Ofcom publishes first post-OSA assessment of the tech sector
Ofcom’s first assessment since the Online Safety Act came into force highlights early progress, remaining gaps, and what businesses should expect in 2026.
On 4 December, Ofcom published its first assessment of how the technology sector has responded to the Online Safety Act (OSA) since major duties came into force earlier this year. The report sets out the regulator’s view of progress made so far, the areas where expectations have not yet been met, and the direction of travel in 2026.
For businesses operating in scope of the OSA, the report provides an insight into Ofcom’s view of the regulatory environment. It sets out how the regulator intends to approach 2026 and highlights the issues that companies will need to prepare for over the coming year.
A year of transition: OSA Implementation
2025 marked the first year where many of the OSA’s requirements translated into live operational changes for services. Providers have now completed their first statutory risk assessments and introduced new safety measures across content moderation, age assurance and product design. Ofcom notes that this has already resulted in visible change for users, particularly around strengthened age assurance, reduced access to high-risk content, and updates to reporting tools.
However, the regulator also highlights that these early efforts vary significantly in quality. Many providers did not name a senior individual responsible for the risk assessment process, and in a substantial number of cases, assessments of illegal and harmful content were inconsistent or incomplete. Ofcom also reports that risks arising from service design, such the algorithmic visibility of harmful content, were often only lightly addressed. In several assessments, providers did not set out how they would monitor the effectiveness of their measures over time. These gaps, Ofcom will pay sharper attention to in the next year.
Priority areas for 2026
A significant portion of the report highlights the areas where Ofcom expects providers to “go further” in the year ahead. For businesses, these priorities are useful signals of where regulatory scrutiny will likely be most intense:
1. Effective age assurance
Ofcom recognises that age-check systems have been rolled out by a wide range of services, including areas where content poses the highest risk. However, it is clear that the next step will involve evaluating whether these systems are accurate, reliable, and proportionate. The regulator notes concerns about over-moderation and inconsistent implementation. It also highlights a need for clearer evidence on how children’s experiences have changed following deployment.
For businesses, this reinforces the importance of understanding the performance, privacy impacts, and unintended consequences of any age assurance approach they adopt.
2. Stronger protections for children
Children’s safety remains central to Ofcom’s programme for 2026. While a wide range of platforms popular with under-18s have expanded safety features, Ofcom identifies areas where industry’s own assessment of risk may underestimate potential harms. Notably, no service in scope classified itself as presenting a “high” risk of exposing children to suicide or self-harm content, despite this being one of the key harm categories Ofcom has prioritised. The regulator suggests that some providers relied on weak or insufficient justifications when assigning low or negligible risk levels, and reiterates that where evidence is inconclusive, services should adopt a precautionary approach.
Looking ahead, Ofcom plans to collect more detailed information from the largest platforms early in 2026, including evidence on how personalised feeds and recommendation systems are configured to minimise harmful content exposures. Providers will also be expected to demonstrate how they validate whether their interventions are working in practice, particularly in light of Ofcom’s finding that 70% of children reported encountering some form of harmful content in the four weeks prior to the survey period..
3. Tackling child sexual abuse material (CSAM) and grooming
Ofcom identifies online sexual exploitation as an area where progress has been uneven. While many services are using hash-matching or proactive detection technologies, gaps remain, particularly among smaller providers and in high-risk service categories.
In 2026, the regulator intends to broaden its enforcement focus beyond file-sharing services, looking more closely at how different types of services prevent harmful contact and identify illegal material. Businesses should be prepared for closer examination of detection systems, reporting pathways, and the strength of internal escalation procedures.
4. Illegal content and content moderation processes
While most services have core moderation systems in place, Ofcom found that many risk assessments provided limited detail on how these systems operate in practice or how providers test their effectiveness. In several cases, providers did not fully account for risks relating to child sexual abuse material or terrorist content, despite these being priority areas for enforcement. The regulator also notes gaps in providers’ descriptions of how their detection tools, recommender systems, or automated workflows reduce risk, and how these interventions are monitored for effectiveness over time.
As a result, Ofcom will place greater emphasis in 2026 on auditing the robustness of providers’ moderation processes. This includes examining whether services are effectively removing illegal content, whether recommender systems inadvertently elevate harmful material, and whether governance structures support timely updates when new risks emerge.
5. Governance and accountability
One of the clearest messages from Ofcom’s assessment is the priority on strengthened internal governance. Around two-thirds of the risk assessments Ofcom reviewed did not name a specific individual responsible for producing or overseeing the assessment, despite the regulator’s guidance recommending this as a core part of good record-keeping. Ofcom also highlights widespread gaps in how risks were documented and justified, including missing evidence inputs and limited explanation of how providers determine that their safety measures are effective.
In 2026, governance arrangements will therefore form a major area of scrutiny. Services will be expected to demonstrate clearer ownership of risk, more detailed documentation of the reasoning behind risk level decisions, and greater use of internal and external evidence sources when assessing harms. The regulator is particularly focused on ensuring that risk assessments are not treated as one-off exercises but form part of an ongoing process as services evolve.
Wider sector insight
While the report focuses on compliance, it also reflects broader shifts in the digital environment. Ofcom’s commentary highlights emerging challenges including:
Generative AI and chatbots, where new safety risk, such as harmful outputs, deepfakes, and inappropriate interactions, require updated risk assessments.
VPN usage among children, which Ofcom is monitoring to understand whether it undermines safety interventions - Ofcom is unsure how much of the spike is driven by children.
New forms of fraud and online scams, which remain among the most common harms experienced by UK users.
Developing regulatory technologies, with Ofcom pointing to increasing uptake of machine-learning-based moderation tools and cross-industry collaboration.
For industry, these observations suggest a regulatory landscape that is highly adaptive and responsive to emerging risks, rather than static or purely compliance-driven.
Conclusion
Ofcom’s first post-OSA assessment provides valuable clarity on how the regulator views the sector’s progress and where it believes further action is required. For techUK members, the direction Ofcom desire is clear: the next 12 months will be characterised by deeper scrutiny and more expectations of more robust systems.
techUK will continue to review developments and engage with members as Ofcom’s supervision and enforcement activity evolves. We encourage members interested in the online safety policy area to join our Digital Regulation Group (members-only), as well as sign-up to Policy Pulse – our weekly tech policy newsletter open to all.
Contact techUK team
Samiah Anderson
Head of Digital Regulation, techUK
Samiah Anderson
Head of Digital Regulation, techUK
Samiah Anderson is the Head of Digital Regulation at techUK.
With over seven years of Government Affairs expertise, Samiah has built a solid reputation as a tech policy specialist, engaging regularly with UK Government Ministers, senior civil servants and UK Parliamentarians.
Before joining techUK, Samiah led several public affairs functions for international tech firms and coalitions at Burson Global (formerly Hill & Knowlton), delivering CEO-level strategic counsel on political, legislative, and regulatory issues in the UK, EU, US, China, India, and Japan. She is adept at mobilising multinational companies and industry associations, focusing on cross-cutting digital regulatory issues such as competition, artificial intelligence, and more.
She holds a BA (Hons) in Politics, Philosophy, and Economics from the University of London, where she founded the New School Economics Society, the Goldsmiths University chapter of Rethinking Economics.
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Oliver is a Junior Policy Manager at techUK, working across Public Affairs and Digital Regulation policy. He supports the organisation’s engagement with government and parliament, contributes to shaping techUK’s regulatory agenda, and plays a key role in coordinating political outreach, policy projects, and flagship events.
He joined techUK in November 2023 as a Team Assistant to the Policy and Public Affairs team, before stepping into his current role. He has been closely involved in efforts to ensure the tech sector’s voice is heard in the policymaking process.
Oliver holds a Master’s in Policy Research from the University of Bristol and a BSc in Policy from Swansea University. During his studies, he contributed to mental health research as a Student Research Assistant for the SMaRteN network.
Outside of work, Oliver is a keen debater and remains active in the UK debating community, having previously led the Swansea University Debating Union. He enjoys exploring complex issues from multiple perspectives and values clear, thoughtful communication in policy discussions.
techUK's Policy and Public Affairs Programme activities
techUK helps our members understand, engage and influence the development of digital and tech policy in the UK and beyond. We support our members to understand some of the most complex and thorny policy questions that confront our sector. Visit the programme page here.
techUK Report - Technology’s Role in the fight against Online Fraud
techUK is excited to announce its Anti-Fraud Report 2025, "Technology’s Role in the Fight Against Online Fraud"
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Antony Walker is deputy CEO of techUK, which he played a lead role in launching in November 2013.
Antony is a member of the senior leadership team and has overall responsibility for techUK’s policy work. Prior to his appointment in July 2012 Antony was chief executive of the Broadband Stakeholder Group (BSG), the UK’s independent advisory group on broadband policy. Antony was closely involved in the development of broadband policy development in the UK since the BSG was established in 2001 and authored several major reports to government. He also led the development of the UK’s world leading Open Internet Code of Practice that addresses the issue of net neutrality in the UK. Prior to setting up the BSG, Antony spent six years working in Brussels for the American Chamber of Commerce following and writing about telecoms issues and as a consultant working on EU social affairs and environmental issues. Antony is a graduate of Aberdeen University and KU Leuven and is also a Policy Fellow Alumni of the Centre for Science and Policy at Cambridge University.
As Head of Public Affairs, Alice supports techUK’s strategic engagement with Westminster, Whitehall and beyond. She regularly works to engage with ministers, members of the UK’s parliaments and senior civil servants on techUK’s work advocating for the role of technology in the UK’s economy as well as wider society.
Alice joined techUK in 2022. She has experience working at both a political monitoring company, leading on the tech, media and telecoms portfolio there, and also as an account manager in a Westminster-based public affairs agency. She has a degree from the University of Sheffield in Politics and Philosophy.
Edward leads the Digital Economy programme at techUK, which includes our work on online safety, fraud, and regulation for growth initiatives.
He has prior experience working for the Department for Digital, Culture, Media and Sport and has previously worked for a number of public affairs consultancies specialising in research and strategy, working with leading clients in the technology and financial services sectors.
Nimmi Patel is the Associate Director of Policy at techUK. She works on all things skills, education, and future of work policy, focusing on upskilling and retraining. Nimmi is also an Advisory Board member of the Digital Futures at Work Research Centre (digit). The Centre’s research aims to increase understanding of how digital technologies are changing work and the implications for employers, workers, job seekers, and governments.
Prior to joining the techUK team, she worked for the UK Labour Party and New Zealand Labour Party, and holds an MA in Strategic Communications at King’s College London and BA in Politics, Philosophy and Economics from the University of Manchester. She also took part in the 2024-25 University of Bath Institute for Policy Research Policy Fellowship Programme and is the Education and Skills Policy Co-lead for Labour in Communications.
Samiah Anderson is the Head of Digital Regulation at techUK.
With over seven years of Government Affairs expertise, Samiah has built a solid reputation as a tech policy specialist, engaging regularly with UK Government Ministers, senior civil servants and UK Parliamentarians.
Before joining techUK, Samiah led several public affairs functions for international tech firms and coalitions at Burson Global (formerly Hill & Knowlton), delivering CEO-level strategic counsel on political, legislative, and regulatory issues in the UK, EU, US, China, India, and Japan. She is adept at mobilising multinational companies and industry associations, focusing on cross-cutting digital regulatory issues such as competition, artificial intelligence, and more.
She holds a BA (Hons) in Politics, Philosophy, and Economics from the University of London, where she founded the New School Economics Society, the Goldsmiths University chapter of Rethinking Economics.
Audre joined techUK in July 2023 as a Policy Manager for Data. Previously, she was a Policy Advisor in the Civil Service, where she worked on the Digital Markets, Competition and Consumers Bill at the Department for Science, Innovation and Technology, and at HM Treasury on designing COVID-19 support schemes and delivering the Financial Services and Markets Bill. Before that, Audre worked at a public relations consultancy, advising public and private sector clients on their communications, public relations, and government affairs strategy.
Prior to this, Audre completed an MSc in Public Policy at the Korea Development Institute and a Bachelor's in International Relations and History from SOAS, University of London. Outside of work, she enjoys spending time outdoors, learning about new cultures through travel and food, and going on adventures.
Archie Breare joined techUK in September 2022 as the Telecoms Programme intern, and moved into the Policy and Public Affairs team in February 2023.
Before starting at techUK, Archie was a student at the University of Cambridge, completing an undergraduate degree in History and a master's degree in Modern British History.
In his spare time, he likes to read, discuss current affairs, and to try and persuade himself to cycle more.
Dani joined techUK in February 2025 as a Policy Manager in the Digital Regulation team.
Prior to this, Dani worked in political monitoring where she was a consultant for Digital, Culture, Media and Sport. In this role, she developed a strong understanding of parliamentary procedure, closely following all of the major developments in the tech centre and working with several key stakeholders and regulators.
She has an undergraduate degree in History from the University of Bristol and an MPhil in Modern European History from the University of Cambridge.
Outside of tech, Dani has a strong interest in addiction policy, particularly towards drugs, having written her dissertation on the topic as well as several subsequent research projects. In her spare time, she enjoys cooking and following all things motoring, whether that be F1, MotoGP or Formula E.
Oliver is a Junior Policy Manager at techUK, working across Public Affairs and Digital Regulation policy. He supports the organisation’s engagement with government and parliament, contributes to shaping techUK’s regulatory agenda, and plays a key role in coordinating political outreach, policy projects, and flagship events.
He joined techUK in November 2023 as a Team Assistant to the Policy and Public Affairs team, before stepping into his current role. He has been closely involved in efforts to ensure the tech sector’s voice is heard in the policymaking process.
Oliver holds a Master’s in Policy Research from the University of Bristol and a BSc in Policy from Swansea University. During his studies, he contributed to mental health research as a Student Research Assistant for the SMaRteN network.
Outside of work, Oliver is a keen debater and remains active in the UK debating community, having previously led the Swansea University Debating Union. He enjoys exploring complex issues from multiple perspectives and values clear, thoughtful communication in policy discussions.
Tess joined techUK as an Policy and Public Affairs Team Assistant in November of 2024. In this role, she supports areas such as administration, member communications and media content.
Before joining the Team, she gained experience working as an Intern in both campaign support for MPs and Councilors during the 2024 Local and General Election, and working for the Casimir Pulaski Foundation on defence and international secuirty. She has worked for multiple charities, on issues such as the climate crisis, educational inequality and Violence Against Women and Girls (VAWG). In 2023, Tess obtained her Bachelors of Arts in Politics and International Relations from the University of Nottingham.
The UK has a world-leading regulatory system that supports the economy while protecting the society. However, strategic reforms to the UK’s regulatory regime could help unlock its full potential as a vital catalyst for growth, bringing considerable rewards across industry.
