Ofcom investigates TikTok age assurance under UK’s Online Safety Act

Ofcom has opened an investigation into TikTok age assurance and the platform’s compliance with child safety duties under the UK’s Online Safety Act.

The investigation will examine whether TikTok uses proportionate systems and processes to prevent children from encountering content classified as harmful under the Act.

Since 25 July 2025, user-to-user services likely to be accessed by children have been required to prevent minors from encountering primary priority content harmful to children. Platforms must also protect different age groups from other forms of harmful material.

Where primary priority content is available, providers must use age-assurance systems that are highly effective at determining whether a user is a child, unless the content is prohibited for all users under the platform’s terms of service.

Ofcom said the investigation follows its review of measures adopted by major platforms and findings from its report on children’s online experiences, which raised concerns about minors encountering harmful content on TikTok.

A separate report on age assurance also suggested that age-estimation models, including those used by TikTok, may have failed to identify a significant proportion of children correctly.

The regulator will assess whether TikTok’s age-assurance measures meet the legal standard of being ‘highly effective’ and whether any shortcomings may have left children exposed to harmful content.

The regulator stressed that opening the investigation does not mean it has concluded that TikTok breached the law. Its first step will be to use formal information-gathering powers to collect and analyse evidence.

TikTok may choose to follow Ofcom’s Protection of Children Codes of Practice or adopt alternative measures. However, any alternative approach must still satisfy the platform’s legal obligations under the Online Safety Act.

If Ofcom identifies failures involving TikTok age assurance or other child protection systems, it could impose a fine of up to £18 million or 10% of qualifying worldwide revenue, whichever is greater.

In the most serious cases, Ofcom can seek a court order requiring third parties, including payment providers, advertisers and internet service providers, to withdraw services from or block access to a platform in UK.

The investigation is expected to take at least three months, with Ofcom planning to publish an update in October 2026.

Why does it matter?

The investigation will provide an early test of how rigorously Ofcom enforces the Online Safety Act’s child protection duties against major platforms. Its outcome could help define what constitutes ‘highly effective’ age assurance and shape industry expectations for protecting minors online.

The case also reflects a broader shift towards holding platforms accountable not only for removing harmful content but for demonstrating that their safety systems work in practice. Any enforcement action is likely to influence how other online services approach age verification and child safety compliance in the UK.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Three in four young Europeans have basic digital skills, Eurostat says

Nearly three out of four young people in the EU had at least basic digital skills in 2025, according to new Eurostat data released to mark World Youth Skills Day. However, the figures also reveal persistent disparities between Member States.

Denmark recorded the highest share of digitally skilled young people at 92.1%, followed by Czechia (91.7%) and Malta (91.5%). Bulgaria (52.8%) and Romania (53.3%) ranked lowest, remaining the only EU countries where fewer than six in ten young people possessed at least basic digital skills.

The data also show that young women outperformed young men across the EU. In 2025, 75.9% of women aged 16 to 24 had at least basic digital skills, compared with 73.3% of men.

Women recorded higher levels of digital skills in 22 EU member states, with the largest gaps in Cyprus, Slovenia and Austria. Men performed better in only five countries, with the widest differences in Malta and Romania.

Eurostat’s Digital Skills Indicator measures competencies across five areas: information and data literacy, communication and collaboration, digital content creation, safety, and problem solving. Individuals are classified as having at least basic digital skills if they demonstrate at least one relevant activity in each area.

Why does it matter?

Digital skills are increasingly essential for education, employment and participation in the digital economy. While the latest figures show that most young Europeans possess at least basic digital competencies, the wide differences between Member States suggest that access to digital education and training remains uneven across the EU.

Closing these gaps will be important for achieving the EU’s Digital Decade objectives, which depend on a digitally skilled workforce capable of supporting economic competitiveness, innovation and the wider adoption of emerging technologies such as AI.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK plans default overnight social media restrictions for teenagers

The UK government plans to introduce default overnight social media restrictions for 16- and 17-year-olds, alongside measures to limit features designed to encourage prolonged platform use.

Social media platforms will be expected to activate overnight restrictions from midnight to 6 a.m. by default for users in this age group. Teenagers will be able to change the settings, but the protections will be enabled automatically.

Autoplay and continuously personalised content feeds will also be disabled by default. The government said these features can encourage prolonged use and reinforce potentially addictive patterns of engagement.

The measures are intended to avoid a sudden reduction in online protections when children turn 16. They complement the government’s previously announced plans to prohibit social media services from being offered to children under 16 from spring 2027.

The proposals follow a government pilot involving more than 300 teenagers and parents across the UK. Participating families said the overnight restrictions became part of their routines and helped improve sleep and concentration.

Technology Secretary Liz Kendall said older teenagers should retain greater independence while continuing to receive protection from features that could negatively affect their wellbeing.

The government also plans additional protections for children using AI chatbots. Proposed measures include encouraging regular breaks for users under 18 and taking action against services that provide dangerous, misleading or unverified mental health advice.

Ministers will work with regulators and other government departments to consider further restrictions, including possible bans on chatbots considered to pose a serious risk to children. Guidance for children, parents and guardians will also be added to the Kids Online Safety Hub.

Schools will strengthen media literacy through Relationships, Sex and Health Education classes covering AI, chatbots, misinformation and harmful online content. From September 2028, media literacy will also be embedded across the National Curriculum, including lessons on AI, data science, source analysis and technological bias.

The first regulations supporting the under-16 social media restrictions are expected to be presented to Parliament by the end of 2026, with implementation and enforcement planned for spring 2027.

Why does it matter?

The proposals reflect a growing shift from focusing solely on access to social media towards regulating how digital services are designed and used. By targeting autoplay, personalised feeds and AI chatbots alongside age-based protections, the government is seeking to address features that may contribute to excessive use and online harms.

If adopted, the measures could further shape debates on youth online safety beyond the UK, reinforcing the trend towards safety-by-design, stronger protections for minors and greater platform responsibility for children’s digital wellbeing.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia’s eSafety report highlights gaps in child safety measures

Australia’s eSafety Commissioner has published its third transparency report assessing how major technology companies are tackling child sexual exploitation and abuse under the country’s Basic Online Safety Expectations.

The report concludes that significant gaps remain across major platforms, particularly in responding to the growing threat of sexual extortion targeting children and young adults.

The report examines the practices of Apple, Discord, Google, Meta, Microsoft, Snap and WhatsApp, highlighting shortcomings in proactive detection technologies, reporting tools and safety measures. According to eSafety, many platforms in Australia are not fully using available technologies, including language analysis tools capable of identifying coercive scripts used by offenders.

The report also identifies weaknesses in reporting mechanisms across several messaging services and notes that private messaging and video environments remain particularly challenging for detecting sexual extortion and livestreamed child sexual abuse.

Between July and December 2025, eSafety received more than 2,000 complaints relating to sexual extortion, with men aged 18 to 24 accounting for the largest group of victims. Separate research with the Australian Institute of Criminology found that more than one in ten adolescents aged 16 to 18 had experienced sexual extortion, while more than half of victims were first targeted before the age of 16.

The report also notes that Microsoft is currently the only provider using dedicated tools to detect and disrupt livestreamed child sexual abuse during video calls.

While eSafety acknowledged incremental improvements—including Google’s and Snap’s enhanced detection of known child sexual abuse material, Meta’s expanded grooming detection and Discord’s blocking of known child sexual abuse URLs—it argued that much stronger action is still needed.

The Commissioner called for wider deployment of proactive detection technologies, faster responses to victim reports and greater investment in tools capable of preventing abuse before it occurs.

Why does it matter?

The report highlights growing regulatory expectations that online platforms should actively prevent child sexual exploitation rather than rely primarily on user reports. As threats such as sexual extortion become more sophisticated, regulators are increasingly scrutinising whether companies are deploying available technologies to detect and disrupt abuse.

The findings also reinforce a broader shift towards safety-by-design in online regulation. By identifying gaps in detection, reporting and intervention, the report could increase pressure on technology companies to strengthen protections across messaging, social media and video services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Japan reviews legal protection for AI voice imitation

Japan’s Justice Ministry has prepared a draft report on civil liability for the unauthorised use of people’s voices and images through generative AI.

The draft focuses on the protection of famous individuals, including celebrities, singers and voice actors, as AI tools make it easier to imitate real voices and appearances.

It was submitted to an expert committee on 13 July, with a final report expected as early as August.

The ministry said the report could serve as a reference in lawsuits and AI development, as Japanese courts have not yet issued clear rulings on rights related specifically to voice imitation.

One scenario examined in the draft involves AI-generated audio that could mislead the public into believing a voice actor had read obscene material online for profit.

The draft says such use could be illegal if it harms a person’s dignity, honour or peace of mind beyond a tolerable limit.

It also outlines criteria for assessing whether an AI-generated voice is similar to that of a famous person and whether it may infringe publicity rights.

At the same time, the draft suggests that parody, impersonation and artistic mimicry would generally not infringe publicity rights when they are presented as expressive acts based on resemblance.

The review comes amid growing concern in Japan over AI covers and the unauthorised use of singers’ and voice actors’ voices in synthetic performances.

Why does it matter?

Japan’s draft report shows how generative AI is forcing legal systems to revisit personality, publicity and dignity protections. Voice imitation is especially sensitive because it can affect reputation, commercial value and personal autonomy even when no copyrighted recording is copied. The Japanese approach could influence how courts and AI developers assess consent, similarity, commercial use and harm in cases involving synthetic voices, AI covers and celebrity likenesses.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

Eurobarometer finds strong support for protecting children online

A new Eurobarometer survey released by the European Commission shows that Europeans are overwhelmingly concerned about the risks children face online, with cyberbullying, online grooming and harmful content ranking among their biggest worries.

The Flash Eurobarometer 584 survey, conducted between 19 and 24 June 2026 among 25,904 people across all 27 EU Member States, found that 71% of respondents were concerned about cyberbullying and online harassment. Online grooming and sexual exploitation worried 70%, while 69% cited exposure to harmful content such as violence, self-harm and extremism, as well as misuse of children’s personal data.

The survey also highlighted concerns about children’s online habits. Adolescents spend an average of 4.5 hours online on school days and 6.1 hours at weekends, while 14% reported spending more than 10 hours a day on screens.

The findings come as the European Commission prepares new child safety proposals. The Special Panel on Child Safety Online, which met between March and June 2026, will present its recommendations to Commission President Ursula von der Leyen on 13 July. The panel drew on expertise in health, neuroscience, psychology, child rights and digital literacy, with its recommendations expected to inform future EU action.

The European Commission plans to present policy proposals after the summer. The survey also found broader public concern about online risks, with 87% of respondents agreeing that disinformation, foreign interference and AI-generated content threaten democratic processes in the EU.

Why does it matter?

The survey provides strong public backing for stricter EU measures to protect children online. As policymakers consider stronger age assurance, safer platform design and enhanced protections for minors, the findings suggest there is broad public support for more robust regulation of digital services.

The results also reinforce the growing view that online safety is no longer only a technology issue but a public health and child protection challenge. Concerns about cyberbullying, harmful content and excessive screen time are increasingly shaping debates on platform accountability across Europe.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Two in five UK children say they bypass online age checks

Nearly two in five UK children aged 11 to 17 say they have successfully bypassed an online age check, according nationally representative research commissioned by the Department for Science, Innovation and Technology (DSIT).

The study surveyed 2,299 children in May 2026 to examine their experiences with age assurance, VPN use and methods of bypassing age checks. It also included an additional sample of recent VPN users.

Overall, 39% said they had successfully bypassed an age check at least once, while another 14% had tried unsuccessfully. Success rates rose from 28% among 11- to 12-year-olds to 43% among older teenagers.

Many children avoided age checks altogether by choosing websites, apps or games that either had no age verification or appeared easy to bypass. Among those who successfully circumvented checks, 63% said they simply pretended to be older, most commonly by entering a false date of birth.

Most successful circumvention involved simple self-declaration systems such as tick boxes and date-of-birth fields, which children also rated as the least effective.

By contrast, 86% of respondents who had encountered government ID verification considered it effective, while third-party identity services, payment card verification and facial age estimation also received substantially higher ratings.

Privacy was the most common reason for using a VPN. However, 22% of VPN users said they had used one to access age-restricted websites, apps or games, equivalent to 7% of all children surveyed.

Parents were involved in some VPN use. Among children who had used one, 22% received help from a parent to set it up, while 43% of current users said a parent paid for the service. However, older teenagers were more likely to install VPNs without parental knowledge.

Friends were the main source of information about bypassing age checks, cited by half of children who had done so. Practical consequences appeared to be the strongest deterrents, including harder-to-defeat checks, permanent account bans, and notifying parents about circumvention attempts.

The report also found an association between bypassing age checks and exposure to harmful content. Among children who had circumvented age checks, 51% reported later encountering at least one form of harmful material, including explicit content, contact from unknown adults and requests for personal information.

The researchers cautioned that the findings rely on self-reported behaviour and do not establish that VPN use or circumvention directly caused exposure to harmful content.

Why does it matter?

The findings suggest that basic self-declaration systems provide limited protection for children and are easily circumvented. As regulators increasingly require stronger age assurance under frameworks such as the UK’s Online Safety Act, the challenge will be deploying systems that are both effective and proportionate while protecting users’ privacy.

The research also highlights that technology alone is unlikely to solve the problem. Children’s motivations, platform design, parental involvement and digital literacy all influence whether age restrictions are respected, suggesting that meaningful online safety will require a combination of technical safeguards, regulation and education.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European Commission prepares new EU child safety online legislation

The European Commission has received the report of its Special Panel on Child Safety Online, with President Ursula von der Leyen confirming that legislative proposals to strengthen children’s online protection will be presented after the summer.

Von der Leyen described the report as an important evidence base for future policymaking and said its recommendations would inform the Commission’s forthcoming legislative proposals.

The Commission highlighted growing concerns about the impact of social media on children’s mental health and wellbeing, pointing to excessive screen time, addictive platform design, cyberbullying and exposure to harmful content as key risks facing young users.

According to the Commission, online platforms should be responsible for ensuring their services are safe by design, just as manufacturers are responsible for the safety of physical products.

The Commission also stressed the need for stronger age-appropriate protections, highlighting the forthcoming EU age verification application as a privacy-preserving tool that could give parents greater control over children’s access to online services.

Von der Leyen also said Europe should consider introducing a minimum age for access to social media and other digital services with addictive or age-inappropriate features, describing any future approach as gradual and guided by scientific evidence.

The Commission will now examine the panel’s recommendations alongside input from parents, educators, researchers, young people, member states and international partners before preparing legislative proposals aimed at strengthening children’s rights and safety online.

Why does it matter?

The Commission’s announcement signals that child online safety is moving higher up the EU’s digital policy agenda. Beyond enforcing existing rules under the Digital Services Act and AI Act, Brussels is now considering additional legislation that could introduce stronger platform obligations, age verification measures and possible minimum-age requirements for certain online services.

If adopted, these proposals could significantly reshape how platforms design and deliver services for younger users, reinforcing a broader regulatory shift towards safety by design and greater platform accountability across the European Union.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

MIT develops safer way to detect harmful AI models

MIT researchers have developed a new auditing method to detect whether generative AI models have been adapted to produce child sexual abuse material without generating illegal content during testing.

The technique was developed with Thorn, a child safety nonprofit focused on protecting children from sexual abuse and exploitation online.

Traditional AI safety testing often involves prompting a model and checking its outputs, but that approach cannot be used for child sexual abuse material, which is illegal to generate in the US and many other jurisdictions.

MIT said the problem has become more urgent as open-source generative AI models become easier to download, adapt and redistribute.

The researchers’ method examines internal changes during fine-tuning, rather than testing the model by generating images.

In tests, the auditing procedure identified model variants adapted to generate child sexual abuse material with 100% accuracy.

MIT said hosting platforms could use the method to flag unsafe models, block uploads or remove harmful adaptations before they spread more widely online.

The researchers also plan to test whether the approach can detect harmful capabilities in a larger set of model variants and in base models before adaptation.

Why does it matter?

The research addresses a serious AI safety blind spot: some harmful model capabilities cannot be tested safely or legally by generating outputs. A non-generative auditing method could give hosting platforms, auditors and law enforcement a safer way to detect models adapted for child sexual abuse material before they are distributed. It also points to a broader governance challenge around open-source generative AI: platforms may need scalable tools to assess harmful adaptations without exposing reviewers to illegal or traumatic content.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Music industry introduces labels for AI-generated songs

Major music industry organisations have announced a voluntary labelling system to help listeners understand when AI has been used in songs.

Groups including the RIAA, IFPI, the Recording Academy, SAG-AFTRA, IMPALA, WIN, A2IM and the Human Artistry Campaign back the initiative.

The labels will distinguish between ‘AI-generated’ and ‘AI-assisted’ music.

An ‘AI-generated’ label will apply when most or nearly all of the creative elements in a recording are artificial, such as an AI-generated lead vocal, instrumental performance or a song created from a prompt.

An ‘AI-assisted’ label will apply when humans mainly create a track but use AI for some expressive elements.

Industry leaders said the aim is to give fans clearer information about how music is made, while protecting human creativity, authorship and artistic intent.

The move comes as streaming platforms face rising volumes of AI-made content and low-quality uploads.

Deezer said in April that AI-generated tracks accounted for 44% of all new music uploaded to its platform each day.

Spotify also removed around 75 million spam tracks in 2025, as platforms increase efforts to identify low-quality, fraudulent or unauthorised content.

Why does it matter?

The labelling initiative shows how the music industry is trying to build transparency around AI use without waiting for formal regulation. Clear labels could help listeners distinguish fully synthetic music from human-led work that uses AI as a tool. They may also support copyright, attribution and platform-governance efforts as streaming services face growing volumes of AI-generated tracks, recycled content and spam uploads.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!