A little over a month ago, when Ofcom’s age assurance requirements came into effect on 25 July to implement the Online Safety Act, verification platforms were put to their toughest test. And while OneID® is used to handling big bursts of transactions, there’s a difference when it comes to returning over a million checks a day, consistently and accurately.
In the process, our platform has quietly helped keep more than 100,000 children from accessing sensitive content—without compromising privacy, and without slowing down the experience for legitimate adult users.
That combination—scale, resilience, and privacy by design—is what sets OneID® apart, and why this moment matters far beyond just passing a regulatory milestone.
At the height of demand, OneID® was processing around 140 transactions per second. That’s a level of load that would challenge even the most mature digital systems. Yet latency on our platform didn’t dip, and we recorded zero outages throughout July and August.
It’s not just about uptime for its own sake. Speed and resilience directly affect user experience. Every extra second of delay risks customer drop-off. In verification journeys, that translates into lost business for websites and friction for users.
Our system kept checks in the sub-three-second range, with repeat users completing in under one second. Where delays did occur, they were almost always caused by the mobile network itself, not our infrastructure.
That distinction matters: compliance should never come at the expense of customer experience.
Critics of the Online Safety Act sometimes raise the spectre of “honeypots” of personal data being created. This is where design matters most.
At OneID®, we don’t collect, store, or share personal data. We only return a yes or no to the question: is this user over 18? Yes or No. That’s it. No names, no birthdates, no unnecessary identifiers.
The only thing we retain is an encrypted mobile number as a unique identifier. The sensitive information—whether from a bank or a mobile operator—stays exactly where it belongs: with the bank or the mobile operator. In other words, there is no honeypot to attack.
Even at rest, our data is not human-readable. It can only be decrypted with the correct keys, and only when a user accesses their own consent console. The websites themselves never see or hold this information.
That same principle of privacy is what makes the current debate on VPNs so important. We’ve all seen the headlines about the spike in VPN downloads after the Online Safety Act went live. But the focus on VPN evasion misses the real story on trust and safety: adults who truly value their privacy will verify their age when the process is fast, private and trustworthy. And those adults are in the tens of millions, going by the number of age checks across different platforms.
On the other hand, the irony is that some of those who turn to VPNs in the name of “privacy” may actually be giving it up. A lot of free VPN services don’t protect you—they monetise you. Investigations have shown them harvesting search histories, device identifiers, and personal data, with millions of records exposed or sold on. Others inject malware or enable phishing campaigns. In short, using an unregulated VPN often creates more risk, not less.
As both a technologist and a parent, I understand why the debate around the Online Safety Act can feel so polarising. Some frame it as censorship or an intrusion on privacy. But as a father, I see it differently.
The internet has been unsafe for children for too long. My own kids can access content more easily on a phone than I ever could have picked up a magazine as a teenager. That’s the reality we’re living in. And I want them to grow up in a digital world where we apply the same protections online as we do offline. OneID®’s mission is to make the internet a safer place. And this is one of those many instances where my team and I are consciously contributing to it.
And the numbers tell a powerful story. In just a few weeks, OneID® has already prevented more than 100,000 children from accessing harmful sites. That’s 100,000 moments where a young person was kept safe—not through censorship, not through surveillance, but through smart, privacy-preserving technology doing its job at scale.
That, to me, is the real measure of success.
This isn’t about limiting adult freedoms. Adults will still access what they’re entitled to. But it should never come at the cost of exposing children to harm. Privacy concerns are often overstated, and claims of censorship tend to come from those without children of their own. For parents, the priority is simple: safety first, without compromise.
One of the most encouraging aspects of the past month has been seeing how seamlessly our platform scales across borders. While the Online Safety Act is a UK regulation, age assurance is a global challenge—and many of the lessons we’ve proven here apply internationally.
At OneID®, we already enable checks in the US and are integrated with national schemes in Sweden, Norway, Finland, Belgium, and the Netherlands. This means businesses operating internationally don’t have to stitch together fragmented solutions—they can rely on one privacy-preserving approach that adapts to local rules, but maintains the same speed and resilience everywhere.
In my view, this isn’t just about compliance. It’s about creating a consistent experience for users worldwide: fast, secure, anonymous checks that protect children and respect adults, wherever they happen to be logging in from.
With sandbox access available in a day and production-ready integration in a week, OneID® makes it simple for businesses to demonstrate compliance without compromising customer experience or privacy.
The reality is that millions of people have already chosen OneID® because it delivers what others cannot: speed, resilience, and anonymity at scale.
The Online Safety Act isn’t about censorship. It’s about applying the same safeguards online that we already apply offline—whether that’s age limits on alcohol, tobacco, or adult magazines. The internet has been unsafe for children for too long, and voluntary self-policing hasn’t worked.
That doesn’t mean adults should be burdened with clunky or invasive verification. Done right, age assurance can be frictionless and anonymous. Done wrong, it risks undermining trust and handing ammunition to critics who claim it’s an overreach.
This is where resilience and privacy must work together. Businesses need a platform they can trust not to fail under load, and users need confidence that their personal details aren’t being hoarded. The surge in checks since Ofcom’s requirements went live proved that both are possible—at scale.
Our Online Safety Age Assurance Buyer's Guide is all you need to learn about different age assurance measures, what compliance with Online Safety regulations across different regions requires, what privacy-preserving and seamless age checks should look like, and more.
We’re proud to announce that OneID® has achieved a B Corp score of 96.7 in 2025, placing us well above t...
We’ve all seen the news headlines fixated on the surge of VPN downloads—reporting a 1800% in UK VPN traf...
OneID®, the UK’s leading provider of bank- and MNO-based digital identity verification, has seen unprece...
