Is age verification killing porn site traffic? Aylo says yes, AVPA says no

In the lead-up to the enforcement deadline of the UK’s Online Safety Act, Aylo, the company that owns Pornhub and other large adult content sites, warned that requiring age verification would choke their traffic and drive users to noncompliant sites.

While it was never a secret that making people do an age check would deter some from visiting compliant sites, new data from Ofcom suggests that fully one third of UK users have opted to rely on their imagination rather than prove their age online.

According to a report from the Financial Times, Aylo’s numbers look even worse than that, with traffic to Pornhub dropping by more than three quarters – 77 percent in total – since the law took effect. Pornhub offers UK users two verification options: a credit card-based system run by Pornhub’s internal billing system, Probiller; and email-based age inference provided by Verifymy.

While trepidation about providing credit card information is understandable, Verifymy’s email system for age checks works by correlating a provided email address with existing information held by financial institutions, utility providers and public records. The process asks only for an email.

VPNs not the problem, sketchy sites are: Aylo

While much has been made of how virtual private networks (VPNs) have seen a spike in use in the wake of the OSA, Aylo says its data shows no corresponding rise in traffic overseas that would indicate a large number of UK users being rerouted. “We haven’t seen some obscure island with extremely high traffic,” says Alex Kekesi, the company’s head of community and brand.

Rather, the company says, people are just going to other sites that don’t follow the rules. As such, it continues to meet with UK government officials to make the case that the OSA isn’t doing what it’s supposed to.

“We’ve lost the traffic, but these are not people that have stopped looking at porn overnight,” Keksi says. “They’re just going to other websites. And the big problem is that we take good care of making sure that the content on our platforms is compliant, is legal, is consensual. That is certainly not the case on these other platforms.”

Aylo’s request that Ofcom enforce the law across the board, rather than penalizing compliance, is totally fair. According to an August 2025 investigation by the Washington Post, which looked at data from Similarweb, of the top 90 most visited adult sites in the UK, 14 had not yet implemented age assurance measures – and these sites had seen a flood of traffic.

However, the debate raises a fascinating question that many on the regulatory side probably haven’t considered: what makes Pornhub Pornhub? It was not always synonymous with online porn. Like most companies, it grew its market share through a mix of effective branding, UX and reliability. While users may be willing to try out new options, a percentage will simply not be willing to put up with endless pop-ups, broken links and poor design. Some will just go for a walk.

Ofcom updates investigations into file sharing services

While Aylo keeps pumping the policy well for a break, Ofcom is showing no signs of slowing its enforcement campaign. A recent update from the UK regulator says a probe into the safety measures being taken by file-sharing services to clamp down on child sexual abuse material (CSAM) has resulted in reforms for two services deemed to serious compliance concerns. Following talks with Ofcom, both 1Fichier.com and Gofile.io have deployed perceptual hash-matching technology, which automates the detection and removal of CSAM, satisfying Ofcom’s requirements.

Other file sharing sites have opted to geoblock access from UK IP addresses. With Krakenfiles, Nippydrive, Nippyshare and Nippyspace all shutting out UK users, Ofcom has closed its investigations into those platforms. For the same reason, it has closed the very first investigation it launched, against an online suicide forum.

Fines for 4chan unlikely to faze platform’s belligerent stance

Ofcom also continues to gnaw at what could be its chewiest noodle: 4chan. Ofcom has asked the U.S.-based online forum/gutter to provide it with an illegal harms risk assessment and data on its qualifying worldwide revenue. So far, the company has merely thumbed its nose in response.

Now, having maintained radio silence, the provider of 4chan is facing a fine of 20,000 pounds (about 26,700 dollars), and subsequent daily fines of 100 pounds per day (133 dollars) for 60 days from October 14.

Also facing punitive measures for failing to pony up information are file-sharing service Im.ge and pornography service provider AVS Group Ltd – which runs exactly the kinds of sites Aylo refers to when it notes increased traffic to its shadier competitors.

Suzanne Cater, Director of Enforcement at Ofcom, says the regulator’s ongoing actions send “a clear message that any service which flagrantly fails to engage with Ofcom and their duties under the Online Safety Act can expect to face robust enforcement action.”

All of which suggests that Ofcom will make good on its promise to enforce the law against offenders big and small. It may just take time for them to run down the list.

OSA effective at stopping kids from seeing harmful content by accident

A recent webinar from OneID takes time to reflect on the first 60 days of the age assurance era. Chiming in are George Billinge, who left a position at Ofcom to found the consultancy Illuminate Tech; Ella Bradshaw, a policy and public affairs specialist with the National Society for the Prevention of Cruelty to Children (NSPCC); Samiah Anderson, head of digital regulation with TechUK; the Age Verification Providers Association’s Iain Corby; and OneID founder Rob Kotlarz.

The discussion is summative, and revisits arguments and topics that have been well-tread over the past two or three months. The reason for online safety laws and age verification measures is to enable kids to enjoy the internet without seeing what has been deemed harmful contrent. Laws also help stop grooming and CSAM.

There’s no one-size-fits-all approach to age assurance, so Ofcom has taken a principles-based approach to enable choice. Sites implementing age check strategies should be clear and auditable in their decision making. “Ofcom are going to be concerned to understand your thought process rather than the specific outcome that you’ve arrived at,” Billinge says.

Some notable numbers from the panel underline the specific problem Ofcom is trying to stop; children stumbling across porn without searching for it. Bradshaw says the NSPCC’s data shows that “59 percent of children were accidentally encountering online pornography when they weren’t looking for it.” So, even factoring in workarounds like VPNs, “there’s a massive impact that can be achieved if age assurance is done correctly and in a really privacy preserving way.”

UK safety tech sector to surpass £1B in turnover by 2025-26

From the tech sector’s perspective, the OSA is “already driving innovation and investment into new technologies,” according to Anderson. “A recent report from the Department for Science Innovation and Tech estimates that the UK safety tech sector is going to surpass 1 billion pounds in turnover by 2025-26. That’s a huge achievement. And I think this growth is number one being fueled by the demand for cutting edge technologies like age verification systems, facial age estimation tools as well as AI detection and labeling and fact checking solutions.”

AVPA agrees. Corby brings some heavy numbers to his talk, claiming that the association’s members saw 5.7 million age checks on the first weekend after the OSA came into effect. He argues that the VPN download statistics are skewed: “even if there were two or three million extra downloads of VPNs, that only really matters if it was a lot of 8-year-olds doing that. If it’s adults doing it just because they don’t want the trouble of doing that age check, then that’s not actually getting in the way of the implementation of the policy at all.”

AVPA is also skeptical of the adult content industry’s claims about its plummeting numbers, and notes that VPNs do account for some of the total percentage, as does “the policy doing its job” in keeping kids off the sites.

Corby also offers some lessons from the providers’ side. One is the emerging questions around frequency of reverification, and the larger issue of reusability and interoperability overall. “This cannot become the new cookie popup, because there will be massive push back from the public,” he says. As such, there will be a push on innovation around reusable digital ID as wallets become more widely used.

Another lesson is that people don’t yet trust the new batch of unfamiliar third-party companies asking for proof of age on behalf of familiar sites. An obvious solution here is to invest in public-facing advertising to educate consumers – which OneID’s Rob Kotlarz also underlines in a story about customer confusion.

OneID suspects Sky News tried to beat its age checks and lost – 50 times

Kotlarz asserts that “this story about VPNs taking over the world is misinformation. It is not what actually happened.” What did happen, he says, was fairly enthusiastic uptake, with 7 million people using the company’s mobile and bank-based checks in the first several weeks.

Koptlarz also has anecdotal data on “a couple of really curious things that went on.”

“We had one individual try 50 times to prove they were old enough and they weren’t. And we suspect that this individual was actually an ethical hacker employed, we think, by Sky, the broadcaster, who were looking for an interesting story and came and tried to undermine systems like ours. Maybe it was an interesting story but they did not succeed in doing that. These processes are robust when they’re correctly implemented.”

Another interesting observation, he says is that “we had people writing to us saying, ‘I’ve used your product. I’ve looked at your website. I didn’t really know who you were before, but I do now, I think. Could you delete my personal data?’ And we had to say to them, but we don’t hold it. So, there is an educational issue in the market about privacy preserving solutions. The regulation we have with government, the support we have from government does require us not to store and exploit personal data. And we commit to that as a regulated entity.”

Age checks for live streaming a priority for Ofcom: Verifymy

For Anderson and TechUK, a next step would be for Ofcom to refine its approach to focus less on functionality and more on risk. “We’re now seeing Ofcom proscribe live streaming and different functionalities within live live streaming as harmful. But I would urge Ofcom to look at different ways of innovating safety measures, so we don’t have to do a blunt tool” that makes certain technologies inaccessible for certain age groups.

Nonetheless, Ofcom appears to have made streaming a priority, according to Andy Lulham, chief operating officer at Verifymy – and with reason.

“Livestreaming has transformed how people connect online, powering everything from gaming communities to grassroots journalism and spotlighting emerging talent across the world,” he says. “The intimacy of user-to-user streams – often with few boundaries between performer and their audience – is part of their appeal, but this can also be abused, particularly by predatory adults infiltrating children’s channels.”

“Amid livestreaming’s rapid growth, regulators and tech platforms must collaborate to ensure a joined-up strategy that protects children by default. Regular reviews will ensure they are flexible and agile enough to implement the right safeguarding measures as this multibillion-pound industry develops.”

Article Topics

age verification  |  AVPA  |  Aylo  |  biometric age estimation  |  facial age estimation (FAE)  |  Ofcom  |  OneID  |  Online Safety Act  |  UK age verification  |  VerifyMy