Tuesday, April 14, 2026
Latest:
  • Loading stock data...
Ofcom

Ofcom Online Safety Bulletin – December 2025

Sean Nolan

Coming to the close of 2025, we have already observed significant shifts across industry during the early stages of the UK’s online safety regulatory regime. While there have been encouraging areas of progress, looking ahead to 2026 we want to see providers of online services delivering meaningful, measurable improvements for users online. 

We have reflected on this progress, and our strategic priorities for 2026, in our first summary report on the technology sector’s response to the UK’s new online safety rules. 

One of these priorities is providing a safer life for women and girls’ online. On 25 November we published new guidance, which sets out nine areas for technology firms to improve women and girls’ online safety by taking responsibility, designing their services to prevent harm and supporting their users.

Looking ahead, we have published an update to our timelines for the key deliverables on our regulatory roadmap – outlining the timings for future codes, guidance, consultations, and statutory reports as we continue implementing the Act. 

We continue to support regulated service providers through our accessible guidance and interactive digital tools. As part of this we have now created a digital library, so all current regulatory documents and guidance are in one place, and we launched new guidance for the gaming industry and file-storage and file-sharing services.

Taking action on online safety

Online Safety in 2025 Report

On 4 December we published our first summary report on the technology sector’s response to the UK’s new online safety rules. Its purpose is to shine a light on how the tech industry is acting to keep UK people safe online and reduce their experience of harm. The report draws upon insights from across our work, including analysis of illegal harms risk assessments and our user focused research. 

As we look ahead to 2026, we’ve set out the key priorities for industry. These build on the priorities and progress made this year, and you can explore the full detail in our Online Safety in 2025 report.

Making sure that age checks are effective

The top 100 most popular pornography providers, and other major services that allow pornography, must ensure they are using highly effective age assurance in line with our guidance, making it even harder for children to access harmful content. We will take further enforcement action where our evidence suggests this is not the case.

Stronger child protections

The services most used by children (including Facebook, Instagram, TikTok, YouTube, Roblox and Snap) must provide us with comprehensive information about the practical steps they are taking to protect children. They must prioritise risks associated with personalised feeds and improve their content moderation and recommender systems where needed, in line with our Codes. 

Preventing child sexual abuse and grooming

We will expand our focus on services that present a high risk of child sexual abuse material (CSAM) beyond file-sharing and assess major services’ measures to protect children from potentially risky contact by adults. Subject to the outcome of our current consultation on additional safety measures, these services should adopt automated technologies to detect new CSAM material, where these are accurate and effective. 

More effective removal of terror and illegal hate content

Major service providers must ensure their content moderation processes work effectively, taking account of our Codes. 

Safer experiences for women and girls

Service providers should carefully consider and implement our guidance to prevent harm to women and girls and support users, including meeting their duty to tackle non-consensual intimate image sharing. We will report in the first half of 2027 on their progress.  

Clearer risk oversight

Providers must send their risk assessments to us, on request, between 1 May-31 July 2026, taking account of the areas for improvement highlighted in our report on this year’s assessments, including confirming to us the named individual inside their business who is responsible for those assessments. We expect the relevant categorised services to have published summaries of their risk assessments by October 2026. We will also monitor whether providers are adequately assessing risks before they make significant changes to their products, such as introducing relevant AI functionalities.

Risk assessment standards and improvements

Alongside the Online Safety in 2025 Report, we have also published our analysis of risk assessment records from the first year of the duties being in force. In 2025, we requested and received 104 risk assessment records under our risk assessment enforcement programmes. Our analysis of the records revealed notable issues in the way providers conducted risk assessments and kept records.  

The five areas of improvement we highlight are:

  1. Assess all kinds of illegal and harmful content
  2. Improve analysis of features, functionalities and other characteristics
  3. Demonstrate confidence in controls
  4. Base decisions on relevant evidence
  5. Implement appropriate risk governance   

We will be providing supervised service providers with bespoke feedback on where their risk assessment records have fallen short and, in 2026, will request for relevant providers to send us their illegal content and children’s risk assessment records between 1 May and 31 July. We will take enforcement action where necessary improvements have not been made.

Small but risky services update

Alongside our work with the largest and most-used online platforms, Ofcom’s Small but Risky Services Taskforce was established in 2024 to tackle the distinct challenges posed by online platforms with small userbases but high potential for harm. These services, typically used by around 1% or less of the UK population as active monthly users, often feature high-risk functionalities or foster harm-endorsing cultures.

The taskforce works to ensure compliance with the Online Safety Act, focusing on platforms hosting priority harm content such as CSAM, hate and terror content, suicide, self-harm, eating disorder forums, and violence against women and girls.

This year, the taskforce has concentrated on several high-risk areas, including file-sharing and file-storage services which pose particular risks of CSAM. Through targeted engagement, we have secured improvements and protections across dozens of platforms and seen several geo-block the UK or close down entirely. The improvement in safety standards secured will make it much harder for CSAM to be shared on these services. This approach complements Ofcom’s broader compliance and enforcement efforts, securing online safety improvements faster across a wider range of services.

Enforcement progress

We have continued our enforcement work where providers of online services are failing to meet their duties under the Online Safety Act, focusing our efforts where we consider the risk to UK users to be greatest. Since our last bulletin, we have made progress in a number of areas, including issuing formal compliance decisions and penalties, closing investigations where providers have taken steps to leave the UK market and successfully concluding compliance remediation periods.

What you need to know and do

Obligations for regulated services

Industry fees

The Online Safety Act 2023 requires that Ofcom’s operating costs for the online safety regime are recovered through fees imposed on certain providers of regulated services. Providers whose “qualifying worldwide revenue” is above the £250m threshold set by the Secretary of State for Science, Innovation and Technology have a duty to pay these fees. Specifically, providers of regulated services will, in respect of a charging year, need to: 

  1. Notify Ofcom in certain circumstances. 
  2. Pay online safety fees to Ofcom if their QWR in the qualifying period meets or exceeds the QWR threshold and they are not exempt 

Subject to the Parliamentary process, these Regulations will come into effect on 11 December 2025. Once in force, there will be a four-month notification window for relevant platforms to submit their revenue data to Ofcom for the 2026/27 charging year. 

You can visit the OS fees page, which collates our fees publications and provides resources to register for the fees portal. Further updates relating to relevant fees guidance and consultation documents can be found below.

Guidance

Strengthening protections for women and girls online

After consulting in February 2025, we published our guidance for improving women and girls’ online safety on 25 November 2025. This guidance sets out how platforms can take action against harmful content and activity that affects women and girls, in recognition of the unique risks they face online. Currently:

  • 98% of intimate images reported to the Revenge Porn Helpline were of women.
  • 99% of deepfake intimate image abuse depicts women.
  • Every case reported to the National Stalking Helpline includes online contact or monitoring.
  • 77% of women are not comfortable expressing political opinions online because they fear being targeted with abuse.
  • Nearly 70% of boys aged 11-14 have been exposed to online content that promotes misogyny and other harmful views.

Ofcom has written to sites and apps outlining the urgent need for industry-wide action, setting an expectation for all tech firms to take immediate action in line with the guidance.

We will publish an assessment of how providers are keeping women and girls safer on their services in May 2027, around 18 months after the guidance is issued.

We have also launched a new Women and Girls’ Online Safety hub to bring together practical resources for service providers. It also links to Ofcom’s research on online hate and abuse, and signposts to specialist support organisations for those affected by these harms.

Update: Data Preservation Notices and Information Powers Guidance 

On 15 December, we will publish our statement on Data Preservation Notices and updated Online Safety Information Powers Guidance following our consultation earlier in the year. These updates relate to our powers under section 101 of the Online Safety Act in relation to Data Preservation Notices and Coroner Information Notices.

Final Online Safety fees guidance on QWR and Notification Processes Released

Following our consultations that ran earlier this year for online safety fees QWR and Notification Guidance, we have released a combined statement on Guidance on Qualifying Worldwide Revenue and Notification guidance. This statement outlines our final guidance to support providers in calculating their QWR figure, how to navigate the notifications process and what evidence is required for returns.

To read the full Bulletin, please click here.

Global Dating Insights is part of the Industry Insights Group. Registered in the UK. Company No: 14395769