CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

UK to Monitor Users’ Cloud Storage Under New Online Safety Regulation

By Leave a Comment
UK to Monitor Users’ Cloud Storage Under New Online Safety Regulation

The UK’s communications regulator, Ofcom, has launched an enforcement program to assess how file-sharing and file-storage services are tackling the spread of child sexual abuse material (CSAM), despite ongoing privacy concerns.

This initiative comes as new legal duties under the Online Safety Act 2023 take effect, requiring online platforms to implement robust safeguards against illegal content.

The enforcement program, announced today, will evaluate whether file-sharing and file-storage providers are taking adequate steps to prevent the dissemination of CSAM. Under Sections 10(2) and 10(3) of the Online Safety Act, providers of regulated user-to-user services must:

  • Prevent users from encountering priority illegal content, including CSAM.
  • Mitigate the risk of their services being used for criminal activity related to such content.
  • Implement swift content removal mechanisms when violations are detected.

These requirements, known as Illegal Content Duties, are now legally binding. To comply, platforms can adopt Ofcom’s Codes of Practice, published in February 2025, or implement alternative but equally effective measures.

Ofcom has emphasized that traditional human content moderation alone is insufficient to handle the scale of CSAM. Instead, it recommends perceptual hash-matching technology—a tool capable of detecting altered versions of known illegal images—to improve content moderation efficiency.

Cloud storage under scrutiny

File-sharing and file-storage platforms are particularly vulnerable to CSAM distribution due to their ability to store and exchange large volumes of data with minimal oversight. Ofcom has worked with law enforcement agencies and child protection organizations—including the Internet Watch Foundation (IWF), the Canadian Centre for Child Protection (C3P), and the National Centre for Missing and Exploited Children (NCMEC)—to identify high-risk services.

As part of its enforcement program, Ofcom has engaged with smaller, high-risk file-sharing platforms to assess their compliance efforts, and written to providers of high-risk services, notifying them of their legal responsibilities and impending formal information requests about their safety measures.
The agency has also sent advisory letters to additional file-sharing and file-storage platforms, informing them of their obligations under the Online Safety Act.

Failure to comply with these regulations could result in severe penalties, including fines of up to 10% of a company’s global annual revenue.

Enforcement actions

In the coming months, Ofcom will evaluate compliance efforts by requesting records of Illegal Content Risk Assessments from targeted providers. The agency will also determine whether formal enforcement actions—including investigations and penalties—are necessary for non-compliant services. Ofcom stated that collaboration with law enforcement agencies to monitor compliance among high-risk platforms will continue.

The enforcement program marks a significant step in the UK’s effort to hold online platforms accountable for content safety. With the Online Safety Act now in force, platforms that fail to meet these stringent requirements face heightened scrutiny and substantial financial risks.

Privacy concerns and debate over monitoring

Ofcom’s enforcement program has also raised privacy concerns, as monitoring file-sharing and cloud storage services could impact user data security. While the regulator recommends perceptual hash-matching to detect known CSAM, privacy advocates fear increased surveillance could set a precedent for broader content monitoring.

Privacy-conscious users could argue that such measures risk undermining end-to-end encryption and could lead to overreach in user data scrutiny, sparking debates about the balance between online safety and digital privacy.

These worries are particularly strong in the UK, following the news about secret orders by the government demanding that Apple add a backdoor in iCloud backups, leading to the consumer tech firm removing its encryption features for users in the country entirely.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *