HomeInsightsAge verification: industry responds to Ofcom consultation on age verification guidance under UK Online Safety Act


Under Part 5 of the Online Safety Act 2023, providers of pornographic content online have a duty to ensure, by the use of age verification or age estimation (or both), that children are not normally able to encounter that content. The age verification or age estimation must be of such a kind, and used in such a way, that it is “highly effective at correctly determining whether or not a particular user is a child”.

As previously reported by Wiggin, on 5 December 2023, Ofcom published a consultation on its proposed Guidance for service providers publishing pornographic content which closed on 5 March 2024. Amongst other things, and as required under the Act, the proposed guidance sets out examples of age verification and age estimation (“age assurance”) that are, or are not, “highly effective”.

The Age Verification Providers Association (“AVPA”), the global trade body for providers of age assurance technology, has published a short note on its website stating that, in its response to the consultation, it has suggested that Ofcom needs to adopt a definition of “highly effective age assurance”. It proposes one based on the work in developing international standards by the IEEE (Institute of Electrical and Electronics Engineers Standards Association) and ISO (International Organization for Standardization): Highly effective age assurance systems must demonstrate that their certified expected outcomes are such that more than 95% of children under 18 are prevented from accessing primary priority content, and more than 99% of children under 16 are prevented.

The AVPA is concerned that without expressing any opinion on the maximum acceptable false positive rate there will be a race to the bottom as sites which host primary priority content (e.g. content which encourages or promotes suicide or self-injury) interpret the requirement as loosely as possible. Less accurate solutions are generally cheaper and will also deliver a larger audience for sites whose commercial model is based on advertising and traffic volumes. Lack of a more precise definition of “highly effective” may make it harder for Ofcom to enforce the OSA requirement.

The UK’s attempt to legislate on age assurance under the OSA (something it has been trying to do for a number of years), and Ofcom’s interpretation of the legislation in its proposed Guidance, is of interest outside the OSA provisions on pornography. Age verification is also referred to elsewhere in the OSA as well as in the EU Digital Services Act (with no definition). Further, the European Commission announced in January the launch of a Task Force on Age Verification under the Digital Services Act (previously reported by Wiggin) and that its standardisation work programme for 2024 will include the development of European standards for online age assurance/verification (previously reported by Wiggin). To date, regulators have struggled to impose age assurance obligations on businesses given that the technology is still developing and its use can give rise to serious privacy concerns.

For more information, click here.