How to Do a Children's Access Assessment
A children's access assessment decides whether the child safety duties in the Online Safety Act apply to your service. Every regulated user-to-user and search service has to carry one out, and the deadline to complete it was 16 April 2025.
The outcome matters, because if your service is likely to be accessed by children you take on a further set of duties. This guide explains the test and what follows from it.
What a Children's Access Assessment Is
The duty is in section 35 of the Online Safety Act 2023. It asks one question: is the service likely to be accessed by children.
You answer it using a two-stage test set out in Ofcom's guidance. You can only conclude that children are not likely to access the service if you work through both stages and the evidence supports it.
Stage one - can children access the service
The first stage asks whether it is possible for children to access the service or part of it. If you do not use highly effective age assurance to stop children accessing it, you have to assume they can.
Stage two - the child user condition
If children can access the service, the second stage asks whether the child user condition is met. That condition is met if there is a significant number of child users, or if the service is of a kind likely to attract a significant number of child users.
Highly Effective Age Assurance
You can only treat children as unable to access your service if you use age assurance that Ofcom considers highly effective. A simple self-declaration tick box does not meet that standard.
Highly effective methods include approaches such as facial age estimation, photo identification matching and verification through a bank or mobile provider. The method has to be technically accurate, robust, reliable and fair.
What Happens If Children Are Likely to Access
If your assessment concludes that children are likely to access the service, the child safety duties apply. You must carry out a children's risk assessment under section 11 and meet the safety duties protecting children under section 12.
Those duties require you to protect children from primary priority content such as pornography, suicide, self-harm and eating disorder content, and from priority content such as bullying, abusive and violent material. The protection of children duties have applied since 25 July 2025.
Children's Access Assessment at a Glance
| Element | What it means |
|---|---|
| Legal basis | Section 35 of the Online Safety Act 2023 |
| Deadline | 16 April 2025, and ongoing for new services |
| Stage one | Can children access the service without highly effective age assurance |
| Stage two | Is the child user condition met |
| If children likely to access | Children's risk assessment (s.11) and child safety duties (s.12) apply |
Reviewing Your Assessment
A children's access assessment is not a one-off. You must redo it if your service changes in a way that affects whether children can access it, and at least once a year.
Keep the assessment and your reasoning on record under the record-keeping duty in section 23, so you can show Ofcom how you reached your conclusion.
How Policy Pros Can Help
We help services run a defensible children's access assessment and document the reasoning behind the outcome. Where the child safety duties apply, we help with the children's risk assessment and the policies that support it.
This work links to your wider compliance, so we keep it consistent with your IT security policies and your illegal content risk assessment. For context on the full regime, see our Online Safety Act small business guide.
The duty is in section 35 of the Act, and Ofcom's protection of children guidance sets out the detail.
Frequently Asked Questions
What is a children's access assessment?
It is an assessment under section 35 of the Online Safety Act that decides whether your service is likely to be accessed by children. The answer determines whether the child safety duties apply to you. Every regulated user-to-user and search service has to carry one out.
When was the children's access assessment deadline?
Services had to complete their first children's access assessment by 16 April 2025. New services have to do one before or shortly after launch, and existing services must review theirs at least annually and when the service changes.
How do I decide if children can access my service?
You apply a two-stage test. Stage one asks whether children can access the service at all, and you must assume they can unless you use highly effective age assurance. Stage two asks whether there is a significant number of child users or the service is likely to attract them.
What counts as highly effective age assurance?
Methods Ofcom considers technically accurate, robust, reliable and fair, such as facial age estimation, photo identification matching or verification through a bank or mobile provider. A self-declaration tick box does not meet the standard.
What happens if children are likely to access my service?
The child safety duties apply. You must carry out a children's risk assessment under section 11 and meet the safety duties in section 12, which include protecting children from pornography, suicide, self-harm, eating disorder, bullying and other harmful content.
