Ofcom has published its Protection of Children Codes and Guidance, setting out how providers of online services are expected to protect children from harmful content.

The materials published by Ofcom are extensive and go into considerable detail about everything from the content of the Codes themselves, to guidance on Children’s Access Assessments, age assurance measures, and the types of content that are harmful to children.

Thankfully, Ofcom appears to recognise that not everyone will immediately have the time to read the over 1500 pages that it has published, so it has also produced helpful summaries of its decisions and of the measures in the Codes (which can be read here and here).

The Codes apply to providers of both user-to-user and search services that are likely to be accessed by children. Whether a service is likely to be accessed by children is a matter that it will have addressed in its Children’s Access Assessment, the deadline for which was 16 April 2025 and on which we commented here.

For those services to which the Codes apply, a number of measures are set out by Ofcom which it expects services to take in order to address risks to children. Examples include: robust age checks, safer algorithms, effective moderation, user reporting and complaints processes that are easy to access and use, clear terms of service, tools and support to help keep children safe online, and strong governance and accountability.

Not all measures will apply to every service: as Ofcom explains, it will depend on the level of risk on the service, whether it meets other specific criteria (such as having relevant functionalities), and/or its size. Similarly, services do not have to follow the exact letter of the measures in the Codes, but can adopt “alternative measures to protect children”. However, Ofcom is clear that if they do so, they must be prepared to demonstrate that the choices they have made meet their duties to protect children.

Services will now have until 24 July 2025 to complete and record their Children’s Risk Assessment. This entails a four-step process of: (1) understanding content that is harmful to children that needs to be addressed; (2) assessing the risk of harm to children; (3) deciding and recording measures to implement to address these risks; and (4) reporting, reviewing, and updating the assessment. More guidance on how to complete Children’s Risk Assessments can be found here.

Assuming the Codes complete the Parliamentary process, from 25 July 2025 services will be expected either to implement the safety measures set out in the Codes or to use other effective measures.

Commenting on the publication of the Codes, Dame Melanie Dawes, the Chief Executive of Ofcom, said, “these changes are a reset for children online. They will mean safer social media feeds with less harmful and dangerous content, protections from being contacted by strangers and effective age checks on adult content. Ofcom has been tasked with bringing about a safer generation of children online, and if companies fail to act they will face enforcement”.

To read more, click here.