LONDON – On the new website launched by the British Board of Film Classification (BBFC) to provide guidance on the UK’s new age-verification standards for adult sites set by the the Digital Economy Act (DEA), there’s a host of information, by any measure.

What there isn’t – yet, at least – is a clear answer to some of the most fundamental questions which adult site operators may have about the UK’s new requirements.

For example, in the FAQ section provided for members of the adult industry, the fifth question on the FAQ is one I think it’s safe to say most adult webmasters would like an answer well before the new rules take effect: “I run an online pornography service. What content can I display before age-verification?”

The BBFC’s answer? “The BBFC will produce advice on what content can be displayed in front of age-verification before entry into force.”

In other words: “Uh… we’ll get back to you on that.”

While the website does offer a great deal of information, much of it is quite general, leaving the BBFC with many blanks still to fill in. Reading some of the documents provided, like the “Guidance on Age-verification Arrangements” (GAVA) provided for members of the adult industry, one also gets the sense there are some aspects of the new system which will never be fully detailed in writing, but instead left to a case-by-case determination of compliance – or lack thereof.

“As envisaged in the Secretary of State’s Guidance to the Regulator, this guidance does not provide an exhaustive list of approved age-verification solutions, but sets out the criteria by which the BBFC will assess that a person has met the requirements of section 14(1) of the Act to secure that pornographic material is not normally accessible by those under 18,” the GAVA states. “This guidance also outlines good practice in relation to age-verification to encourage consumer choice and the use of mechanisms that confirm age but not identity. The BBFC will actively assess individual age-verification arrangements to test their effectiveness and robustness. Arrangements which do not meet the necessary requirements, as set out below, will be treated as non-compliant.”

This is not to say the GAVA and other documents provided on the website are useless, or that they don’t offer any detail at all. Many aspects of the guidance provided seem sensible and there are encouraging signs that the BBFC is going to operate its compliance and enforcement regimes in a reasonable way.

For example, the BBFC indicates that as part of its case-by-case approach, it will give non-compliant sites a chance to come into compliance, rather than just send them back to the dugout after one strike, so to speak.

“If a non-compliant pornographic service becomes compliant by securing that the material is not normally accessible to those under 18 and/or by removing extreme pornographic material, then all enforcement action will cease and any notices will be withdrawn,” the GAVA states.

One area in which the guidance is quite clear is a list of existing mechanisms and techniques which will not be considered compliant with the age-verification requirements of section 14(1) of the DEA.

The list includes “relying solely on the user to confirm their age with no cross-checking of information, for example by using a ‘tick box’ system or requiring the user to only input their date of birth” using a general disclaimer such as “anyone using this website will be deemed to be over 18”; verifying age through “online payment methods which may not require a user to be over 18,” and “checking against publicly available or otherwise easily known information such as name, address and date of birth.”

The BBFC’s initial guidance also contains several hat-tips to some of the biggest concerns voiced by critics of the age-verification provisions of the DEA, like data security and user privacy.

“The privacy of adult users of pornographic sites should be maintained and the potential for fraud or misuse of personal data should be safeguarded,” the GAVA states, adding that under the General Data Protection Regulations (GDPR), adult sites and age-verification service providers “have a general obligation to comply” with a specified set of requirements. The requirements listed aren’t very specific, however.

For example, the first requirement listed states that “age-verification systems must be designed with data protection in mind – ensuring users’ privacy is protected by default.”  This is a fine principle to put in writing, but as a practical matter, precisely what “designed with data protection in mind” means is not clear.

With a little over two months left in the year, it remains to be seen whether the UK’s age verification requirements will become enforceable in the current year.

Back in March, the UK government released a statement which said it “is anticipated age verification will be enforceable by the end of the year.” In that same statement, the government also specified that “the public and the industry to prepare for and comply with age verification, the Government will also ensure a period of up to three months after the BBFC guidance has been cleared by Parliament before the law comes into force.”

Since the BBFC has yet to receive clearance from Parliament on its guidance and we’ve already reached mid-October, it’s safe to say time is running short for the anticipation expressed in March to become a reality by the end of December.