The UK’s biggest tech platforms are under new legal pressure from Friday as sweeping new child protection laws come into force, requiring firms to deploy strict age verification for harmful content – or face fines of up to £18m, or 10 per cent of global turnover.
The new rules, part of the government’s long-trailed Online Safety Act, fundamentally reshape how under-18s interact with the internet.
From 25 July, sites hosting pornography, self-harm, suicide or eating disorder material must block access for children, using robust tools like facial age scans, credit card checks, or ID uploads to verify age.
Social media feeds must also be purged of harmful algorithms targeting children with dangerous stunts, violent content or hate speech, while firms are required to remove harmful material more swiftly and provide clear tools for young users to report abuse.
Over 1,000 platforms – including Pornhub, the UK’s most visited adult site – have confirmed to Ofcom they’ve implemented the required age checks.
Companies that fail to comply could face severe enforcement, with the telecoms regulator granted new powers to police digital harms at scale.
The crackdown follows alarming data showing children as young as eight have accessed online pornography, and 16 per cent of teenagers say they’ve seen body-shaming or eating disorder content in the past month alone.
Tech giants under the spotlight
The new regime forces platforms to treat child safety with the same rigour as age-restricted offline sectors like alcohol, tobacco, or gambling.
“The time for tech platforms to look the other way is over”, said tech secretary Peter Kyle. “We will not allow children to be at the mercy of toxic algorithms”.
For platforms, the changes mean a major compliance overhaul – from altering algorithms to deploying privacy-sensitive age assurance technology.
Verification providers such as GBG and Yoti could stand to benefit as demand for low-friction ID tools rises.
But concerns remain about privacy and data security, particularly as users may be asked to upload documents or facial scans across multiple sites.
“The intent is right, but the implementation risks setting us back”, said Asgeir Oskarsson from the BSV Blockchain Association, calling for decentralised identity systems to reduce surveillance risk and prevent data leaks.
Calls for cultural change, not just compliance
Legal experts have warned that enforcement alone won’t be enough.
“The real question is how any kind of time limit or age gate can be policed across multiple devices and platforms”, said Iona Silverman, IP and Media Partner at Freeths.
“This is as much a cultural shift as it is a regulatory one.”
While the government has focused initially on the most harmful content, pressure is already mounting for Ofcom to go further – with growing scrutiny on “everyday harms” such as excessive screen time, algorithmic addiction and targeted advertising at children.
Critics argue that more joined-up standards across borders and sectors are needed, especially as fraud, identity abuse and harmful content often flow seamlessly between jurisdictions.
“This legislation is a critical first step”, said Gus Tomlinson, managing director at GBG. “But fraud doesn’t stop at national borders, and neither can our defences.”