Ofcom, the UK's Online Safety Act regulator, has fined online message board 4chan £20,000 ($26,680) for failing to protect children from harmful content.
The fine could rise by a further £6,000 – £100 per day for a maximum 60 days – if it continues to ignore its duties to comply with the regulator's request for information regarding two separate matters.
4chan can stop the additional fines by providing copies of its illegal content risk assessments and information about its qualifying worldwide revenue to Ofcom.
The enforcement action announced today is months in the making after Ofcom first opened an investigation into the notorious image board on June 10.
It requested the aforementioned risk assessments on April 14, and to this day 4chan still has not complied, the regulator said.
When opening the investigation, Ofcom said it was looking to understand whether 4chan has failed, or is failing, to abide by its duties under the Online Safety Act.
The watchdog also highlighted that the maximum penalties for these failures, as specified in the legislation, are £18 million ($24 million) or 10 percent of an organization's qualifying worldwide revenue, whichever is greater.
The Register contacted 4chan for its side of the story.
Ofcom's fine is the first made under the Online Safety Act since in-scope organizations' illegal content duties came into force on March 17. It also announced two provisional decisions to take action against file-sharing service Im.ge and pornography service provider AVS Group Ltd for similar failures to respond to information requests.
In Im.ge's case, this relates to its duty to implement measures to prevent the circulation of child sexual abuse material (CSAM), and AVS Group was rapped over its duty to implement age-check mechanisms.
Both organizations have the chance to appeal Ofcom's findings before it makes a final decision on how to reprimand them.
Another porn provider, Youngtek Solutions Ltd, is also under an expanded investigation over its failure to respond to information requests regarding age-checking requirements.
Tech secretary Liz Kendall said: "The Online Safety Act is not just law, it's a lifeline. Today we've seen it in action, holding platforms to account so we can protect people across the UK.
"Services can no longer ignore illegal content, like encouraging self-harm or suicide, circulating online which can devastate young lives and leave families shattered.
"This fine is a clear warning to those who fail to remove illegal content or protect children from harmful material. We fully back the regulator in taking action against all platforms that do not protect users from the darkest corners of the internet."
In total, since March 2025, Ofcom has opened 21 investigations into the providers of in-scope apps and websites, and launched five enforcement programs.
Playing by the rules
In brighter news, others under Ofcom investigation have shown improvements, and several of these cases are now closed.
Four file-sharing services under investigation for their child safety measures avoided further action by geo-blocking UK users, much to Ofcom's delight. Krakenfiles, Nippydrive, Nippyshare, and Nippyspace have all blocked British IP addresses instead of following other measures set out in the regulator's codes of practice.
Ofcom said it has closed the cases into these sites, and that the measures have "significantly reduced the likelihood that people in the UK will be exposed to any illegal or harmful content."
"We will continue to monitor their availability in the UK and reserve the right to reopen our investigations if we have reason to do so. We are pursuing further lines of inquiry against file-sharing services Nippybox and Yolobit, and these investigations remain ongoing."
A suicide forum is also now geo-blocking UK IPs after Ofcom began enforcement proceedings.
Satisfied for now, the regulator said it will keep tabs on the unnamed provider to see whether that block remains in place over the long term, and ensure it does not provide information on how to bypass it.
Bypassing these measures has been a hot point of discussion since the Online Safety Act's most noticeable rules came into force in July, triggering a surge in VPN subscriptions within days of Brits having to submit their ID cards for age verification purposes.
While platforms are forbidden from guiding users toward these types of workarounds, this alone is unlikely to prevent VPNs being used to bypass geo-blocks and similar measures.
They do not appear to be going anywhere either. The UK government has previously stated that it does not wish to ban them, since they have many legitimate purposes. But if platforms promote VPNs and other workarounds to children as a means to access their services, then Ofcom will pursue action against them.
First look at beefed-up requirements
Among Ofcom's proposed amendments to its obligations to platforms was the requirement for in-scope apps and websites to make use of hash-matching technology, which is seen as a more accurate, automated way of preventing the dissemination of illegal content such as CSAM.
Hash matching involves a system fingerprinting an image and comparing the hash it generates to a database of known harmful images, which are also hashed. If an image's hash matches or shows signs of similarity with one in the database, then it can be removed entirely autonomously and reported to local authorities for follow-up investigations.
Ofcom previously identified "serious compliance concerns" with its CSAM enforcement program at 1Fichier.com and Gofile.io, leading to investigations being opened into them both.
After constructive engagement with the regulator, both now deploy hash-matching tech and escaped further action.
Suzanne Cater, director of enforcement at Ofcom, said: "Today sends a clear message that any service which flagrantly fails to engage with Ofcom and their duties under the Online Safety Act can expect to face robust enforcement action.
"We're also seeing some services take steps to introduce improved safety measures as a direct result of our enforcement action. Services who choose to restrict access rather than protect UK users remain on our watchlist as we continue to monitor their availability to UK users." ®