UK Online Safety Act: Publicly Reported Enforcement So Far

By Online Safety Register Team 7 min read
UK Online Safety Act: Publicly Reported Enforcement So Far

Ofcom has already issued fines under the Online Safety Act, targeting platforms with missing risk assessments, weak age assurance, or poor record-keeping. The enforcement cases below show exactly which types of companies are already in scope.

Named Companies Fined or Formally Sanctioned

Company / Service Category of Platform Enforcement Outcome Key Compliance Failure
4chan User-generated content forum / discussion board £20,000 fine, plus £100 per-day penalty until compliance Failure to complete, retain, and supply a suitable illegal-content risk assessment and required information
AVS Group Ltd Pornography / adult-content site operator (18 sites) £1,000,000 fine + additional penalty Failure to implement robust age-assurance measures; failure to comply with statutory information requests
Itai Tech Ltd AI-driven adult-content service £50,000 fine Failure to introduce effective age checks to prevent access by children

What These Companies Have in Common

Although the platforms differ technically, the enforcement actions reveal very consistent themes.

Categories already being enforced against:

  • User-to-user platforms (forums, discussion sites)
  • Adult and pornography websites
  • AI-driven content services
  • Offshore services with UK users

This shows clearly that enforcement is based on risk profile and governance, not:

  • Company size
  • Country of incorporation
  • Whether harm was "intended"

The Pattern Ofcom Is Enforcing Against

Across all cases so far, Ofcom action has focused on one or more of the following failures:

  • No documented risk assessment
  • Risk assessments not kept or not reviewable
  • Weak or ineffective age-assurance controls
  • Failure to respond properly to statutory information requests
  • Poor internal record-keeping and auditability

Importantly, none of these cases required proof of catastrophic harm.

The absence of evidence of compliance was enough.

Why This Matters for Every Platform

These cases establish several critical precedents:

  • ✅ Enforcement is real and already happening
  • ✅ Ofcom will fine both UK and non-UK companies
  • ✅ Failure to document is treated as non-compliance
  • ✅ Daily penalties can apply until issues are fixed
  • ✅ Age assurance and risk assessments are enforcement flashpoints

For any platform that:

  • hosts user content
  • allows messaging, posting, or interaction
  • provides adult or age-restricted content
  • uses AI to generate or modify content

…the regulatory bar has already been set.

Why Structured Compliance Is Becoming the Norm

Each enforcement case reinforces the same lesson:

"We knew about the risks" is meaningless without documentation.

Platforms that relied on:

  • informal thinking
  • ad-hoc documents
  • unmanaged Word files
  • institutional memory

were the ones that struggled when regulators asked for evidence.

This is exactly why Online Safety Act registries and structured compliance SaaS tools are being adopted — not to avoid responsibility, but to prove it in a credible, regulator-friendly way.

This article provides guidance only and does not constitute legal advice. Information about enforcement actions is based on publicly available Ofcom reports and announcements.