Insights Hot topics for games regulation in 2023


2022 proved to be a busy year for games regulation across several topics, including loot boxes, child privacy and in-app purchases. 2023 will likely see all these areas progress, plus a host of other regulatory topics to consider too.

Below we’ve set out some of our anticipated hot topics for games regulation in 2023. For more topics and further detail, please get in touch for our games regulatory primer.

Since the end of 2021, the UK’s data protection regulator, the ICO, has spoken to and audited a number of games companies about their compliance with the Children’s Code (Code); this supervisory activity looks to continue into 2023. For more information about what we’ve learned about the Children’s Code since its enforcement, take a look at our previous article for

One of the big open questions is around age assurance, and what measures may be appropriate for the nature of the service (including games). The recent Ofcom and ICO joint research on families’ attitudes to age assurance is the first stage of research on what is a fast-developing topic.

Elsewhere, the topic of children’s privacy and age assurance is heating up too. The Children’s Code is heavily impacting legislation abroad, such as the highly similar California Age-Appropriate Design Code Act and New York’s proposed Child Data Privacy and Protection Act. The EU has also stated its plans for an EU code on age-appropriate design and standardising age assurance and verification in Europe as part of its ‘Digital Decade’.

Online safety regulation is poised to take hold over the course of 2023, with the UK’s Online Safety Bill (OSB) due to receive Royal Assent at the start of 2023 and the EU’s Digital Services Act (DSA) due to come into force 1 January 2024 (with some provisions coming into force earlier). As set out in Ofcom’s roadmap (the regulator who will enforce the Online Safety Bill), information requests to certain companies caught by the OSB are expected shortly after Royal Assent, which will help Ofcom shape its approach. We would not be surprised if games studios were amongst the businesses it approached for information, particularly given the close relationship Ofcom has with the ICO (driven by the latter’s work on the Children’s Code) and desire to better understand the games industry.

Much of the details of both the OSB and DSA are yet to be provided; Ofcom is set to provide guidance, codes of practice and secondary legislation on areas such as children’s access assessments and the EU Commission on areas such as the information-sharing system, transparency reporting template and protection of minors.

Legislators in other markets are heavily investing in the topic of online safety too, such as the US’ proposed Kids Online Safety Act and Australia’s Online Safety Act.

Dark patterns and data-driven practices have been increasingly on the regulatory radar, but are coming into particular focus in 2023 in a number of markets from a number of different legal angles.

Regulatory thinking around dark patterns includes (but is not limited to) the UK Competition and Market Authority’s discussion paper covering ‘Online Choice Architecture’ which explores a number of different dark patterns and their potential harm; the European Data Protection Board’s guidance on dark patterns in social media; the EU Commission’s guidance on dark patterns under the Unfair Commercial Practices Directive (which includes an example around loot boxes); and the US Federal Trade Commission’s announcement around increasing enforcement for use of dark patterns.

Perhaps most notably for the coming year, the first express prohibition of dark patterns in legislation is in the EU’s upcoming Digital Services Act. Although further guidance is required to flesh this out, the definition of ‘dark patterns’ under the DSA is broad and covers dark patterns that would otherwise fall outside of existing consumer and data protection legislation.

Much like with data protection back in 2018 (which saw the introduction of the GDPR and its large fines), consumer protection legislation is set to receive an overhaul in the UK which could see sizeable penalties issued against companies who are in breach of consumer law.

The UK’s Digital Markets, Competition and Consumer Bill is due to be brought forward to early 2023, and is set to include wide-ranging reforms to the UK’s competition and consumer regulator (the CMA) and will tackle issues such as ‘subscription traps’. The CMA will be given new powers to fine companies up to 10% of their global turnover. This is a step-up from the EU’s Enforcement and Modernisation Directive (often referred to as the ‘Omnibus Directive’) which requires Member States to implement fines for certain consumer law infringements of at least 4% of the company’s annual turnover in that Member State. The strengthening of consumer protection legislation is likely to mean a continued focus on issues such as monetisation, dark patterns and digital refund rights – areas the EU in particular is keen to further understand.