Ofcom outlines broader enforcement priorities under UK Online Safety Act
Ofcom says its online safety work for 2026–27 will focus on child protection, illegal hate content, terrorism, and harms targeting women and girls, while expanding implementation of the Online Safety Act.
Ofcom has published new details on how it plans to prioritise enforcement and implementation work under the UK’s Online Safety Act during the 2026–27 financial year.
The regulator says it is now operating on several fronts simultaneously. This includes enforcing existing obligations under the Act, preparing new codes and technical measures, and responding to additional legislation currently being introduced by the UK government.
A major focus remains child protection. Ofcom states that most major pornography platforms accessible in the UK now use age checks, following regulatory pressure. The regulator also points to changes adopted by services including Roblox, Tinder, Discord, and X in response to online safety requirements.
The document also highlights future enforcement priorities. Ofcom says it will intensify work related to terrorism content, illegal hate speech, intimate image abuse, and AI-generated sexual deepfakes. Planned measures include a new technical standard for ‘hash-matching’ systems intended to prevent re-uploading of known non-consensual intimate imagery.
Another issue is scale. The regulator estimates that more than 100,000 online services fall within the scope of the Online Safety Act, covering over 130 priority offences. Ofcom says this has required it to make strategic decisions about where to focus resources, particularly between large mainstream platforms and smaller high-risk services.
The regulator also signals increasing attention to generative AI. Recent legislation allows additional AI services to be brought under the Online Safety Act, while consultations linked to the government’s child safety agenda may introduce further duties affecting online platforms.
Rather than relying only on fines, Ofcom describes a broader compliance model based on supervision, direct engagement with companies, and targeted enforcement. The regulator argues that in some cases private supervisory pressure can produce faster operational changes than formal investigations alone.
