According to Tom’s Guide, UK regulator Ofcom has fined adult site operator AVS Group Ltd a hefty £1 million (about $1.3 million) for failing to implement “robust age checks” as required by the Online Safety Act. The company, which runs 18 adult websites, was also fined an additional £50,000 for not responding to information requests. Ofcom slammed AVS’s photo upload system for lacking “liveness detection,” meaning kids could bypass it with a picture of an adult. The company now has until 5pm GMT on December 6, 2025, to install “highly effective” age verification or face a daily penalty of £1,000 per day, which could run until March 16, 2026. Furthermore, starting December 5, AVS will be charged £300 per day for every day it fails to respond to Ofcom’s information requests, for up to 60 days. This action stems from an investigation launched on July 30, 2025, into violations of the Act.
The VPN Wild Card
Here’s the thing: this isn’t just a story about one company getting fined. It’s about the chaotic, unintended consequences of these new age verification laws. Ofcom’s own report shows UK VPN usage doubled</em to over 1.5 million active users back in July, though it’s since fallen below a million. The regulator admits it can’t reliably say how much of that spike was from people trying to dodge age checks, but come on—the timing is pretty suspect, right? They’re now actively investigating VPNs, asking parents and kids about their usage and even quizzing parents on whether they use tools to block VPNs. This feels like a regulatory cat-and-mouse game that’s just getting started. They’re trying to lock a door that tech-savvy users have already found five different windows to climb through.
A Privacy Disaster Waiting To Happen
And that leads to the other huge piece of this: the massive privacy risk. Critics have been screaming about this for months. To prove your age, you’re often asked to hand over incredibly sensitive data—photos, government IDs, even credit card info. You’re basically creating a centralized honeypot of personal data that’s a dream target for hackers. We already saw the first major hack of an age verification system on Discord in October. How many more breaches will it take before lawmakers realize they’re creating a whole new set of problems? Ofcom says sites must comply with UK data protection laws, but as we’ve seen time and again, compliance doesn’t equal security. It feels like a disaster waiting to happen, and the VPN investigation seems like an attempt to plug the leaks in a dam that’s already cracking.
Where Does This End?
So what’s the trajectory here? Ofcom has 92 investigations into online services open right now and has only fined three providers. This £1 million penalty is a loud warning shot to the entire industry. But the real question is about scale and enforcement. Can they realistically police every site? And if VPN usage becomes the go-to workaround, what’s the next step—cracking down on VPN providers themselves? The VPN industry already feels unfairly targeted, arguing their tools are for privacy, not circumvention. This puts regulators in a tough spot: trying to protect children online without trampling on privacy or creating a completely unwieldy, unenforceable system. It’s a messy, evolving fight with no easy answers, and this fine is just the opening salvo in what’s going to be a very long war. You can read Ofcom’s official announcement on the fine here, the details of their investigation into AVS here, and their broader tech sector report here.
