Start assessments now and consider age assurance ‘robustness’: Ofcom

Ofcom is readying for enforcement an age assurance with a series of stakeholder engagements, and took 3 days to discuss the changes taking effect with relying parties earlier this month.

The Online Safety Act Explained event was held in London and online, with panels of Ofcom officials delving into the details of what online service providers are responsible for, and how to meet those requirements.

The Illegal Harms Statement, published in December, sets the legal requirement for online platforms to protect their users a range of harmful content. The Online Safety Enforcement Guidance provides details for how Ofcom will respond to breaches of the Act, which carry penalties of up to the greater of £18 million or 10 percent of revenue.

Ofcom Policy Lead Adam Lacy noted in a session at the end of the first day that Ofcom is taking a “bank quickly and build” strategy to establishing the compliance regime, but also that “2025 will be the year of action.”

The agency’s ramp-up has also included the release of the Guidance for Part 3 (user to user and search) and Part 5 (pornography) services, as well as the children’s access assessment guide.

Policy Development Lead Daniel Fitter calls the release of the Age Assurance and Children’s Access Statement in January a “milestone” that starts the 3-month clock for service providers to publish an initial children’s access assessment. Ofcom’s children’s risk assessment guidance and protection of children codes will be published in April, just as the access assessments are due.

Fitter notes that the guidance on age assurance was intended to be “flexible, tech-neutral and future-proof” and also “leave space for innovation.”

In consultations in December of 2023 and May 2024, Ofcom heard requests from the industry to consider setting numerical performance thresholds, and Fitter leaves that door open, suggesting they “may play a role, along with our criteria-based approach, over time.”

Amendments to Ofcom’s guidance based on the feedback received in those consultations includes added clarity around VPNs and the use of liveness detection as a layer for methods like facial biometric age estimation and photo ID verification.

Officials addressed the balance between supervision and enforcement, which are dealt with by different divisions.

Measures to comply with the illegal harms children’s safety duties should be in place by September, and a “period of forbearance comes to an end” in February of 2026.

Ofcom Enforcement Principal Catherine Warhurst shared a priority framework for enforcement decisions, which takes impact, strategic significance and resources into account, and reviewed the Online Safety Enforcement Guidance published in December.

During a Q+A period following the presentations, Fitter noted that there is a consumer awareness campaign coming from Ofcom as the requirements come online.

In different sessions over the course of the event, various officials emphasized that Ofcom will take a “pragmatic approach” to enforcement, and that the goal of the program is not to penalize service providers, but rather to encourage compliance.

In the last session of the event, James Proudfoot noted that age assurance measures can be layered for increased effectiveness, and that Ofcom is observing a trend towards online service providers offering a choice of age assurance methods.

In response to a question on how frequently age checks should be completed, Online Safety Policy Manager Eleanor Johnston noted the need to fulfil the “robustness” criteria for what counts as “highly effective,” but emphasized that service providers are responsible for assessing how frequent repeated checks should be.

Several questions also touched on how service provider should select effective age assurance technology. Ofcom has explicitly referred to the DIATF in its guidance, and officials suggested the Age Check Certification Scheme (ACCS) could be another resource for ensuring that the technology implemented meets the robustness criteria.

The same question will be addressed in a webinar hosted by Biometric Update and featuring insights and explanations of the seven methods outlined by Ofcom as potentially effective from Goode Intelligence, Luciditi, Daon, Ondato, JT Group and the Age Verification Providers Association (AVPA) on March 6. Registration is free and open now.

Article Topics

age verification  |  biometrics  |  children  |  digital identity  |  Ofcom  |  Online Safety Act  |  UK age verification