Pornhub returns to UK, but only for iOS users who verify age with Apple

In the UK, “wanker” is not typically a term of endearment. However, the case may be different for Pornhub, which is welcoming back UK iOS users – as long as they’ve had their age verified at the device level.

“For years, Aylo has advocated for device-based age verification as the most effective and privacy-protecting approach to help prevent minors from accessing age-inappropriate content online,” says a statement by Aylo VP Brand and Community Alex Kekesi. “With the release of iOS 26.4 Apple has introduced the world’s first ever device-based age verification solution for its users in the UK, a major first step towards a global solution that stands to better protect children everywhere. As a result, today Aylo welcomes eligible age-confirmed UK iOS users back to Pornhub.”

Aylo calls it a “measured step to restore access to Pornhub for eligible adult users in the UK.”

The porn streaming service shuttered access to UK users in February, stating its unwillingness to “participate in the failed system that has been created in the United Kingdom as a result of the OSA’s introduction.”

Platforms, operating systems spar over age checks

Where age checks should go in the tech stack has become a main point of debate, as platforms lobby for operating systems to be liable, and age assurance providers advocate for age checks as close to the restricted content as possible – i.e., at the platform level. Online safety laws are beginning to apply to app stores, and Apple has developed solutions like its Declared Age Range API to address its role in online safety.

As online age thresholds cover more digital territory, including app stores, Apple is among the Big Tech firms threatening to dominate the sector. With a relatively trusted reputation, technical innovation and proficiency, and a massive market share for devices, Apple could quietly set the mold for age assurance by default.

This would be bad news for the age assurance industry, which, in the UK, is also finding itself crowded by the government’s proposed digital ID program. The Age Verification Provider’s Association (AVPA) has released a statement arguing that the Apple solution for UK Pornhub users “does not clearly achieve compliance.”

Rather than a breakthrough for device-based age assurance, says the post, “what has occurred is the emergence of a partial ecosystem-level child safety measure that some are now attempting to treat as equivalent to the highly effective age assurance (HEAA) required under the UK Online Safety Act. It is not clear that it meets that standard, and regulators should examine the arrangement carefully before treating it as a precedent.”

“Put simply: Pornhub is not checking the user itself, cannot know whether the adult who verified with Apple is the person actually using the device, and receives no secure or authenticated age-verification confirmation from Apple. Apple may know the age of the Apple account holder, but Pornhub does not.”

Apple’s age check doesn’t cut mustard for OSA, says AVPA

AVPA has been emphasizing the comparison to the proximity principle used in health and safety policy. That says the warning should be as close to the threat as possible: a sign that says HOLE HERE is better than one five miles away that says HOLE 5M. The logic is at play in AVPA’s argument that Apple’s device-level age signal is “fundamentally an internal account governance mechanism operated by Apple, not an age verification service directly provided to third-party websites.”

The OSA, AVPA says, “places the duty to implement HEAA squarely on the service provider, in this case Pornhub. To discharge that duty, the service must be able to demonstrate that its age assurance process satisfies Ofcom’s four criteria of technical accuracy, robustness, reliability and fairness.”

At issue for the trade organization is that “the statutory duty rests with Pornhub, not with Apple.” Yet “Pornhub does not appear to receive any authenticated signal, signed token or cryptographically verifiable assertion from Apple confirming that a specific user has been age-verified.”

Moreover, the age range API works for iOS apps, but not regular websites. “Apple’s web-facing implementation of the W3C Digital Credentials API in Safari could, in principle, support cryptographically signed and user-consented age assertions to websites. However, Pornhub does not appear to have implemented this approach and, consistent with Apple’s wider privacy architecture, such assertions would require explicit user consent in any event.”

What’s left is access control based on browser or device characteristics – which, for AVPA, raises serious questions about “robustness and resistance to circumvention.”

“Browser environment indicators and User-Agent strings are relatively easy to spoof. A browser-environment inference alone would not appear capable of satisfying Ofcom’s robustness requirement, particularly given Ofcom’s explicit rejection of simple self-declaration as a sufficient standalone mechanism.”

Ultimately, AVPA applauds Apple, which it says “has clearly worked seriously to raise the baseline of protection across iOS devices in the UK.” Device-based, reusable age assurance is not the wrong solution; interoperable, tokenized privacy-preserving age credential systems offer cryptographic binding, selective disclosure, explicit user consent and signed assertions that relying parties can independently verify.

But that’s not what’s happening with Apple. So, AVPA says, “until authenticated and verifiable age assertions are actually being contractually transmitted to relying services in a manner resistant to spoofing and circumvention, Pornhub’s return to the UK should not be treated as evidence that the requirements of Parliament have been fully satisfied.”

Article Topics

age verification  |  Apple  |  AVPA  |  Aylo  |  Declared Age Range  |  device-based age verification  |  Online Safety Act  |  reusable digital ID  |  UK age verification