Skip to main content

What is the UK Online Safety Act (and what are the cyber security implications)?

21st August 2025

New regulations are designed to protect children from adult content: but could these methods pose a security risk?

In the last few weeks, the UK government began to enforce a set of policies established in the UK Online Safety Act. Starting from July 25th, any site hosting adult content would need to ask users to verify their age before continuing to access the website. The aim of this is to stop under 18s from accessing content that they shouldn’t be seeing.

We’re not here to discuss if this is a good strategy or not: instead, we want to explore the implications from a cyber security perspective. When asked to give ID, users must give one of the following:

·       Facial age estimation (from a scan of the user’s face)

·       Photo ID (passports, driver’s license)

·       Credit card or banking verification

·       Mobile network operator checks

Each of these methods involves private, personal data being collected and stored, which could lead to identity theft if the information was to ever be breached. Through facial scans or ID bad actors could gain access to account details, while banking information could put users’ finances at risk.

Additionally, these new regulations have resulted in smaller platforms having to shut down their UK operations. Platforms must now filter out harmful content, adjust algorithms and store and process data securely: none of which is simple or cheap to do.

However, the cost of not meeting compliance standards is higher, as fines can go as high as £18 million, or 10% of global revenue, or executives may be charged with criminal liability if the terms are not met.

As a result of these factors, users have faced the new requirements with a lot of mistrust. There has been a 1400% spike in VPN usage in the UK since the act was introduced, with many users not wanting their data to be stored.

So, what would we advise? No database is 100% secure, so if you give over any personal data, you will risk it being compromised down the line. VPNs are widely available, but if you don’t want to use one and still need to access these sites, we recommend using only one form of ID across all of them.

For more advice on the UK Online Safety Act, please contact Interfuture Security.

YouTube: https://youtu.be/FTOt2o6vgMY

Back to top