Global regulatory network signals intent with Position Statement on age assurance

The question

What does the Global Online Safety Regulators Network’s (GOSRN) January 2026 Position Statement tell us about the future of age assurance regulation and enforcement?

The key takeaway

The Statement is a clear step towards tougher, more coordinated enforcement of age assurance in the UK and internationally. Regulators will expect age verification mechanisms to be evidence-led, accurate, robust and reliable, proportionate to risk, fair and inclusive and as non-intrusive as possible, while remaining fully compliant with data protection and rights requirements. In turn, greater cross-border alignment can also reduce the scope for services to rely on weaker regimes.

The background

Established in November 2022 as the only global network for independent online safety regulators, GOSRN coordinates international approaches to online safety through information-sharing and joint action. Its members include Ofcom, alongside regulators from France, Australia, Ireland, South Korea, Slovakia, Fiji and the Netherlands, and over 20 observer organisations.

In January 2026, GOSRN released a new Position Statement on age assurance. Age assurance refers to approaches that estimate, infer, or verify a user's age to prevent children from accessing age-inappropriate content. In the UK, age assurance checks are fundamental to the 2023 Online Safety Act regime which is enforced by Ofcom (see the Winter 2025 Edition of Snapshots for more information on UK age assurance measures and enforcement). Ofcom’s 2025 Online Safety report made it clear that working with international counterparts to drive compliance in age assurance remains a priority.

The development

The newly released Position Statement sets out the following four principles for how regulators should approach age assurance:

• age assurance plays an important role in protecting children online
• systems should follow a principles-based, evidence-led approach. They must be accurate, robust, reliable, proportionate, fair and inclusive and as non-intrusive as possible. In practice, this means determining a user’s age or age range accurately in real-world deployment and operating consistently on the basis of reliable evidence. The approach should be proportionate to the risks being mitigated, minimise bias, and be intuitive and user-friendly
• compliance with data protection law, and respect for users’ rights to privacy and freedom of expression, are non-negotiable
• rules only work if they are enforced, and regulators are committed to fair, transparent and proportionate enforcement to reduce the scope for regulatory "forum shopping".

The Position Statement also outlines GOSRN’s three-year strategic plan to strengthen regulatory coherence and coordination, with key steps including:

• aligning regulatory approaches across members and jurisdictions, while monitoring compliance and circumvention risks
• working with data protection authorities to ensure age assurance measures comply with data protection requirements
• maintaining public-facing communications by setting expectations for industry, improving public awareness and promoting digital tools for parents
• engaging members, observers, experts, children and young people and industry to facilitate discussion, evidence-sharing and research into privacy-enhancing technologies.

Why is this important?

The Position Statement signifies that age assurance is an active enforcement priority for Ofcom and international regulators more broadly. The UK legal and enforcement framework is already live: for example, since July 2025 services hosting pornography were obliged to use highly effective age checks to prevent children from accessing age-inappropriate material under the Online Safety Act 2023.

Ofcom has since shown clear intent with respect to enforcement, fining adult sites Kick (£800k) and AVS (£1m) for inadequate age checks, and AI nudification site Itai Tech (£50k). It is expected that this approach to enforcement will continue at pace as regulators coordinate more closely through the GOSRN. Similarly, regulators expect that international alignment via the GOSRN will lead to consistent enforcement standards across jurisdictions, with the aim of making it harder for providers to sidestep meaningful age assurance by operating in more permissive regulatory environments.

Any practical tips?

In order to ensure alignment with the GOSRN's approach to age assurance measures, providers should:

• ensure age assurance mechanisms are in place (if not already implemented) and test these measures for accuracy, robustness, reliability, proportionality, fairness, inclusivity and minimal intrusiveness in real-world deployment
• not overlook data protection compliance considerations
• engage proactively with the GOSRN to stay abreast of evolving regulatory expectations as international standards align.

Spring 2026