The UK Government today announced that it intends to ban social media platforms from offering services to children under 16, alongside wider restrictions on certain online functionalities that the Government has identified as harmful to children.

The announcement follows the conclusion of the Department for Science, Innovation and Technology’s (“DSIT”) consultation, “Growing up in the online world,” which received more than 116,000 responses (we originally wrote about that consultation here). The Government intends to bring the first regulations to Parliament before the end of the year using powers created by the Children’s Wellbeing and Schools Act 2026 (“CWSA”), with protections expected to come into force in Spring 2027. Today’s announcement is the latest in a series of significant developments reshaping the UK’s online safety framework. We summarize some of these latest developments below.

I. The Government’s Social Media Ban and Functionality Restrictions, including “Romantic Companion” AI Chatbots

1. Scope of the Proposed New Measures

The Government has stated that it plans to adopt the same model for its social media ban as Australia. The ban would capture user-to-user platforms “whose purpose is to enable social interaction and which allow users to post material, alongside algorithms.” Notably, messaging services are not intended to be included.

In addition to the social media ban, the Government intends to introduce what it describes as “world-leading” restrictions on certain specific functionalities for children under 16, including livestreaming and stranger communications. These functionality restrictions will apply to a wider range of online services than the social media ban, including gaming platforms. For 16- and 17-year-olds, the Government intends to apply these functionality restrictions on a default-on basis, to prevent what it describes as a “cliff-edge at 16.” The Government is also considering overnight curfews and breaks in infinite scrolling for under-18s, with further details expected in July.

Today’s announcement also addresses AI services. So-called “romantic companion” AI chatbots—those designed to simulate sexual relationships or roleplay—will be required to enforce a minimum user age of 18. Similar intimate functionalities will be restricted for under-18s on AI chatbots more widely.

2. Highly Effective Age Assurance

On age assurance, the Government has stated that it will introduce more “highly effective age assurance” measures to support compliance. The Secretary of State has asked the Ofcom Chair and CEO to conduct a rapid study on effective age assurance for verifying whether a user is over 16 by October 2026, to inform parliamentary debate on the regulations described above. In another letter to the new Ofcom Chair, the Secretary of State requested an urgent review of Ofcom’s enforcement capabilities, with a clear enforcement strategy to be published as soon as possible. The Government has confirmed it will ensure Ofcom has the funding necessary to carry out these new responsibilities.

II. Device-Level Nude Image Blocking

On 8 June 2026, Prime Minister Starmer announced at London Tech Week that the Government will require certain operating system providers to activate built-in features or implement technical solutions on smartphones and tablets to detect and block nude images for children across all apps and services on the device by default. The Government noted that some device-level protections already exist, but these features do not extend to the device camera, third-party messaging services, or search functions, and that the goal is for nudity to be blocked across the whole device.

The announcement makes clear that companies must put into place these measures “without threatening privacy or collecting any data.” Adults would still be able to access adult content through an age verification process.

The announcement gave technology companies a three-month deadline to act. If companies do not act within that period, the Government has indicated it will bring forward legislation to compel compliance, with potential fines for companies and the possibility of criminal liability for technology executives as a “last resort.” Legislation could cover operating system providers and others in the supply chain, such as retailers.

III. Ofcom’s New Measures on Intimate Image Abuse Detection

On 18 May 2026, Ofcom published a statement confirming its decision to add a hash matching recommendation to the Illegal Content Codes of Practice for both user-to-user and search services. The Codes are not directly mandatory, but services that follow them are treated as having complied with the relevant Online Safety Act duties (i.e., a statutory safe harbour).

Under the new measure, service providers should use an automated process known as “hash matching” to detect intimate image abuse—i.e., intimate images and videos that are shared online without the consent of the person depicted. Hash matching converts an image into a digital “fingerprint” and compares it against an appropriate database (for example, the third‑party database StopNCII.org). Where a match is found, a user-to-user service should swiftly take the content down (or, for search, take down or deprioritise it), subject to a first‑match review for unverified hashes and ongoing quality‑assurance human review. Ofcom has published separate draft Guidance on the appropriate proportion of human review.

The user-to-user measure applies to user‑to‑user services that are either (i) at high risk of intimate image abuse and either are principally pornographic content services, have more than 700,000 monthly active UK users, or are file‑storage and file‑sharing services; or (ii) large user‑to‑user services (over 7 million UK MAUs) at medium risk for intimate image abuse. The search measure applies only to large general search services. Subject to the Parliamentary process, the draft amendments to the Codes are expected to come into force in Autumn 2026.

IV. Legislative Background: The CWSA and CPA

These developments follow new legislative powers created by two Acts that received Royal Assent on 29 April 2026: the CWSA and the Crime and Policing Act 2026 (“CPA”).

1. Children’s Wellbeing and Schools Act 2026

Among other things, the CWSA inserts a new section 214A into the OSA, granting the Secretary of State the power to make regulations requiring providers of specified internet services to prevent or restrict access by children of or under a specified age to those services, or to specified features or functionalities of those services. This is the power under which the Government intends to implement today’s announced regulations.

2. Crime and Policing Act 2026

The CPA creates a parallel delegated power allowing the Secretary of State to amend the OSA for the purpose of minimising or mitigating harms arising from illegal AI-generated content, including by bringing AI chatbot services within scope of the OSA’s illegal content duties. The CPA also introduces new criminal offences relating to nudification tools, a 48-hour takedown and de-indexing regime for non-consensual intimate images, and additional offences concerning intimate image abuse—including taking intimate images without consent.

Many of the new and amended intimate image abuse offences introduced or strengthened by the CPA—including offences covering AI‑generated deepfakes, non‑consensual taking and sharing of intimate images, and related voyeurism offences—are designated as priority offences under the OSA, meaning regulated platforms must take proactive steps to prevent such content from appearing.

*  *  *

Looking Ahead

Taken together, these developments represent a rapid acceleration in the UK’s approach to children’s online safety and intimate image abuse. Much of the practical effect will depend on secondary legislation and regulatory implementation that has not yet been finalised.

In the near term, service providers should monitor:

  • the form and scope of the regulations implementing the social media ban and functionality restrictions, expected to be laid before Parliament before the end of 2026;
  • Ofcom’s rapid study on age assurance, due by October 2026, as well as its review of its enforcement capabilities;
  • whether operating system providers act within the three-month deadline to implement device-level nude image blocking, and what form any legislation may take if they do not;
  • the entry into force of Ofcom’s intimate image abuse hash matching amendments to the Illegal Content Codes of Practice, expected in Autumn 2026; and
  • any additional regulations that the Secretary of State may make pursuant to the CWSA and CPA.
Tags: Online Safety, United Kingdom
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jadzia Pierce Jadzia Pierce

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior…

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior to rejoining Covington in 2026, Jadzia served as Global Data Protection Officer at Microsoft, where she oversaw and advised on the company’s GDPR/UK GDPR program and acted as a primary point of contact for supervisory authorities on matters including AI, children’s data, advertising, and data subject rights.

Jadzia previously was Director of Microsoft’s Global Privacy Policy function and served as Associate General Counsel for Cybersecurity at McKinsey & Company. She began her career at Covington, advising Fortune 100 companies on privacy, cybersecurity, incident preparedness and response, investigations, and data driven transactions.

At Covington, Jadzia helps clients operationalize defensible, scalable approaches to AI enabled products and services, aligning privacy and security obligations with rapidly evolving regulatory frameworks across jurisdictions—with a particular focus on anticipating enforcement trends and navigating inter regulator dynamics.

Read more about Jadzia PierceEmail
Show more Show less
Photo of Jane Pinho Jane Pinho

Jane Pinho co-chairs Covington’s Entertainment and Media Industry Group and is a partner in the Technology and Communications practice and the International Business Reorganization practice. She has advised international streaming services on their content acquisition strategies, on new product launches and global expansions…

Jane Pinho co-chairs Covington’s Entertainment and Media Industry Group and is a partner in the Technology and Communications practice and the International Business Reorganization practice. She has advised international streaming services on their content acquisition strategies, on new product launches and global expansions, and on media regulation and licensing for the past decade.

Jane works with media industry leaders with global operations, including streaming services, video games and interactive entertainment companies, and social media platforms. She has particular experience advising in relation to the creation, acquisition, and distribution of digital content in the UK and Europe, in relation to the multi-territory launch, expansion, monetization and marketing of digital media products and services and in relation to compliance with the UK’s broadcasting, on-demand, video-sharing platform and online safety regimes, representing clients facing regulatory scrutiny. She also has experience advising media and technology companies on UK and EU consumer protection law, including on an investigation by the EU Commission and the Consumer Protection Co-operation Network.

Jane is also a key figure in Covington’s International Business Reorganization practice. She has managed global post-acquisition business reorganizations, pre-sale and pre-spin business separations and tax reorganizations for companies with substantial global footprints for more than a decade.

Read more about Jane PinhoEmail
Show more Show less
Photo of Madelaine Harrington Madelaine Harrington

Madelaine Harrington is an associate in the technology and media group. Her practice covers a wide range of regulatory and policy matters at the cross-section of privacy, content moderation, artificial intelligence, and free expression. Madelaine has deep experience with regulatory investigations, and has…

Madelaine Harrington is an associate in the technology and media group. Her practice covers a wide range of regulatory and policy matters at the cross-section of privacy, content moderation, artificial intelligence, and free expression. Madelaine has deep experience with regulatory investigations, and has counseled multi-national companies on complex cross-jurisdictional fact-gathering exercises and responses to alleged non-compliance. She routinely counsels clients on compliance within the EU regulatory framework, including the General Data Protection Regulation (GDPR), among other EU laws and legislative proposals.

Madelaine’s representative matters include:

coordinating responses to investigations into the handling of personal information under the GDPR,
counseling major technology companies on the use of artificial intelligence, specifically facial recognition technology in public spaces,
advising a major technology company on the legality of hacking defense tactics,
advising a content company on compliance obligations under the DSA, including rules regarding recommender systems.

Madelaine’s work has previously involved representing U.S.-based clients on a wide range of First Amendment issues, including defamation lawsuits, access to courts, and FOIA. She maintains an active pro-bono practice representing journalists with various news-gathering needs.

Read more about Madelaine HarringtonEmail
Show more Show less