Ofcom publishes Protection of Children Codes of Practice and guidance

24 Apr 2025 02:42 PM

Ofcom has published its landmark Protection of Children Codes of Practice and guidance, in a policy statement outlining new protections for children online.  

The regulators policy statement is accompanied by six volumes detailing decisions, regulatory documents, and guidance. 

Providers of services likely to be accessed by children must now complete children’s risk assessments by 24 July 2025.  

From 25 July 2025, providers will need to take the steps laid down in the Codes or use other effective measures to protect children. 

Key Documents: 

• Statement: Protecting children from harms online (list of volumes, supporting documents and appendices) 
• Codes of Practice at a glance 
• Volume 4: What should services do to mitigate the risks of online harms to children? 

Outline of Volumes:  

• Volume 1: Overview, scope and regulatory approach - sets out the scope of the statement, including an introduction to Ofcom’s duties and online safety functions and the children’s safety duties, and regulatory approach. 
• Volume 2: The causes and impacts of online harm to children - presents Ofcom’s approach to three regulatory products: Ofcom’s Children’s Register of Risks, Children’s Risk profiles, and Ofcom Guidance on Content Harmful to Children. 
• Volume 3: Assessing the risks of harms to children online - sets out Ofcom approach to governance and risk management across this statement and as well as the approach to the guidance Ofcom are required to produce for service providers completing children’s risk assessments. Ofcom’s Children’s Risk Assessment Guidance is published separately. 
• Volume 4: What should services do to mitigate the risk of online harms to children? - outlines the regulatory framework and practical measures that online services must implement to protect children under the UK's Online Safety Act. This comprehensive document builds upon previous consultations and emphasises a higher standard of protection for children compared to adults.​These measures form Ofcom’s Codes, which are published separately for user-to-user services and for search services. 
• Volume 5: Annexes - includes details of the assumptions used in Ofcom’s economic assessment, legal framework, equality, summary of additional measures proposed by stakeholders, and glossary. 
• Volume 6: Illegal harms further consultation: User Controls - sets out Ofcom’s proposal to amend Measures ICU J1 (blocking and muting) and ICU J2 (disabling comments) in the Illegal Content Codes of Practice, bringing providers of certain smaller user-to-user services that are likely to be accessed by children into scope of these measures where they have relevant risks and functionalities. Ofcom are proposing that providers should either use highly effective age assurance to offer child users the option to block and mute other users and disable comments on their content or should offer these controls to all users on the parts of the service that are accessible by children. 
• Ofcom welcome stakeholder comments on these proposals by 5 PM on 22 July 2025.  

Summary of the Child Safety Codes (Volume 4)  

In Volume 4 Ofcom have provided an outline of key decisions on their approach to the Codes and the measures. These include: 

• updating Recommender Systems measures to provide stronger protections for children and more clarity for providers;   
• establishing a strong baseline level of protection for children of all ages, while encouraging providers to consider appropriate action for children in different age groups;  
• providers of user-to-user services that allow harmful content should use highly effective age assurance to determine which of their users are adults; 
• confirming proposals that certain measures should apply to content categories beyond those specifically identified in the Act (i.e. to non-designated content or NDC);  
• providers of large general search services should protect users determined to be children by applying a ‘safe search’ setting which filters primary priority content (PPC) out of their search results; and 
• confirming which services measures should apply to (with some adjustments) so that in most cases, we recommend measures for all services with relevant risks and functionalities, regardless of size.  
• Ofcom’s approach focuses on services which pose the highest risks for children. This is in line with the requirement to take a proportionate approach. 

Next Steps: 

• Risk assessments: All in-scope services likely to be accessed by children in the UK will be required to complete their children’s risk assessment by 24 July 2025. The steps that providers should take to conduct children’s risk assessments are set out in Ofcom's Children’s Risk Assessment Guidance.  Ofcom have also updated existing record-keeping and review guidance to include specific guidance on record-keeping for children’s risk assessments. 
• Codes of Practice: From 25 July, as long as the Codes complete the UK Parliamentary process, service providers will need to take the steps laid down in the Codes or use other effective measures to protect children. By the same date, all services which allow pornography must have highly effective age assurance in place to prevent UK children from accessing it.    
• Consultation: Illegal harms: user controls: Ofcom are consulting on proposals that seek to expand the application of blocking and muting user accounts and disabling comments measures in the Illegal Content Codes (Volume 6) to a wider range of services. This decision is due to Ofcom now considering it proportionate for these measures to apply to certain smaller services that are likely to be accessed by children. The deadline for stakeholder comments on these proposals by 5 PM on 22 July 2025.  

How Ofcom is supporting industry   

Ofcom will be expanding their digital toolkit to provide support to service providers completing the children’s risk assessments and complying with the children’s safety duties. This toolkit for children’s safety duties will be available on the Guide for Services section of the Ofcom website. The are also producing the upcoming events: 

Ofcom Presentation at techUK Digital Regulation Group Meeting | 30th April 

techUK members are invited to attend the next Digital Regulation Group Meeting on Wednesday 30 April, 09:30-11:00 - where Ofcom's Protection of Children team will deliver a presentation on the Children’s Safety Codes followed by Q&A. To register for this session either online or in person, please do so here.   

Ofcom Webinar - The Online Safety Act Explained: How to comply with the rules to protect children’ | 4th June  

Ofcom will be actively engaging with service providers through their supervisory and promoting compliance activities. Ofcom are also arranging an online conference on 4 June 2025 – ‘The Online Safety Act Explained: How to comply with the rules to protect children’. This conference will include a mix of short practical sessions and topical deep dives to support providers on their path to compliance.   

• Register your interest for the OSA Explained conference using this link and Ofcom will contact you with more details and information on how to secure your place.  

Please contact Samiah Anderson (Samiah.anderson@techuk.org) if you have any questions about techUK’s online safety work.