Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
enforcement-actionprivacy-surveillance-policycybersecurity-regulation

UK Regulators Fine Online Platforms for Failing to Implement Effective Age Assurance

Updated 2d agoFirst seen Feb 24, 20267 sources

UK regulators issued major penalties against online services for inadequate age assurance controls intended to protect children. The Information Commissioner’s Office (ICO) fined Reddit £14.47 million for unlawfully processing children’s data, alleging that despite a stated under-13 prohibition, Reddit did not introduce an age assurance mechanism until July 2025 and had not completed a required data protection impact assessment (DPIA) before January 2025. The ICO said these failures potentially exposed minors to inappropriate content and left under-13 users’ personal data collected and used without a lawful basis; Reddit said it intends to appeal.

Separately, communications regulator Ofcom fined porn operator 8579 LLC £1.35 million under the UK Online Safety Act for failing to deploy “highly effective” age checks (e.g., photo ID matching or credit card checks) to prevent minors from accessing adult content. Ofcom also imposed an additional £50,000 penalty for allegedly ignoring information requests and warned of an ongoing £1,000/day penalty until compliant age verification is implemented, amid broader concerns from civil liberties groups about the privacy and cybersecurity risks of stringent age-verification regimes.

Share:
UK Regulators Fine Online Platforms for Failing to Implement Effective Age Assurance
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

6 events from the most recent confirmed update back to the earliest known activity.

6 EVENTS
Feb 24, 20264mo ago

Reddit says it will appeal the ICO fine

Following the ICO penalty, Reddit said it plans to appeal and argued that the regulator's approach would force it to collect more private identity information from U.K. users. The company maintained that this would conflict with privacy and safety goals.

ICO fines Reddit £14.47 million over children's data and age checks

The U.K. Information Commissioner's Office fined Reddit £14.47 million, finding it unlawfully processed personal data of children under 13 and failed to implement effective age assurance. The ICO also said Reddit had not completed a required data protection impact assessment before January 2025.

Feb 23, 20264mo ago

Ofcom fines 8579 LLC for failing to implement age verification

Ofcom fined porn company 8579 LLC £1.35 million for not deploying required age verification on its adult sites, and added a further £50,000 for allegedly ignoring information requests. The regulator also warned of an ongoing £1,000-per-day penalty until an effective age-check system is in place.

Jul 8, 20251y ago

ICO issues provisional findings to Reddit over children's privacy failings

The U.K. Information Commissioner's Office sent Reddit provisional findings alleging failures in age assurance and unlawful processing of under-13 users' data. The regulator said Reddit had not adequately protected children and had not completed a required DPIA before January 2025.

Jul 1, 20251y ago

Reddit introduces age assurance measures in the UK

Reddit implemented age assurance controls in July 2025, including age prompts at account creation and third-party identity verification for users seeking mature content in the UK. The move came after the platform had previously relied largely on self-declared ages.

UK Online Safety Act age-check requirements take effect for porn sites

Ofcom required pornographic websites to implement "highly effective" age assurance measures, such as photo ID matching or credit card checks, under the U.K.'s Online Safety Act. This requirement was described as being in force from July 2025.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

10 LINKEDOpen in app
Organizations
10 linked
Reddit8579 LLCMedia Lab.AIimgurAmazon Web ServicesDiscordMeta PlatformsSnapXPinterest
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.