Ofcom wants to double down on file monitoring in 2026

News
By published

Experts are concerned how it may impact users' privacy

Conceptual image with a bunch of floating eyeballs in different sizes overlooking a red computer, could symbolize ideas around malware and computer viruses
Image credit: Shutterstock (Image credit: J Studios/via Getty Images)
  • Ofcom seeks to extend CSAM monitoring to file-sharing and other providers
  • Apps are recommended not to "break end-to-end encryption"
  • Experts are concerned about the precedent it may set for users' privacy

Having implemented one of the world's strictest age verification regimes, the UK is now considering extending its obligations on cloud storage, file-sharing and other apps to help make the internet a safer place for children.

In its first report on the Online Safety Act's impact, Ofcom pledged to "expand our focus to other service providers who present the highest risk of CSAM [child sexual abuse material] to ensure stronger protections" in 2026.

Some of this work has already begun, with Ofcom confirming that many large and medium-sized file-sharing platforms voluntarily implemented technology to detect this type of content, while others have decided to leave the market altogether.

After a four-month consultation period that ended in October, Ofcom is now assessing calls from industry and civil society to expand the law's codes of practice. A report is expected next year.

However, Ofcom's proposed increased monitoring has led experts to warn the agency could be setting a dangerous precedent while doing "little to protect children."

While it's not clear which other platforms will be affected, Ofcom told TechRadar that "our measures do not recommend that providers use proactive technology to analyze privately communicated content or metadata."

The encryption conondrum

The Ofcom logo next to a woman looking at her phone confused

(Image credit: Ofcom / Shuttertock / Fizkes)

The push for CSAM monitoring in the UK echoes similar efforts in the EU, where the so-called Chat Control proposal has attracted strong criticism from technologists, privacy experts, and politicians alike due to its potential to lead to the surveillance of private communications.

Like in Europe, experts in the UK fear that encryption may become a casualty in the battle to keep children safe online.

Apple has already withdrawn its iCloud's advanced encryption protection from the UK market after being served with a technical notice to create a backdoor. However, this order was issued under the Investigatory Powers Act, not the Online Safety Act.

Do you know?

Security padlock in circuit board, digital encryption concept

(Image credit: Getty Images)

Encryption is the tech that secure messaging apps, cloud storage, and VPN services use to prevent their users' data from third-party monitoring – themselves included.

When we asked for clarification on its plans, an Ofcom spokesperson said the agency is considering measures that automatically detect illegal content and content harmful to children called 'hash matching.' However, "the proposals do not recommend services break end-to-end encryption," Ofcom said.

According to Internet Society's Senior Director for Internet Trust, Robin Wilton, this suggests that any scanning would have to occur before the file becomes encrypted. "That would mean the service would have to have a client-side component to do that scanning," Wilton said.

Client-side scanning was previously halted under the Online Safety Act until it was "technically feasible to do so." Experts in Europe have been very critical of this type of scanning, arguing that it will create a vulnerability in the system even when it occurs before the content gets encrypted, with Signal comparing client-side scanning to malware on your device.

Two providers leaving the UK market, Krakenfiles and Nippydrive, offer end-to-end encrypted services, which may suggest they had concerns for the integrity of their systems.

As of today, the likes of Proton Drive and NordVPN's Meshnet are yet to be impacted by new requirements, the companies told TechRadar.

For Wilton, though, the stakes are even higher. "If Ofcom continues with this policy, UK users will no longer have access to cloud storage that technically prevents third-party access to their data," he said.

In its report, Ofcom repeatedly states that 2026 will see CSAM monitoring duties strengthened on more cloud storage and file-sharing apps, while extending to other user-to-user services.

So there's a chance that other applications we all use regularly could soon become targets of increased monitoring. We will continue to monitor the situation and assess its impact on people's privacy.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Chiara Castro
Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.