Changeflow GovPing Data Privacy & Cybersecurity ICO and Ofcom Joint Statement on Age Assurance
Priority review Guidance Added Final

ICO and Ofcom Joint Statement on Age Assurance

Favicon for ico.org.uk ICO News & Blogs
Published March 25th, 2026
Detected March 26th, 2026
Email

Summary

The UK's ICO and Ofcom have issued a joint statement clarifying the interaction between online safety and data protection laws concerning age assurance for online services. The statement aims to assist organisations in complying with both sets of obligations when protecting children online.

View original document View source feed page

What changed

The Information Commissioner's Office (ICO) and Ofcom have jointly published a statement detailing the key areas where online safety regulations under the Online Safety Act intersect with UK data protection legislation, specifically concerning age assurance measures. This guidance is intended for services likely to be accessed by children and aims to provide practical clarity on how organisations can meet their obligations under both regulatory regimes.

Organisations providing online services accessed by children must review this statement to ensure their age assurance practices comply with both data protection requirements (e.g., UK GDPR, Data Protection Act 2018) and the Online Safety Act. While the statement itself is non-binding guidance, non-compliance with the underlying legislation could lead to enforcement actions from either the ICO or Ofcom, potentially involving significant penalties.

What to do next

  1. Review joint statement on age assurance from ICO and Ofcom
  2. Assess current age assurance practices against online safety and data protection obligations
  3. Update internal policies and procedures as necessary to ensure compliance

Source document (simplified)

Joint statement from ICO and Ofcom on age assurance

  • Date 25 March 2026
  • Type Statement We have published a joint statement with Ofcom about the main areas of interaction between online safety and data protection as they relate to age assurance. We are working closely together on our shared goal of protecting children from harm online.

The statement is aimed at services likely to be accessed by children that are in scope of the Online Safety Act and UK data protection legislation. It summarises key aspects of existing ICO and Ofcom age assurance policy in a practical way to help organisations comply with both online safety and data protection obligations.

Read the statement in full here.

Related changes

Favicon for ico.org.uk Company fined £100,000 for unsolicited marketing calls
Urgent Mar 27, 2026 ICO News & Blogs Data Privacy & Cybersecurity
Favicon for ico.org.uk ICO Open Letter to Tech Firms on Age Checks and Child Data Protection
Priority review Mar 12, 2026 ICO News & Blogs Data Privacy & Cybersecurity
Favicon for ico.org.uk ICO Fines Police Scotland £66,000 for Data Mishandling
Priority review Mar 11, 2026 ICO News & Blogs Data Privacy & Cybersecurity
Favicon for www.garanteprivacy.it GDPR Enforcement Actions: Fines for Enel Energia, Bakeca; Minors' Data Risks
Priority review Mar 27, 2026 Garante Privacy Newsletter (Italy DPA) Data Privacy & Cybersecurity
Favicon for www.gao.gov GAO Report: OMB Needs to Address AI Privacy Gaps
Priority review Mar 26, 2026 GAO Reports Government & Legislation
Favicon for www.federalregister.gov EPA Modifies Privacy Act System of Records
Priority review Mar 26, 2026 FR: Environmental Protection Agency Environment

Source

Favicon for ico.org.uk
ICO News & Blogs ico.org.uk/about-the-ico/media-centre/news-and-blogs
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
ICO
Published
March 25th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Age Assurance Data Protection Compliance Online Safety Compliance
Threshold
Services likely to be accessed by children
Geographic scope
United Kingdom GB

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Compliance frameworks
GDPR CCPA/CPRA
Topics
Children's Online Privacy Online Safety

Browse Categories

Agriculture & Food Safety 62 AI Regulation 3 Banking & Finance 241 Consumer Protection 41 Courts & Legal 324 Data Privacy & Cybersecurity 65 Defense & National Security 49 Education 20 Energy 105 Environment 84 Government & Legislation 265 Healthcare 134 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 101 Securities & Markets 81 Tax 64 Tax & Revenue 1 Telecom & Technology 48 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ICO News & Blogs publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.