The UK Online Safety Act 2023 applies to a broad range of services that allow users to encounter harmful content. Forums, comment sections, and community platforms can fall in scope when they host user-generated content that may be harmful to children. Ofcom, the regulator, has made clear that "highly effective" age assurance is expected where the service is likely to be used by under-18s and exposes them to such content.

Ofcom’s guidance (January 2025) lists methods it considers highly effective: photo ID matching, facial age estimation, Open Banking–based checks, mobile network operator verification, and accredited digital identity services. Self-declaration of age or unverified payment methods alone are not considered sufficient. The regulator has already opened investigations and issued fines, so treating this as a future problem is no longer an option.

For forums and community platforms, the practical challenge is balancing friction and compliance. Full ID upload on every visit is unrealistic. Privacy-preserving age verification can help: the user proves age once (e.g. via a trusted provider), and the platform receives only a signed assertion (e.g. "18+") or token, with no need to store documents or faces. Returning users can re-verify with a quick check (e.g. face-only) without resubmitting ID.

If your service is in scope, the next steps are to confirm your risk profile, choose an age-assurance approach that meets Ofcom’s bar, and ensure you can demonstrate compliance (e.g. via audit logs or verification receipts) when asked.