---
title: "UK Online Safety Act Age Assurance Options"
canonical_url: "https://www.sorena.io/artifacts/uk/online-safety-act/age-assurance-options"
source_url: "https://www.sorena.io/artifacts/uk/online-safety-act/age-assurance-options"
author: "Sorena AI"
description: "Grounded age assurance guide for the UK Online Safety Act covering January 2025 pornography guidance, highly effective age assurance."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "UK Online Safety Act age assurance"
  - "highly effective age assurance"
  - "age verification UK"
  - "age estimation child safety"
  - "PAS 1296 withdrawn"
  - "age assurance"
  - "age verification"
  - "age estimation"
  - "child access controls"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# UK Online Safety Act Age Assurance Options

Grounded age assurance guide for the UK Online Safety Act covering January 2025 pornography guidance, highly effective age assurance.

*Control Guide* *Age Assurance*

## Age Assurance Options

Age assurance should follow the harm profile of the service and the age exposure decision.

Use stronger measures where the service carries pornography or very high child harm risk, and keep privacy, accessibility, and failure modes in the design review.

Government implementation materials state that Ofcom published age assurance guidance for online pornography in January 2025 and that Part 5 services had to move immediately to robust age checks that meet that guidance. For broader UK OSA work, age assurance should be chosen only after the child access and child risk assessments are complete.

## Use the service risk to decide the strength of assurance

The right question is not whether age assurance is available. It is what level of assurance is needed to stop children reaching the harmful surface in question. Pornography and other extremely harmful content require a stronger answer than low-risk community features.

Age estimation, age verification, and layered models each have different privacy, usability, and evasion consequences.

- Low to moderate risk: evaluate estimation or tiered access models carefully
- High risk or pornography exposure: use robust checks that actually block underage access
- Document why the chosen method is effective for the relevant harm path

*Recommended next step*

*Placement: after the main workflow section*

## Turn Age Assurance Options into an operational assessment

Assessment Autopilot can take Age Assurance Options from turning this guidance into a repeatable review process to a reusable workflow inside Sorena. Teams working on Age Assurance can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for Age Assurance Options](/solutions/assessment.md): Start from Age Assurance Options and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through Age Assurance](/contact.md): Review your current process, evidence gaps, and next steps for Age Assurance Options.

## Test privacy, accuracy, and inclusion together

The July 2025 strategic priorities statement pushes Ofcom toward effective deployment of age assurance while supporting continued innovation and privacy respectful standards. The ICO material also makes clear that age assurance cannot be separated from the wider child-data impact of profiling, consent, defaults, and transparency.

A method that produces high friction, exclusion, or excessive data retention can still fail the wider governance test.

- Run a DPIA and document retention, deletion, and vendor boundaries
- Measure false positives, false negatives, and easy bypass routes
- Check accessibility for users who lack standard identity documents or devices

## Do not over-rely on legacy standards labels

PAS 1296:2018 was withdrawn on 5 January 2026, so it should not be treated as a current safe harbour by itself. It can still inform historical control thinking, but live programs should look at current regulatory guidance, measurable effectiveness, and newer standards work such as the IEEE child digital experience initiatives.

In practice, Ofcom and ICO readiness comes from evidence of effectiveness and governance, not from dropping a standards name into a vendor contract.

- Review vendor claims against current regulatory expectations, not only certificates
- Retest assurance methods after product, policy, or threat changes
- Keep an exit plan if a chosen method fails on privacy, accuracy, or scale

## Primary sources

- [Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Current government implementation status, deadlines, and plain language explanation of the regime.
- [Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - July 2025 strategic priorities for Ofcom, including safety by design, age assurance, and small but risky services.
- [ICO introduction to the Children's Code](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/introduction-to-the-childrens-code/?ref=sorena.io) - ICO explanation of scope for information society services likely to be accessed by children and the 15 standards.
- [ICO profiling guidance for age appropriate design](https://ico.org.uk/for-organisations/advice-and-services/audits/data-protection-audit-framework/toolkits/age-appropriate-design/profiling/?ref=sorena.io) - Detailed control guidance for profiling, DPIAs, age assurance, and child-safe defaults.
- [BSI PAS 1296 publication record](https://knowledge.bsigroup.com/products/online-age-checking-provision-and-use-of-online-age-check-services-code-of-practice?ref=sorena.io) - Issuer record showing PAS 1296:2018 and its withdrawal on 5 January 2026.
- [IEEE trustworthy digital experiences for children initiative](https://standards.ieee.org/initiatives/trustworthy-digital-experiences/?ref=sorena.io) - Background on IEEE 2089 and related age-appropriate digital service standards.

## Related Topic Guides

- [UK Online Safety Act Applicability Test | Regulated Service, Exemptions, and UK Scope](/artifacts/uk/online-safety-act/applicability-test.md): Grounded UK Online Safety Act applicability test covering regulated user-to-user and search services, Schedule 1 exemptions, provider pornography scope.
- [UK Online Safety Act Checklist | Scope, Risk, Child Safety, Moderation, and Evidence](/artifacts/uk/online-safety-act/checklist.md): Audit-ready UK Online Safety Act checklist covering service scope, illegal risk assessment, child access and child risk assessment, moderation, complaints.
- [UK Online Safety Act Children Safety Duties | Child Access, Child Risk, and Age Assurance](/artifacts/uk/online-safety-act/children-safety-duties.md): Grounded guide to UK Online Safety Act children safety duties covering section 81 timing, children access assessments, children risk assessments.
- [UK Online Safety Act Compliance Program | Governance, Controls, and Ofcom Readiness](/artifacts/uk/online-safety-act/compliance.md): Program design guide for UK Online Safety Act compliance covering governance, scope, assessments, moderation, age assurance, complaints, metrics.
- [UK Online Safety Act Content Moderation and Appeals | Complaints, Terms Enforcement, and Redress](/artifacts/uk/online-safety-act/content-moderation-and-appeals.md): Grounded guide to UK Online Safety Act moderation and appeals requirements covering sections 21, 32, 71, and 72, complaints design, terms enforcement.
- [UK Online Safety Act Deadlines and Compliance Calendar | 2023 to 2026 Milestones](/artifacts/uk/online-safety-act/deadlines-and-compliance-calendar.md): Grounded UK Online Safety Act calendar covering 26 October 2023 enactment, 31 January 2024 offences, 16 December 2024 illegal harms codes.
- [UK Online Safety Act Enforcement and Penalties | Ofcom Notices, Penalties, and Escalation](/artifacts/uk/online-safety-act/enforcement-and-penalties.md): Grounded UK Online Safety Act enforcement guide covering Ofcom information notices, senior manager naming, confirmation decisions.
- [UK Online Safety Act FAQ | Scope, Child Duties, Categories, and Ofcom Enforcement](/artifacts/uk/online-safety-act/faq.md): Practical FAQ on the UK Online Safety Act covering who is in scope, what changed in 2025, child access and risk assessments, age assurance, category duties.
- [UK Online Safety Act Illegal Content Duties | Illegal Harms, Priority Offences, and Risk Assessments](/artifacts/uk/online-safety-act/illegal-content-duties-explained.md): Grounded guide to UK Online Safety Act illegal content duties covering user-to-user and search services, illegal content risk assessments.
- [UK Online Safety Act Penalties and Fines | GBP 18 Million, 10 Percent Revenue, and Liability](/artifacts/uk/online-safety-act/penalties-and-fines.md): Grounded penalty guide for the UK Online Safety Act covering the GBP 18 million or 10 percent worldwide revenue cap.
- [UK Online Safety Act Requirements | Sections, Deadlines, Controls, and Evidence](/artifacts/uk/online-safety-act/requirements.md): Detailed UK Online Safety Act requirements guide mapping scope, illegal content duties, child safety duties, terms enforcement, complaints, categorisation.
- [UK Online Safety Act Risk Assessment Template | Illegal Content and Child Safety Template](/artifacts/uk/online-safety-act/online-safety-risk-assessment-template.md): Practical UK Online Safety Act risk assessment template covering service profile, harms inventory, controls, residual risk, child access, child safety.
- [UK Online Safety Act Risk Assessments Playbook | How to Run Illegal and Children Risk Reviews](/artifacts/uk/online-safety-act/risk-assessments-playbook.md): Operational playbook for UK Online Safety Act risk assessments covering sequencing, ownership, evidence collection, control design.
- [UK Online Safety Act Service Scope and Categorization | Category 1, 2A, 2B, and Part 3 Logic](/artifacts/uk/online-safety-act/service-scope-and-categorization.md): Grounded service scope and categorisation guide for the UK Online Safety Act covering Part 3 logic, likely to be accessed by children, Category 1, 2A.
- [UK Online Safety Act vs EU Digital Services Act | Scope, Child Safety, and Enforcement Differences](/artifacts/uk/online-safety-act/online-safety-act-vs-dsa.md): Practical comparison of the UK Online Safety Act and the EU Digital Services Act covering regulated service models, illegal content frameworks.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/uk/online-safety-act/age-assurance-options