The UK’s Online Safety Act, effective from July 25, 2025, mandates that all websites hosting or distributing adult content implement stringent age verification systems to prevent underage access. Failure to comply could result in sites being blocked for UK users or facing fines up to £18 million or 10% of global revenue. This law applies broadly, including traditional porn sites and platforms with user-generated explicit content like Reddit, X, and OnlyFans. Ofcom is empowered to enforce these rules by issuing takedown orders, imposing fines, and holding users or distributors accountable, even targeting overseas sites accessible in the UK. Importantly, while age verification is required, platforms must protect user privacy and avoid retaining sensitive data without consent to comply with GDPR.

Businesses operating user-to-user or search services must conduct illegal content and children’s access risk assessments by early 2025, with ongoing annual reviews to ensure compliance. Effective age-assurance tools such as facial age estimation or digital ID verification are necessary, as simply stating age restrictions is insufficient. Enforcement will prioritize cases posing real risks, especially to children, with reputational damage also a significant concern. Senior managers may face personal liability in severe cases, underscoring the importance of proactive compliance ahead of the law’s implementation.