Quick guide to rules about online pornography
The Online Safety Act has introduced new rules that services must follow to prevent children (under-18s) from being able to access pornography.
If you or your business has an online service that hosts pornographic content, you will need to estimate or verify your users' ages so that children cannot view it.
Ofcom's draft guidance (PDF, 706.1 KB) explains how you can effectively assure the ages of your users. The rest of this page explains what we’ve proposed – and what you can do now.
We are consulting on our guidance, so this information could change
This page:
- summarises proposals we’re consulting on – we will update it when our final guidance is in place.
- is only meant to introduce your online safety duties – our final guidance will set out in full how you can meet your legal responsibilities.
If your service provides pornography, you need to make sure children can't access it
These rules apply if you publish or show pornography on your own service (or if someone does this on your behalf). The Act refers to this as 'provider pornographic content'.
'Pornographic content' could be a video, an image or some audio – but not text.
If you have pornographic content on your service, you must make sure that children cannot normally encounter it. You should verify or estimate each user’s age to find out whether or not they are a child. If they are, you should restrict their access to this sort of content.
You must also keep a written, easy-to-understand record to show:
- what you’ve done to prevent children from being able to access pornography on your service; and
- how you have considered your users’ privacy when taking these steps.
You must summarise these measures in a public statement.
Finally, you should try to stop children getting around whatever access controls or age assurance measures you have in place.
Find out what else you'll need to do to protect children
Decide what age assurance method is best for your service
We don’t recommend any specific tool or technology in our draft guidance, because we know the technology in this area is still developing. You can use whatever solution is best for your service, as long as it prevents children from being able to access pornography.
But to help you, our draft guidance provides a few examples of age assurance measures that could be considered highly effective – and a few that could be ineffective.
Use our four criteria
We propose that, for your method to be highly effective, it must be:
- technically accurate;
- robust;
- reliable; and
- fair.
Here are some practical steps you can take to make sure your method meets all four criteria:
Accurate
Your method should be accurate at telling a user's age under lab test conditions.
- Think about taking a 'challenge age' approach to age assurance.
Robust
Your method should be accurate at telling a user's age in unexpected or real-world conditions.
- Make sure your method has been tested in multiple environments during development.
- Think about how children might try to get around the age check, and plan countermeasures.
Reliable
It should be possible for you to reproduce your method's results consistently.
- Properly test your method, especially if the results can vary.
- Always monitor its performance.
- Make sure it uses evidence from a trustworthy source.
Fair
Your method should avoid, or at least minimise, bias or discrimination.
- Train your method on diverse datasets wherever possible.
Make sure it's accessible
Remember that, as well as being highly effective, your method should be easy for everyone to use. This will also help you make sure that adult users can still access legal pornography.
Remember users’ right to privacy
Whatever method you choose, consider the importance of protecting users’ data and privacy.
We’ve worked closely with the Information Commissioner’s Office (ICO) on our draft guidance, which gives examples of how you can:
- keep data protection records up to date; and
- protect your users from a breach of privacy law.
What you can do now
Have your say on our proposals
We’re consulting on our proposals for providers of services that display or publish pornographic content (the guidance we’ve summarised on this page). This is covered under Part 5 of the Online Safety Act.
You can have your say before the consultation closes on 5 March 2024.
We’re also consulting on our proposals for how internet services that enable the sharing of user-generated content ('user-to-user services') and search services should approach their new duties relating to illegal content. This consultation is also relevant for services that show pornography as they may also need to put in place measures to address the risk of illegal content.
You can have your say before the consultation closes on 23 February 2024.
Finally, in Spring 2024 we’ll consult on our draft guidance to help user-to-user and search services meet their children’s safety duties. These include the duty to use highly effective age assurance to prevent children from encountering pornographic content. This is covered under Part 3 of the Act.
Make someone responsible for getting ready
Make sure someone in your business is responsible for:
- understanding your new online safety duties;
- reading our guidance;
- looking at what technology is available; and
- deciding what sort of age assurance method is best for you.
Subscribe to updates from us
Subscribe to email updates to get the latest information about how we regulate. This includes any important changes to what you need to do. You'll also be the first to know about our new publications and research.
Read our regulatory approach and timelines
We’ve set out how Ofcom will implement the Online Safety Act. We will implement the new rules in three phases (check the timings below):
- The illegal harms duties will come into force from around the end of 2024.
- Children’s safety duties will come into force by Summer 2025.
- Additional duties for categorised services will come into force around the end of 2025.
