Ofcom: TikTok and YouTube ‘not safe enough’ for children

Ofcom concluded in a recent report that TikTok and YouTube are “not safe enough” for children and that both platforms declined to commit to significant changes to reduce harmful content being recommended to under-18s.

The regulator said other large companies showed more willingness to change. Snap, Meta and Roblox agreed to adopt additional measures aimed at reducing online grooming and contact from strangers for younger users. Ofcom’s assessment found major platforms do not offer consistent protections for children and that some providers resisted proposals to alter recommendation systems or moderation practices.

Ofcom’s survey cited in the report found 84% of children aged 8 to 12 still use at least one major service that sets a minimum age of 13. Researchers operating under-13 accounts reported encountering sexual content and offensive language in some Roblox games shortly after joining.

U.S. advocacy groups have formally requested that the Federal Trade Commission investigate Roblox for alleged unfair and deceptive practices. The complaint cites in-game purchasing mechanics that put pressure on children to spend, chat functions that expose players to strangers, and design features intended to maximize engagement.

Drew Benvie, chief executive of a youth safety nonprofit, noted that young players are often able to bypass age-based protections and that technical barriers do not always prevent underage access.

Cybersecurity experts responding to the report warned that some age assurance methods that rely on government ID scans or biometric selfies require collection of personally identifiable information that can become a target for attackers. They listed risks including data breaches, identity fraud and theft of biometric data, which cannot be changed like a password.

Analysts also flagged a migration risk: when stricter gates push young users away from mainstream services, those users may move to smaller sites or apps with weaker moderation, greater exposure to malware and phishing, and fewer safeguards against harmful content. One security commentator summarized the attack vector succinctly: “Scammers don’t need to hack you. They just need you to click once.”

Report authors and safety advocates recommended that platforms focus on safer system design, including stronger content moderation, recommendation algorithms that do not amplify harmful material, clearer accountability for safety outcomes, and limits on invasive data collection.

Ofcom said the findings frame a policy challenge for regulators and lawmakers in the UK and the U.S., who must weigh privacy risks tied to age verification methods against the need for improved protections for underage users without creating large central repositories of sensitive data.