A number of prominent cross-party members of the House of Lords have written to the Chief Executive of Ofcom, Dame Melanie Dawes, expressing their concerns about the draft Children’s Code on which Ofcom is currently consulting (and on which we’ve previously commented here).

The letter states that the draft Code “falls substantially short in three key areas”: (1) it does not enforce against underage use, meaning that “millions of children under the age of 13 will continue to be exposed to products and content that even the services themselves deem inappropriate for them”; (2) it fails to offer mitigation strategies for risks that Ofcom has identified (such as livestreaming); and (3) it fails to require ‘age-appropriate services’ such that there is “no difference between services offered to a 7-year-old and a 17-year-old”.

The authors of the letter posit that one reason for these shortcomings is that Ofcom may be concerned that age assurance for children below the age of 18 is hard to achieve. As it happens, this is something that has been addressed in a recent publication by the Age Verification Providers Association (“AVPA”).

The AVPA recognises that there are practical difficulties in achieving age verification when children are less likely to have access to forms of identification or online records. The solution, it suggests, is a “layered approach, combining both approximate age estimation and exact age verification methods, with a manual vouching process as a backstop”. In practice this would mean that the first level would involve the use of facial analysis solutions, the most sophisticated of which have a mean average error of +/- 1.5 years. Those within the margin of error would need to move to a further level of analysis, and the AVPA suggests, for example, that they are asked to provide some form of official identification or, failing that, governments could “facilitate access to authoritative records of children’s ages, such as those held by schools or social security benefits systems”. Where this is not possible, the final layer would be engaged, namely a manual vouching process whereby “a trusted professional such as a teacher, JP or doctor, can provide a reference confirming the age of a user.  To ensure that this is made available, an obligation needs to be placed on platforms to facilitate this more costly mechanism”. The AVPA suggests that once proof of age is established for one online platform, there are systems in place that could mean that no further checks would be needed to access other platforms.

While the peers’ letter pre-dates the publication from the AVPA and therefore does not address its specific recommendations, the authors nonetheless state that any concerns that Ofcom may have about age verification for children “does not align with existing industry practice where a range of age assurance methods are already being deployed to estimate the age or age range or users to safety, privacy and commercial reasons”. Furthermore, it makes the point that if regulators require them to do so, regulated companies will invest time and money into technologies to keep children safe online.

The letter concludes by stating that the authors are “bewildered at the decision to do nothing at all to protect children under 13, and at the same time give regulated companies safe harbour”, pointing to obligations in the Online Safety Act 2023 to mitigate and manage the risk of harms to children of different age groups. As it explains, “no parent or teacher would or could want a 17-year old to be treated as if 7, or the other way round. A regime that does so will simply not work”.

The letter can be read here.

The publication from the AVPA can be read here.