Proposed UK Internet age verification system

With the passing of the Digital Economy Act 2017, the United Kingdom became the first country to pass a law containing a legal mandate on the provision of an Internet age verification system. Under the act, websites that published pornography on a commercial basis would have been required to implement a "robust" age verification system to prevent minors from accessing their sites. The regulator would have been empowered to fine those who fail to comply up to £250,000 (or up to 5% of their turnover), to order the blocking of non-compliant websites, and to require those providing financial or advertising services to non-compliant websites to cease doing so.

After a series of setbacks, the planned scheme was eventually abandoned in 2019, and the legislative provisions creating it were repealed by the Online Safety Act 2023.

Delays and setbacks
The British Board of Film Classification (BBFC) was planned to be charged with enforcing the scheme. The implementation of the law was initially delayed multiple times to allow the BBFC to draft and receive approval for official guidelines regarding the age verification requirements. Following the passage of the Online Pornography (Commercial Basis) Regulations 2019 (which established a legal definition for the types of websites that would be subject to the requirements), implementation was again rescheduled, this time for a planned start date of April 2019. In March 2019, reports stated that there was still no firm date for the implementation of this policy, which had been beset by many technical problems. A BBC report at the time described implementation of the scheme as being "in a holding pattern".

Key issues with the implementation included what constituted an effective means of age verification, as well as concerns over the possibility that online age verification providers could collect excessive personally identifiable information and process it for other purposes—potentially in violation of the General Data Protection Regulation (GDPR). "AgeID", a service proposed by internet pornography company MindGeek, was singled out by critics due to concerns that offering this service could unduly enhance its market position. The BBFC suggested that a system of gift card-like vouchers, purchased in person with ages checked by the retailer (identically to other age-restricted purchases such as alcohol) could provide a more anonymous and secure solution to age verification.

Technical concerns included the use of VPNs and DNS over HTTPS, both of which make it more difficult to perform man-in-the-middle attacks such as those required for effective Internet blocking.

On 17 April 2019, regulators stated that the law would officially be effective from 15 July 2019. However, on 20 June, the government announced that it had decided to delay implementation yet again, this time for another six months, for reasons including the government's failure to notify the scheme to the European Commission, and further concerns with technical issues.

Abandonment and repeal
On 16 October 2019, the Culture Secretary Nicky Morgan stated that the government had abandoned the mandate altogether, in favour of replacing it with a forthcoming wider scheme of Internet regulation based on the principles expressed in the Online Harms White Paper.

The mandate was formally repealed by section 212 of the Online Safety Act 2023, which came into force immediately upon that Act receiving royal assent on 26 October 2023.

Legal action
In January 2020, a group of age verification companies started a legal action against the government, seeking a judicial review of its decision to suspend the age verification scheme. The companies included AgeChecked Ltd, AVSecure, AVYourself and VeriMe. The plaintiffs contended that the Digital Economy Act 2017 gave the government the power to delay implementation but not to abandon it, and sought around £3 million in damages. In July 2020, they won permission for a judicial review.