary Priority Content’ and other forms of ‘Priority Content’, such as serious violence, dangerous challenges or abusive content.
Ofcom has today opened an enforcement programme to assess the measures being taken by services whose main activity is to host ‘Primary Priority Content’ or ‘Priority Content’ that is harmful to children to meet their duties on age assurance.
Action we are taking:
Over recent months, our taskforce dedicated to driving compliance among small but risky services has identified a number of services whose principal purpose is to host or disseminate content harmful to children.
We will be engaging with these services to inform them of their obligations under the Act, and to assess the age assurance processes they are implementing to achieve compliance with their duties under Part 3.
We expect this programme to run for at least four months, during which time we may decide to open separate formal investigations if we have concerns that a service provider may not be meeting its duties under the Act.
CW/01311/07/25