Tech firms must do more to block unwanted sexual images, under strengthened Ofcom protections

Dating, messaging and social media apps will have to protect UK users from cyberflashing, under strengthened protections published today by Ofcom.

The UK's independent online safety watchdog is also increasing protections for dangerous self-harm content. Together, these changes will have a significant impact on user safety.

Blocking unsolicited nudes

Cyberflashing is when a person sends someone an unwanted sexual image. Evidence shows women are nearly three times more likely than men to experience this, with YouGov research finding that 36% of women under the age of 40 have received an unsolicited sexual photo from someone who was not their partner, and one in 12 women have been sent one of these images in the last year.

Making sure tech firms tackle online harms that disproportionately impact women and girls is one of Ofcom's highest priorities. In January 2026, cyberflashing became a priority offence under the Online Safety Act. This means tech firms must assess and mitigate the risk of this occurring on their sites and apps.

After these changes became law, we acted swiftly to consult on updates to our codes of practice and guidance, setting out how platforms can comply with the duties in the Act relating to priority offences. Today, we have finalised what companies at risk of cyberflashing should do to protect UK users from this illegal content, which includes:

• making it easy for people to report this illegal content to the platform;
• having content moderation teams that are appropriately resourced and trained to deal with this content;
• having content moderation systems and processes designed to take down this content swiftly when the platform becomes aware of it; and
• providing users with tools to block or mute other users.

Today's strengthened protections add to a new measure we announced last month under which tech firms should use automated detection technology to reduce the spread of illegal intimate images online, as well as our existing industry guidance on what companies should do to deliver a safer online experience for women and girls in the UK.

Stronger self-harm protections

The Government also recently gave priority status to laws on intentionally encouraging or assisting serious self-harm. Our online safety codes and guidance already contain several specific measures platforms should implement to protect people from illegal suicide material, and we are extending our existing robust protections to cover illegal self-harm content.

As well as applying all the measures above to self-harm content - relating to reporting mechanisms, content moderation functions and blocking tools - we are also setting clear expectations that tech firms should:

• test algorithms to check whether and how design changes impact the risk of illegal self-harm content being recommended to users;
• provide crisis prevention information in response to search queries regarding self-harm;
• enable users to easily report predictive search suggestions they believe may direct people towards priority illegal content, and taking appropriate steps to ensure reported suggestions are not recommended to any users; and
• enable users to disable comments.

Tackling self-harm threats posed by Com groups

Com groups are a particular concern for Ofcom regarding the threat of self-harm. These are online networks of criminals who carry out a variety of serious offences, sometimes to gain status and notoriety. This includes grooming victims, often children, to commit harmful acts towards themselves.

We have done extensive work on ways to tackle the threats posed by Com groups, including with law enforcement and child protection agencies. Today's strengthened protections include additional guidance for platforms - specifically about how these networks utilise direct and group messaging functionalities to groom and manipulate victims.

To provide an additional layer of protection for children, services with direct messaging functionality and a risk of grooming should implement safety defaults making sure children can only be contacted by people to whom they are already connected.

Separately, last year we proposed that platforms should use proactive technology to detect suicide and self-harm content, where possible, among other safety measures. We will publish our decisions on these by autumn 2026.

What happens next

Tech firms must now review and update their risk assessments, so they can identify how the risks of harm from these offences could occur on their platforms, and ultimately put appropriate safety measures in place to mitigate them.

The amendments to our codes of practice will come into effect once they have gone through a parliamentary process, which is subject to Government and Parliament timetabling.