Age Assurance: Preventing Children Accessing Age-Inappropriate Content

The Online Safety Act (OSA) is one of the most ambitious and comprehensive pieces of legislation passed by the UK Parliament in recent years. With Ofcom expected to publish its final guidance on age assurance early in the New Year, the Online Dating and Discovery Association (ODDA) has been helping its members understand what the new duties under the Act will mean for them.

In this interview, the ODDAs Simon Newman (SN) speaks to Lina Ghazal (LG), Head of Regulatory and Public Affairs at Verifymy about the OSA.

SN: One of the main reasons the Online Safety Act (OSA) was introduced was to prevent children from accessing inappropriate content. As someone who has worked in this field for several years, how big a problem is it?

LG: The level of harmful and illegal content online today is unacceptable. The proliferation of smartphones has meant young people have been exposed to more inappropriate, age-restricted, extreme, and illegal content than ever before.

Our research shows that three-quarters of UK parents (74%) say their kids have experienced online harms, from illicit content to harassment. Those who do come across such material are unlikely to report it—with as little as 11% of children telling their parents and 9% authorities. Parents are rightly worried and are doing everything they can to educate and protect their kids as they interact online. However, it’s time for online platforms to step up and act.

The Online Safety Act represents one of the most significant legislative changes in the digital landscape for over a decade. Expected to progressively be brought into force from early 2025, the Act will bring sweeping regulations designed to protect users—particularly children—from illegal or harmful online content. The Act will apply to social media platforms (widely defined as “user-to-user services”), search engines and pornographic websites. Essentially, any services likely accessed by children with users in the UK must soon conduct a risk assessment to understand whether they’re in scope.

Online platforms have a real opportunity to take the lead in winning back parents’ trust and demonstrating their leadership to legislators and regulators. This starts with providing safe, age-appropriate experiences for children.

SN: What are the types of age assurance methods currently used to assure the age of users online? What are the trade-offs?

LG: Age assurance encompasses both age verification and age estimation methods. Currently, there is no one-size-fits-all approach, both online and offline. Therefore, regarding age assurance offerings, optionality is key. The market requires flexible and inclusive options that address individual preferences, mitigating the risks associated with bias and exclusion.

At Verifymy, we recognise the significance of empowering users with choice. We offer a comprehensive, fully inclusive range of age assurance methods across both age verification and estimation that cater to individual needs while ensuring the highest business pass rates possible with minimal business disruption. Methods include email address and facial age estimation and verification methods such as government-issued ID, credit card, mobile phone number, and name and address checks.

Email address age estimation is our latest, ground-breaking proprietary age assurance solution that leverages just an email to estimate a user’s age. Where platforms collect and authenticate email addresses as part of an account creation process, Verifymy can complete an age check using only that email address. It requires no additional data other than what has already been collected by your platform as part of the delivery of your service, so it can be deployed seamlessly in the background with no user interaction required.

It’s a game-changer for privacy and data protection in the age assurance sector. Certified by the Age Check Certification Scheme to EAL level 3, the highest possible level for age estimation, this method is frictionless, highly accurate and privacy-preserving, performing with no discernible bias.

When it comes to age assurance, there doesn’t need to be a trade-off. Different online platforms have varying levels of risk associated with them, depending on the nature of the services they offer and the potential consequences of underage access. The level of age assurance required by regulators should, therefore, be proportionate to the platform’s associated risk, and different methods can be used to suit different use cases.

The key is to strike a balance between the level of data required for age verification and the user’s expectations and tolerance for friction. By aligning this process with the platform’s risk level and user expectations, businesses can create a more satisfying and efficient user experience that is low in friction while ensuring compliance with age-related regulations.

SN: The OSA talks about ‘highly effective age assurance’. Ofcom, as the regulator of the OSA, recently produced draft guidance on this issue and provided examples of what will or won’t be acceptable under the new rules. Can you explain what this will mean for our members?

LG: Whilst regulator Ofcom is still in the process of establishing the specific requirements and detailed guidelines, the legislation includes a “Duty of Care” whereby platforms have an obligation to protect users, especially children, from harmful content. This includes implementing “highly effective age assurance” to prevent kids from being exposed to high-risk “primary priority harms” such as pornography, suicide, self-harm and diet pills content widely available on many social platforms.

Although the specifics of this requirement have yet to be fully defined, it is clear that basic or outdated age-check systems—such as a simple ‘yes/no’ checkbox or self-declared age—will not suffice, and “highly effective” age assurance will be required.

Come 2025, if you provide services that host harmful or age-inappropriate content and have users in the UK, then you may be required to:

• Implement age verification or age estimation – or both – technology to ensure that minors cannot encounter illegal or harmful content.
• Ensure that said age verification or age estimation technologies implemented are deemed highly effective in correctly determining whether or not a user is a child.

Ofcom states that for age assurance methods to be considered highly effective, they need to meet 4 key criteria: be technically accurate, robust, reliable, and fair.

Starting in December 2024, online services must take action to meet their legal obligations. Therefore, for members of the ODDA, the first step will be to complete a risk assessment to understand their risk profile and ensure compliance.

SN: Some service providers have expressed concerns about the impact these new rules will have on their business – specifically, creating additional friction in the onboarding process and also the cost. What are your thoughts on this?

LG: The primary challenge for service providers looking to protect their business lies in implementing age assurance methods that are both effective and provide a seamless user experience.

For any online business, user experience is a critical driver for success. Users today expect a smooth, hassle-free journey from the moment they enter a site, and any friction – often presented by the use of traditional age verification methods, such as an ID scan – can lead to frustration and even abandonment. In some cases, this can lead users to seek less reputable alternatives with no methods in place, eroding revenue and reputation. Additionally, if the only method provided, this can present significant bias.

While compliance with age verification laws is non-negotiable, it should not come at the expense of user satisfaction. Online platforms need to find a balance where they can effectively establish a user’s age without imposing cumbersome processes on their users. The balance is achievable with the right technology, especially with solutions designed to operate using existing data and with minimal or no user input.

One such example is our proprietary email address age estimation solution, which can be deployed entirely free from friction. This is very important in the context of data minimisation and privacy by design, as platforms can use an email address previously collected as part of an account creation or onboarding process and streamline their age verification process without needing any user interaction.

A commercially viable solution, email address age estimation is both cost-effective and minimises the risk of conversion loss. It can help maintain high conversion rates by creating a frictionless experience while also removing the chances of fines relating to non-compliance.

By implementing solutions in this frictionless manner, businesses can meet regulatory standards without impacting the user journey, providing near-instant results, protecting conversions, and minimising any business disruption.

SN: Considering the new rules will be coming in during 2025 and Ofcom have already started warning about enforcement, what do our members need to do now to ensure they are compliant?

LG: In October 2024, Ofcom outlined progress since the enactment of the Online Safety Act and shared a timeline of key upcoming milestones. This guidance is designed to help online service providers prepare for and comply with their new legal obligations as the regulations take effect.

The Act places a legal obligation on companies providing a wide range of online services to ensure the safety of their users, particularly children. The rules apply to all in-scope services with a significant UK user base or target the UK market, regardless of the company’s location, and these businesses must now take proactive steps to assess and mitigate risks to UK users.

Starting in December 2024, online services must take action to meet their legal responsibilities under the Act. To support compliance, Ofcom will issue Codes of Practice and guidance tailored to companies within its scope. If you operate an online service, you must start preparing to meet these obligations.

The milestones are split into three key phases:

Phase one: illegal harms

Phase two: child safety, pornography and the protection of women and girls

Phase three: categorisation and additional duties for categorised services

We have summarised the timeline of Ofcom’s approach to implementing the Online Safety Act in more detail on our blog.

SN: Finally, tell us a bit more about Verifymy.

LG: Verifymy is a safety technology provider with a vision to safeguard children and society online. Spanning age verification and estimation, identity verification, content moderation and consent management, Verifymy offers frictionless, trustworthy solutions for online platforms to maintain their integrity, protect their reputation and safeguard their users.

Since its founding in 2019, Verifymy’s solutions have evolved rapidly in response to the fast-changing online and regulatory environment, including the EU’s Digital Services Act and the UK’s Online Safety Act.

Our age assurance solution is designed for any online product, service or business, and features a wide range of age verification and age estimation methods. Our age assurance solutions are deployed globally by organisations in a wide range of sectors including social media, online video gaming, e-commerce and adult.

Additionally, building on its age assurance solution, Verifymy has broadened its focus to tackle the ever-growing issue of illicit content online. Our industry-leading proprietary tech is the driving force behind our second solution, which incorporates identity verification, AI and human content moderation, complaints resolution and consent management, and is designed to prevent illegal content from being uploaded onto user-generated content platforms.

SN: Thank you for your time Lina!

You can find more about Verifymy on their website: www.verifymy.io

You can download a copy of this post here.