opinion

What US Sites Need to Know About UK's Online Safety Act

What US Sites Need to Know About UK's Online Safety Act

In a high-risk space like the adult industry, overlooking or ignoring ever-changing rules and regulations can cost you dearly. In the United Kingdom, significant change has now arrived in the form of the Online Safety Act — and failure to comply with its requirements could cost merchants millions of dollars in fines.

The OSA became law in October 2023, and has been rolling out in phases. Aimed at regulating online content and improving internet safety in the U.K., its goal is to protect users, especially children, from illegal or harmful material online. That includes terrorism, fraud, content related to suicide or eating disorders — and of course, pornography.

The Ofcom requirements are not much different than many of the age verification laws in place in U.S. states, as well as the content compliance requirements of the card brands.

To that end, the OSA requires adult sites to implement “highly effective” age assurance measures to keep minors from viewing their content.

Meet Your Regulator: Ofcom

Ofcom is short for the Office of Communications, which is the U.K.’s media regulatory body, and its name has become synonymous with the Online Safety Act. For those in the U.S., think of it as the U.K. version of the Federal Communications Commission (FCC).

To make sure adult providers are in compliance with the Online Safety Act, Ofcom has been reaching out directly to merchants, even those outside the U.K., requesting information. If you get a message from Ofcom, you need to respond. The agency is seeking constructive dialogue, not confrontation.

Risk Assessment: Your Must-Have Document

The OSA set forth a series of milestones to help adult merchants get in compliance. One is the completion of a risk assessment, which must be updated yearly and kept on file. The risk assessment can be found here. This web page is a directory tailored to adult services and includes steps to determine whether your service falls within the scope of the legislation, how to conduct your risk assessment and how to choose an age assurance method. It also includes templates to simplify the process.

The risk assessment lists 17 types of illegal content. Merchants need to assess the risk of various types of content that appear on their site, rating each as negligible, low, medium or high. Then, they must document what safety measures are in place and how those reduce the risk. This documentation should be kept on file and available if Ofcom requests it.

Compliance Tips and Tools

For studio-produced content, the OSA’s new rules went into effect Jan. 1, 2025. Merchants that host user-generated content — such as cam and fan sites — were given a bit more time. Those sites were required to conduct a risk assessment by March 2025 and must have consumer age assurance in place by July 25.

For anyone reading this and feeling a bit behind the eight ball, the Ofcom requirements are not much different than many of the age verification laws in place in U.S. states, as well as the content compliance requirements of the card brands. If you are complying with those laws and regulations, you will likely already be in good shape when it comes to meeting OSA standards.

The Online Safety Act also offers a clearer definition of what constitutes effective and acceptable age assurance than do most state age verification laws in the U.S., and Ofcom offers specific tools that you can use to comply. Those include age estimation, meaning that a service estimates a user’s age; and age verification, meaning that the user provides actual proof of their age. For adult content, services must use one of these methods to ensure that U.K. users are over 18.

In order to allow innovation and accommodate budgets, Ofcom chose not to prescribe one specific method. Instead, a variety of age assurance methods are permissible. Services can use facial age estimation, credit card checks, open banking, mobile network checks or email-based age verification. The method must meet Ofcom’s standards for technical accuracy, robustness, reliability and fairness.

Global Reach, Real Consequences

It’s important to recognize that this law applies to everyone, not just U.K.-based merchants. Ofcom has contacted a number of merchants outside of the U.K., asking for their risk assessments and contact information. Ofcom prioritizes which merchants to reach out to, based on factors like risk of harm, user volume and sector. Ofcom will also respond to tips or concerns. If the agency hears about an issue, it will request a risk assessment. This is similar to how the card brands research potential issues.

What happens if you don’t comply? If a service ignores communications and fails to meet requirements, the consequences can be severe: fines of up to 18 million pounds — $24 million — or 10% of global revenue, whichever is greater; and potential loss of U.K. market access. Merchants that respond and show their willingness to comply will be given time and guidance to get there.

With the Supreme Court's recent ruling in favor of age verification laws in the U.S., the European Union ramping up enforcement of the Digital Service Act, and individual nations enforcing their own online safety laws, this is a good time for adult merchants to assess what systems they have in place to comply with the Online Safety Act and similar laws around the globe.

Cathy Beardsley is president and CEO of Segpay, a merchant services provider offering a wide range of custom financial solutions. Under her direction, Segpay has become one of four companies approved by Visa to operate as a high-risk internet payment services provider. For questions or help, contact sales@segpay.com or compliance@segpay.com.

Related:  

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

Ricci Levy on Standing Up for the Right to Be Heard

When Ricci Levy speaks about human rights, she does not use detached, academic language. She speaks with urgency, emotion and the kind of passion that immediately makes it clear just how deeply personal this work is for her.

Women In Adult ·
opinion

Lessons From Decades of Building the Adult Internet

After my first year of college, I needed a job. So I did what people did back then: I opened the newspaper and started scanning the classifieds. One listing stood out: “Image Librarian.” I had no idea what that meant, but I applied, and got the job.

Tanguy ·
opinion

How to Build a Cross-Border Payment Strategy

Pull up your analytics and you’ll likely find that international traffic is already on your site. Some of those visitors convert, but a lot more bounced at checkout — and a meaningful chunk tried to pay but were declined.

Joe Fredricks ·
opinion

The KPIs That Keep Payment Processing Humming While You're Away

I always look forward to the summer as my kids are home and I can plan little trips with them to reconnect and have some fun. If you’re like me, however, you probably never go on vacation without your laptop, so you can check in or lurk in the background to make sure all systems remain go.

Cathy Beardsley ·
opinion

What Utah's SB 73 Means for Compliance Requirements

Utah has once again positioned itself at the center of the national battle over online age verification and adult-content regulation.

Corey D. Silverstein ·
profile

Clips4Sale's Christy on Backing Creators and Fueling Growth

Understanding the industry from within goes beyond data. For Christy, Manager of Creator Experience at Clips4Sale, that insight is shaped by front-line conversations and years spent listening not just to trends, but to people.

Women In Adult ·
opinion

Breaking Down AI-Powered Moderation and Platform Safety

Adult platforms, including content sites, cam services and dating apps, consistently face a range of high-risk challenges. These include verifying consent, particularly for user-uploaded content, addressing nonconsensual material such as leaks and so-called revenge porn, and ensuring effective age verification and protection for minors. At the same time, platforms must manage content moderation at scale while addressing payment fraud, scams, harassment and user abuse.

Christoph Hermes ·
opinion

How to Optimize Subscription Billing for Compliance and Stability

The Federal Trade Commission’s “click to cancel” rule is coming back around. Last year, a federal appeals court vacated the FTC’s Negative Option Rule, aimed at addressing deceptive or unfair practices and making it easier for consumers to cancel online subscriptions.

Jonathan Corona ·
opinion

Key Strategies for Streamlining Payment Processing Approval

Why is it taking so long to get my account approved? It's frustrating for everyone involved, but it's all part of the process. Over the past year, timelines have stretched to 60 days or more for merchants to complete onboarding, from internal compliance review to banking partner approval and final card brand registration.

Cathy Beardsley ·
opinion

What to Know About Alabama's Regulatory Push on Adult Content

Over the past two years, Alabama has quietly but aggressively transformed itself into one of the most restrictive and unfriendly jurisdictions for the adult entertainment industry. Through the enactment of House Bill 164 and related enforcement mechanisms, the state has layered taxation, compliance burdens and content restrictions in a way that goes far beyond traditional regulation.

Corey D. Silverstein ·
Show More