Joint statement to help online services keep children safe online
Ofcom and the Information Commissioner’s Office (ICO) have published a joint statement to help online services understand how to meet their age assurance obligations under the Online Safety Act and UK data protection legislation.
The two regulators are working together to protect children from harm online. Their joint statement provides practical guidance for online services likely to be accessed by children, setting out how to comply with both online safety and data protection requirements.
Key messages for online services
The guidance makes clear that
- where a minimum age is set for a service, it must be properly enforced
- age assurance methods must be effective, proportionate, and compliant with data protection law
- organisations should apply age assurance where it is necessary, given the nature and risks of their service
The joint statement summarises existing Ofcom and ICO policies and offers examples of good practice to support compliance. It follows the ICO’s recent open letter to social media and video‑sharing platforms, urging them to strengthen age assurance measures so that children cannot access services not designed for them.
Read the full joint statement on age assurance from Ofcom and ICO.
Supporting resources
Online services that need to demonstrate compliance can consider using accredited data protection certification schemes, such as
For more information, read ICO’s guidance on age assurance.
First published 25 March 2026
