UK Regulators Fine Online Platforms for Failing to Implement Effective Age Assurance
UK regulators issued major penalties against online services for inadequate age assurance controls intended to protect children. The Information Commissioner’s Office (ICO) fined Reddit £14.47 million for unlawfully processing children’s data, alleging that despite a stated under-13 prohibition, Reddit did not introduce an age assurance mechanism until July 2025 and had not completed a required data protection impact assessment (DPIA) before January 2025. The ICO said these failures potentially exposed minors to inappropriate content and left under-13 users’ personal data collected and used without a lawful basis; Reddit said it intends to appeal.
Separately, communications regulator Ofcom fined porn operator 8579 LLC £1.35 million under the UK Online Safety Act for failing to deploy “highly effective” age checks (e.g., photo ID matching or credit card checks) to prevent minors from accessing adult content. Ofcom also imposed an additional £50,000 penalty for allegedly ignoring information requests and warned of an ongoing £1,000/day penalty until compliant age verification is implemented, amid broader concerns from civil liberties groups about the privacy and cybersecurity risks of stringent age-verification regimes.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Reddit says it will appeal the ICO fine
Following the ICO penalty, Reddit said it plans to appeal and argued that the regulator's approach would force it to collect more private identity information from U.K. users. The company maintained that this would conflict with privacy and safety goals.
ICO fines Reddit £14.47 million over children's data and age checks
The U.K. Information Commissioner's Office fined Reddit £14.47 million, finding it unlawfully processed personal data of children under 13 and failed to implement effective age assurance. The ICO also said Reddit had not completed a required data protection impact assessment before January 2025.
Ofcom fines 8579 LLC for failing to implement age verification
Ofcom fined porn company 8579 LLC £1.35 million for not deploying required age verification on its adult sites, and added a further £50,000 for allegedly ignoring information requests. The regulator also warned of an ongoing £1,000-per-day penalty until an effective age-check system is in place.
ICO issues provisional findings to Reddit over children's privacy failings
The U.K. Information Commissioner's Office sent Reddit provisional findings alleging failures in age assurance and unlawful processing of under-13 users' data. The regulator said Reddit had not adequately protected children and had not completed a required DPIA before January 2025.
Reddit introduces age assurance measures in the UK
Reddit implemented age assurance controls in July 2025, including age prompts at account creation and third-party identity verification for users seeking mature content in the UK. The move came after the platform had previously relied largely on self-declared ages.
UK Online Safety Act age-check requirements take effect for porn sites
Ofcom required pornographic websites to implement "highly effective" age assurance measures, such as photo ID matching or credit card checks, under the U.K.'s Online Safety Act. This requirement was described as being in force from July 2025.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Reddit fined $19.5 million for failing to protect children’s personal data - Help Net Security
helpnetsecurity.com
Open sourceUK fines Reddit for not checking user ages aggressively enough - Ars Technica
arstechnica.com
Open sourceReddit Fined £14.47 Million by UK Regulator for Children's Privacy Failures
cybersecuritynews.com
Open sourceReddit fined $20 million by UK for not effectively checking users’ ages | The Record from Recorded Future News
therecord.media
Open sourceReddit issued with £14.47m fine for children’s privacy failures | ICO
ico.org.uk
Open sourceICO fines Reddit £14.47M for letting kids slip past the gate • The Register
go.theregister.com
Open sourceUK regulator fines porn company $1.8 million for failing to verify user ages | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


