In addition, service providers should not publish content on their service that directs or encourages UK users to circumvent the age assurance process or the access controls, for example by providing information about or links to a virtual private network (VPN) which may be used by children to circumvent the relevant processes.
Ofcom is the designated regulator and has the power of enforcement. The law doesn’t define what age verification means, only that it much be ‘highly effective’ (Section 12 (6)). It is therefore left to Ofcom to set out in its Code of Practices (Section 41 (3)) what ‘highly effective age verification’ means, which is what this guidance is. This isn’t Ofcom being nice, this is them telling you how they’re going to enforce the law.
Section 4.37 of Ofcom’s Guidance on Highly Effective Age Assurance for Part 3 Services:
That’s guidance, not law.
Ofcom is the designated regulator and has the power of enforcement. The law doesn’t define what age verification means, only that it much be ‘highly effective’ (Section 12 (6)). It is therefore left to Ofcom to set out in its Code of Practices (Section 41 (3)) what ‘highly effective age verification’ means, which is what this guidance is. This isn’t Ofcom being nice, this is them telling you how they’re going to enforce the law.
Should, not must. Like the highway code should rules and must rules.