Ofcom fines adult platform over Online Safety Act age check failures

The UK communications regulator, Ofcom, has fined the operator of Fapello.com £630,000 for breaching the Online Safety Act, marking one of its most significant enforcement actions under the new regime.

The penalty includes £600,000 for failing to implement legally required age assurance measures to prevent children from accessing pornographic content, and a further £30,000 for failing to comply with a legally binding information request. Following Ofcom’s action, Fapello.com geoblocked users in the UK, although the regulator said it will continue monitoring compliance.

Ofcom also confirmed it has opened a new investigation into Bit Hive, operator of Eporner.com, to assess whether its age verification measures meet the Act’s requirement for ‘highly effective’ age assurance.

Separately, the regulator expanded its existing investigation into Kemono.cr to examine whether the platform failed to comply with statutory information requests.

Ofcom said robust age verification is a core requirement of the Online Safety Act and warned that providers failing to implement effective protections or cooperate with regulatory investigations should expect enforcement action, including substantial financial penalties.

The regulator added that it prioritises investigations according to user reach and will continue monitoring compliance across online pornography services.

Why does it matter?

The case demonstrates that the UK’s Online Safety Act has entered a new phase of active enforcement. Rather than focusing solely on guidance and compliance deadlines, Ofcom is now imposing financial penalties and investigating platforms that fail to implement effective child protection measures.

The decision also shows that enforcement extends beyond age verification itself. Companies that fail to cooperate with regulatory investigations or provide required information may face additional sanctions, reinforcing the regulator’s ability to oversee compliance across online platforms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK firms sign Cyber Resilience Pledge amid rising AI threats

The UK government has launched a voluntary Cyber Resilience Pledge, with more than 60 businesses and strategic government suppliers committing to strengthening their cyber defences.

Founding signatories include companies from retail, finance, media, technology and utilities, including M&S, Nationwide, ITV, Microsoft UK, Cloudflare, Deloitte, Accenture UK, Vodafone Group and VodafoneThree.

The pledge asks organisations to take three practical steps: make cybersecurity a board-level responsibility, register for the National Cyber Security Centre’s Early Warning service and take a risk-based approach to requiring Cyber Essentials certification across supply chains.

The government said the pledge is designed mainly for medium and large organisations, but is open to organisations of all sizes and sectors.

Signatories will be asked to publish a signed pledge letter and provide an annual update on progress.

The launch comes ahead of the government’s National Cyber Action Plan, which is expected to set out further cooperation with industry on cyber resilience in the AI era.

According to the government, cyberattacks cost UK organisations an estimated £14.7 billion a year, while the NCSC handled 204 nationally significant incidents in the year to September, up from 89 the previous year.

Officials also warned that AI is lowering barriers for attackers by helping them find software weaknesses, write exploit code and scale attacks more quickly.

Why does it matter?

The pledge elevates cyber resilience to board-level corporate governance, rather than treating it solely as an IT function. Its supply-chain focus is also important because major cyber incidents often spread through vendors, service providers and connected business partners. By linking the pledge to AI-enabled threats, the UK government is signalling that basic cyber hygiene, governance and supply-chain assurance remain essential even as attacks become faster and more automated.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

IWF warns under-16 social media ban is not enough to stop online abuse

The Internet Watch Foundation (IWF) has welcomed the UK government’s decision to restrict social media access for under-16s but argues that the measure alone will not significantly reduce online child sexual exploitation and abuse.

In a new blog, IWF Chief Executive Kerry Smith describes the proposed ban as a major policy milestone while warning that it must be accompanied by broader reforms if it is to deliver lasting improvements in children’s online safety.

According to the IWF, children continue to face a rapidly evolving range of online threats, including grooming, financial sextortion, commercial child sexual abuse and the growing exploitation of young people across digital platforms.

While limiting access to social media may reduce exposure to some risks, the organisation argues that determined offenders will continue to exploit encrypted messaging services, gaming platforms and other online environments if wider safeguards are not introduced.

The charity therefore calls for a more comprehensive regulatory approach centred on safety by design. Its recommendations include stronger safeguards for end-to-end encrypted services, tougher enforcement of the UK’s Online Safety Act, greater accountability for technology companies, and platform design that prevents harmful products and features from reaching users before risks are identified.

The IWF also highlights the need to regulate emerging technologies such as AI chatbots and strengthen device-level protections for children.

Why does it matter?

The IWF’s position reflects a growing international consensus that age restrictions alone cannot address the complex ecosystem of online child exploitation. As abuse increasingly migrates across encrypted services, gaming platforms and AI-powered technologies, policymakers are being encouraged to adopt broader regulatory frameworks that target platform design as well as user access.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK and Germany deepen AI safety cooperation

The United Kingdom and Germany have agreed to strengthen cooperation on AI safety and security, expanding collaboration on advanced AI evaluation, cybersecurity risks and research into frontier AI systems.

Both governments described AI as one of the most consequential technologies of the era, offering significant economic and societal benefits while creating new security risks that require closer international cooperation.

The cooperation builds on the UKGermany Strategic Science and Technology Partnership, a priority initiative under the UK-Germany Friendship and Bilateral Cooperation Treaty signed last year.

Under the partnership, the UK’s Department for Science, Innovation and Technology and AI Security Institute will work alongside Germany’s Federal Ministry for Digital Transformation and Government Modernisation, the Federal Ministry of the Interior and the German AI Safety and Security Institute.

The partners will deepen institutional cooperation by sharing best practices in AI evaluation, aligning research priorities and exchanging expertise. The collaboration will also examine the cybersecurity implications of advanced AI systems and contribute to the international evidence base on AI safety.

Germany’s Minister Dr Wildberger said the cooperation is open by design and reflects Germany’s position as an EU member state, including the role of the EU AI Office under the EU AI Act. He said the work is intended to be consistent with each country’s engagement with other partners.

UK Secretary Liz Kendall said the UK and Germany are natural partners on AI safety and security because their scientific communities are connected and their security interests are closely aligned.

She said the statement reflects a shared determination to ensure the public benefits from advanced AI while risks are rigorously understood and managed.

The partnership adds to a growing international network of public-sector AI safety institutions. Both governments said their work is intended to complement broader international initiatives while contributing new research and practical experience.

Why does it matter?

The agreement reflects a broader shift in AI governance from national initiatives to international cooperation. As advanced AI systems become more capable, governments are increasingly pooling expertise to improve model evaluation, understand emerging risks and develop common approaches to AI safety and security.

The partnership also reinforces the growing connection between AI governance and cybersecurity. By coordinating research, sharing technical expertise and aligning institutional capabilities, the UK and Germany aim to strengthen preparedness for frontier AI risks while supporting the responsible development and deployment of advanced AI technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK ATOC says social media ban is not enough

The UK Alliance Tackling Online Child Sexual Exploitation and Abuse has welcomed the UK government’s plan to ban social media use by children under 16, while warning that the measure alone will not stop online child sexual abuse.

The alliance said age restrictions on mainstream social media platforms could reduce some risks. Still, children may move to less regulated digital spaces, including encrypted messaging services, gaming platforms and other online environments where grooming, sexual extortion and abuse can continue.

UK ATOC called for a broader, system-wide response focused on prevention, stronger platform accountability and safer-by-design digital services. It said governments, regulators, technology companies and online service providers share responsibility for reducing opportunities for abuse before harm occurs.

The alliance proposed a package of technical, legislative and regulatory measures. These include stronger safeguards in end-to-end encrypted environments, robust age-assurance systems, mandatory safer-by-design principles, stronger enforcement under the Online Safety Act and clearer regulation of AI chatbots and companion services.

It also called for device-level nudity detection, upload prevention for known child sexual abuse material and measures to address livestreamed abuse, grooming and sexual extortion.

UK ATOC welcomed the government’s plan to introduce nudity-detection tools on children’s devices, describing it as an important additional safeguard.

The statement reflects a wider concern that age bans may reduce children’s exposure to some mainstream platforms, but cannot replace a comprehensive child-safety framework across the broader digital ecosystem.

Why does it matter?

The UK debate shows the limits of age-based social media bans as a child-safety tool. Online child sexual exploitation and abuse can move across platforms, devices, encrypted services, gaming environments and AI-enabled systems. UK ATOC’s response therefore shifts the focus from access restrictions alone towards prevention, safer design, platform duties and technical safeguards that address how abuse actually happens across digital services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK CMA consults on Apple and Google app store payment rules

The UK Competition and Markets Authority has opened consultations on new requirements for Apple and Google under the country’s digital markets competition regime.

Proposed steering requirements would allow app developers to direct UK users to payment options outside Apple’s App Store and Google’s Play Store. The CMA said Apple currently bans steering in the UK, while Google restricts it.

According to the regulator, allowing developers to communicate with customers about off-platform options could increase competition, reduce payment costs and support innovation across mobile services.

Consultation proposals also cover principles to ensure that any steering fees charged by Apple and Google are fair and reasonable. The CMA said such fees should be based on evidence and should be lower than current app store charges.

Alongside the steering proposals, officials are seeking views on a potential requirement for Apple to provide developers with access to near-field communication functionality on iOS.

Broader NFC access could allow UK fintechs and developers to support contactless payments from within their own apps. It could also support future payment methods, including account-to-account payments, digital currencies and stablecoins, as well as non-financial uses such as digital ID and car keys.

Responses to the steering conduct requirement are due by 28 July 2026, while views on the potential NFC requirement are due by 21 July 2026. The CMA will decide later this year whether to impose new obligations.

Why does it matter?

The consultations show the UK’s digital markets regime moving into targeted conduct rules for major mobile platforms. If adopted, the measures could weaken Apple and Google’s control over in-app payments and give developers more freedom to offer alternative purchasing channels. The NFC proposal also widens the debate beyond app store commissions, addressing Apple’s control over device functionality that can shape competition in mobile payments, digital identity and other services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

UK’s Youth Justice Board highlights growing risks of online harms for children

The UK Youth Justice Board has published new evidence on how online harms affect children across England and Wales, warning that digital risks are increasingly linked to safeguarding, well-being and youth justice outcomes.

The Evidence and Insights Pack brings together research, data and practice examples to improve understanding of the risks children face online and how services can protect them more effectively.

The report says children face overlapping digital harms, including cyberbullying, sexual abuse, radicalisation, exploitation and the non-consensual sharing of intimate images. It also warns that harmful content and image-based abuse are becoming increasingly normalised among children, disproportionately affecting girls.

The YJB says many children who engage in problematic online behaviour have complex needs or have experienced abuse themselves. Weak platform design and limited digital literacy among adults can increase children’s vulnerability and make safeguarding more difficult.

The report calls for responses that go beyond criminal justice. It identifies promising approaches, including safety-by-design and teen-by-default platform measures, early intervention, harm-reduction responses, digital media and gaming literacy, healthy relationships education and gender-sensitive programmes.

The YJB also highlights strength-based interventions that promote belonging, critical thinking and positive identity building for children. It says such approaches can help reduce harm while avoiding unnecessary criminalisation.

The publication comes as the UK implements the Online Safety Act and prepares to ban social media for under-16s by spring 2027. The YJB said protecting children will require coordinated action across education, health, policing, local government, housing and social care.

Why does it matter?

The report strengthens the case for treating online harms as a safeguarding and public policy issue, not only a matter for platforms or the police. It shows that children can be victims, perpetrators and vulnerable participants in the same digital environments, especially where abuse, exploitation, misogyny or harmful content are normalised. The YJB’s focus on prevention and early support is important because punitive responses can deepen children’s contact with the justice system without addressing the underlying risks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

NCSC warns of growing cyber risks to critical infrastructure

Hostile state actors were linked to around three-quarters of cyber attacks affecting the UK’s critical national infrastructure over the past year, according to the head of the National Cyber Security Centre.

Speaking at the Royal United Services Institute’s Annual Security Lecture, NCSC CEO Dr Richard Horne said the agency managed more than 200 cyber incidents affecting critical national infrastructure and its supporting ecosystem in the year to May 2026.

Horne said around 75% of those incidents were believed to be linked to state actors. He warned that hostile states are increasingly targeting the systems that underpin essential services in the UK.

The NCSC chief said cybersecurity should not be treated only as a technical risk to be managed, but as an ongoing contest with capable adversaries. He urged executives and board members to improve resilience by understanding their exposure to threats, strengthening proven security fundamentals and ensuring organisations can continue operating and recover quickly after attacks.

Horne also warned that AI is likely to accelerate the threat. The NCSC assesses that by 2028, attackers will probably use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale across critical national infrastructure.

He said many serious incidents still occur because basic cybersecurity measures are not in place. The warning places legacy systems, board-level accountability and operational resilience at the centre of the UK’s critical infrastructure security debate.

Why does it matter?

The NCSC warning shows that cyber attacks on critical infrastructure are no longer just an operational IT risk. They are part of a wider geopolitical contest involving hostile states, essential services and national resilience. The AI warning makes the issue more urgent: if attackers can use AI to exploit known weaknesses in legacy systems at scale, organisations that have tolerated unresolved vulnerabilities may face attacks much faster and broader.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ofcom strengthens online safety rules against cyberflashing and self-harm content

Ofcom has introduced stronger online safety measures requiring technology companies to take more robust action against cyberflashing and illegal self-harm content across dating, messaging and social media platforms.

The updated guidance builds on the UK’s Online Safety Act by expanding the obligations of online services to detect, moderate and reduce harmful content that disproportionately affects vulnerable users.

Under the revised measures, platforms must make it easier to report unsolicited sexual images, ensure moderation teams are adequately trained and resourced, remove illegal content more quickly and provide blocking and muting tools to help users manage unwanted interactions.

Companies must also strengthen safeguards against illegal self-harm content by reviewing recommendation algorithms, displaying crisis support information for relevant searches and improving reporting systems for harmful predictive search suggestions.

Ofcom also highlighted the growing threat posed by so-called ‘Com’ groups, criminal online networks that groom and manipulate victims into self-harm and other harmful behaviour.

Services offering direct messaging and presenting grooming risks will be expected to implement child safety defaults, ensuring minors can only receive messages from existing contacts. Additional measures targeting suicide and self harm content are expected later in 2026.

Technology companies must now review their online safety risk assessments and implement appropriate mitigation measures before the updated Codes take legal effect following parliamentary approval.

Ofcom said the strengthened framework reflects the evolving nature of online harms while reinforcing expectations that platforms proactively protect users from illegal and harmful content.

Why does it matter?

The updated Online Safety Codes reinforce a shift towards proactive platform accountability. Rather than relying primarily on user reports, online services are expected to identify risks, strengthen content moderation, improve safety-by-design features and reduce users’ exposure to illegal and harmful content before it spreads.

The measures also demonstrate how the UK is translating the Online Safety Act into detailed operational requirements. As regulators around the world consider similar approaches to platform governance, Ofcom’s implementation of risk assessments, child safety defaults and stronger moderation obligations could influence future online safety frameworks beyond the UK.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK and Malaysia launch negotiations on digital trade agreement

The UK and Malaysia have launched negotiations on a digital trade agreement aimed at supporting economic growth, creating jobs and expanding cross-border digital services.

The UK government said the talks mark the next step in its effort to strengthen the country’s role as a global hub for services and digital trade. Digital trade encompasses the exchange of goods, services and data that are enabled or delivered through digital technologies.

The proposed agreement could support activities such as UK businesses selling software to overseas customers through online platforms or providing financial consultancy services remotely across borders.

The UK said standalone digital trade agreements can deliver benefits similar to digital trade chapters in traditional free trade agreements while remaining more agile, flexible and quicker to negotiate and implement.

The UK and Malaysia already maintain a growing trade relationship. The UK said bilateral trade was worth £6.4 billion in 2025, and that it exported £730 million in digitally delivered services to Malaysia in 2023. The UK also cited OECD estimates showing that exports to Malaysia supported 31,100 UK jobs in 2022.

The proposed digital trade agreement aims to make trade with Malaysia easier, cheaper, and more secure through cross-border data flows. Other potential benefits include reducing paperwork and border friction through digital systems.

The agreement could also include provisions on personal data protection, intellectual property rights, online consumer protection and cybersecurity cooperation. The UK said the deal aims to strengthen international digital and technology cooperation by supporting responsible innovation in areas such as AI and data.

The government said the agreement could create new partnerships that support more efficient supply chains, infrastructure, and global competitiveness.

UK Trade Minister Chris Bryant said launching negotiations with Malaysia marks an important step in strengthening the UK’s position as a global leader in digital trade.

Bryant said a UK-Malaysia digital trade agreement could unlock new opportunities for British businesses, support high-skilled jobs, and help firms compete in fast-growing, technology-driven markets.

Why does it matter?

Digital trade is becoming a central pillar of international economic policy as services, data flows and digital platforms play a growing role in global commerce. For economies such as the UK, which have strong services sectors, agreements that facilitate cross-border data flows and remote service delivery can create new opportunities for businesses while reducing regulatory and administrative barriers.

The negotiations also reflect a broader shift towards standalone digital trade agreements as a faster and more flexible alternative to traditional trade deals. Beyond commercial benefits, such agreements increasingly address issues including AI governance, cybersecurity, consumer protection and data regulation, making them important instruments for shaping the rules of the digital economy and strengthening international digital cooperation.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!