UK regulator lists age verification requirements for adult websites

Following the recently introduced Online Safety Act, Ofcom, the communications and online safety regulator in the UK, released a draft guidance for online pornography services and started consultation.

According to the draft guidance, “weaker age-checks won’t be enough.” The Ofcom will introduce requirements and duties for online pornography services in a final guidance in early 2025, which the Government will bring into force. Companies that “ultimately fall short will face enforcement action, including possible fines.”

The suggested “effective methods” for age assurance include open banking, photo identification matching (by uploading an ID card, passport, or driver's license and comparing it with the user’s face online), facial age estimation, mobile network operator age checks, credit card checks, or Digital identity wallets.

“Age checks must meet to be considered highly effective; they should be technically accurate, robust, reliable and fair,” the regulator’s press release reads. “That means affording strong protection to children, and taking care that privacy rights are safeguarded and adults can still access legal pornography.”

The list is non-exhaustive as Ofcom expects highly effective methods to develop and improve in the future.

The draft guidance also sets strict criteria for which age checks will not be sufficient. Those include self-declaration of age, online payment methods that don’t require a person to be 18 (Debit, Solo, or Electron cards), and general terms, disclaimers, or warnings.

Ofcom specified that pornographic content must not be visible to users before and during the process of completing the age check. Websites will have to make sure there is no content that encourages attempting to circumvent age controls.

“Pornography is too readily accessible to children online, and the new online safety laws are clear that must change,” said Dame Melanie Dawes, Ofcom’s Chief Executive. “Regardless of their approach, we expect all services to offer robust protection to children from stumbling across pornography, and also to take care that privacy rights and freedoms for adults to access legal content are safeguarded.”

Ofcom bases the new guidance on the Online Safety Act, according to which “sites and apps that display or publish pornographic content must ensure that children are not normally able to encounter pornography on their service.”

Ofcom cited the Children's Commissioner for England's recent research, which shows that the average age at which children first see online pornography is 13. Nearly a quarter of kids first saw pornography by age 11 (27%), and one in ten as young as nine (10%).

Nearly 8 in 10 youngsters (79%) have encountered violent pornography depicting coercive, degrading or pain-inducing sex acts before turning 18.

The UK government scrapped an attempt to mandate age verification for pornography four years ago, as critics raised privacy and technical concerns, The Verge reports.

The same worries are expressed with Ofcom’s guidelines. Open Rights Group (ORG), a non-profit fighting for digital rights and freedoms, has responded to the proposal, claiming that while it is important to protect children, new methods would create serious risks to everyone’s privacy and security.

“Age verification technologies for pornography risk sensitive personal data being breached, collected, shared, or sold. The potential consequences of data being leaked are catastrophic and could include blackmail, fraud, relationship damage, and the outing of people’s sexual preferences in very vulnerable circumstances,” said Abigail Burke, ORG’s Programme Manager for Platform Power.

“It is very concerning that Ofcom is solely relying upon data protection laws and the ICO to ensure that privacy will be protected. The Data Protection and Digital Information Bill, which is progressing through parliament, will seriously weaken our current data protection laws, which are in any case insufficient for a scheme this intrusive. Specific and clear privacy rules are needed, given the vast amount of sensitive data that will potentially be processed.

The organization, together with EFF, expressed concerns that tech platforms could be forced to choose between users’ privacy or free speech.

Users may also easily bypass the regional restrictions using services like VPNs.

Fines for noncompliance with the Online Safety Act can reach as high as £18 million ($22.7 million) or 10 percent of global revenue (whichever is higher).

More from Cybernews:

The future of phone scams: bots that sound like your loved ones

Book review: “A City on Mars”

PALIC customers’ credit card data exposed via MOVEit attacks

Threat actors impersonate Disney+ with considerable guile

Microsoft targeted 10K times over the summer

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked