扒哥吃瓜

Draft of amendments to lie before both Houses of Parliament for the 40-day period in accordance with section 43 of the Online Safety Act 2023, during which time either House may resolve that the draft be not approved.

Draft of amendments prepared under section 41 of the Online Safety Act 2023 and submitted to the Secretary of State in accordance with section 43(1) on 15 May 2026.

Presented to Parliament pursuant to section 43(2) of the Online Safety Act 2023

June 2026

漏 Ofcom copyright 2026

978-1-5286-6520-9

E03610761

1. Preamble

1.1听听听听听听听听听听听听听听 On 24 February 2025 Ofcom issued the Illegal content Codes of Practice for search services in accordance with section 41 of the Online Safety Act (鈥榯he Act鈥�).^{[footnote 1]}

1.2听听听听听听听听听听听听听听 Ofcom issues the amendments set out in section 2 of this notification in accordance with section 43(4) of the Act.

1.3听听听听听听听听听听听听听听 In the course of preparing the draft of amendments to those Codes, Ofcom consulted the persons mentioned in section 41(6) and (7) of that Act.

1.4听听听听听听听听听听听听听听 In accordance with section 43(2) and (3) of the Act, the draft has been laid before Parliament for the 40-day period, during which time neither House of Parliament resolved not to approve the draft.

1.5听听听听听听听听听听听听听听 The amendments come into force [at the end of the period of 21 days beginning with the day on which they are issued] in accordance with section 43(4) of the Act.

1.6听听听听听听听听听听听听听听 Ofcom will publish the amended code of practice on its website in accordance with section 46 of the Act.

Signed by

Oliver Griffiths Group Director, Online Safety

A person authorised by Ofcom under paragraph 18 of the Schedule to the Office of Communications Act 2002

15 May 2026

2. Amendments

2.1听听听听听听听听听听听听听听 The Illegal content Codes of Practice for search services are amended as follows.

Amendments to index of recommended measures

2.2听听听听听听听听听听听听听听 In Section 3 (Index of recommended measures), in the appropriate place, insert the following entry鈥�

ICS C8	Using hash matching to detect intimate image abuse content	Large general search services.	Other duties	Section 27(2) and (3)

Amendments to recommended measures

2.3听听听听听听听听听听听听听听 In Section 4 (Recommended measures), after Recommendation ICS C7 (Removing listed CSAM URLs from search results), insert鈥�

鈥淚CS C8	Using hash matching to detect intimate image abuse content
听	Application
ICS C8.1	This measure applies to a听provider听in respect of each听large general search听service听it provides.
听	Key definitions
ICS C8.2	In this Recommendation ICS C8: 鈥渞elevant content鈥� means any听search content听in the form of photographs, videos or visual images (whether or not combined with written material) that听United Kingdom users听can听encounter听in or听via听search results; 鈥渦nverified hash鈥� means a hash which is not a verified hash; 鈥渧erified hash鈥� means a hash which was determined to be of听intimate image abuse content听at the time the hash was uploaded to a database.
听	Recommendation
ICS C8.3	The provider should ensure that听hash matching technology听is used effectively (see ICS C8.8) to analyse relevant content to assess whether it is听intimate image abuse content. For this purpose, the provider should use: a)听听听听听perceptual hash matching technology; or b)听听听听 where the provider鈥檚 appropriate set of hashes (as defined in ICS C8.9) does not enable perceptual hash matching for video听content,听cryptographic hash matching.
ICS C8.4	In circumstances where: a)听听听听 relevant content matches with an unverified hash; and b)听听听听 either of the following apply: i)听听听听听听 if听perceptual hash matching technology听is used, it is the first time there has been a positive match with that hash at that configuration of the technology (see ICS C8.8(b)); or ii)听听听听 if听cryptographic hash matching听is used, it is the first time there has been a positive match with that hash; the provider should treat this as reason to suspect that the relevant content听may be听illegal content听and review the relevant content听in accordance with Recommendation ICS C1.
ICS C8.5	Where relevant content matches with a hash in circumstances other than those set out in ICS C8.4, the provider: a)听听听听听 may, depending on the level of assurance the provider has in the detection outcomes achieved by the听hash matching technology,听treat the relevant content as听illegal content听and take appropriate moderation action听in relation to the relevant content in accordance with Recommendation ICS C1; or b)听听听听听 should otherwise treat the match as reason to suspect that the relevant content may be听illegal content听and review the relevant content in accordance with Recommendation ICS C1.
ICS C8.6	The provider should ensure human moderators review and assess an appropriate proportion of听detected content, having regard to: a)听听听听 the level of assurance the provider has in the detection outcomes achieved by the听hash matching technology听and any associated听systems and processes听(as indicated by the ongoing monitoring, evaluation and quality assurance (including human quality assurance) of the performance of the technology); and b)听听听听 to the extent that听detected content听is subject to review for the purpose of Recommendation ICS C1: i)听听听听听听 the potential severity of the harm to those depicted in or听encountering听intimate image abuse content; and ii)听听听听 the overall impact of an incorrect decision that the relevant content is听illegal content听on an听interested person听to whom the content relates.
ICS C8.7	For the purposes of ICS C8.3, the provider should ensure that: a)听听听听听 all relevant content present on the service at the time the听hash matching technology听is implemented is analysed within a reasonable time; and b)听听听听听 relevant content that may be听encountered听in or听via search results听by听United Kingdom users听after the听hash matching technology听is implemented is analysed before or as soon as practicable after it can be so听encountered.
ICS C8.8	For the use of听hash matching technology听to be effective, it should: a)听听听听听 use a suitable hash function to compare relevant content to an appropriate set of hashes (see ICS C8.9 to ICS C8.12); and b)听听听听听 where听perceptual hash matching technology听is used,听be configured so that its performance strikes an appropriate balance between听precision听and听recall听(see ICS C8.13 to ICS C8.15).
听	The set of hashes
ICS C8.9	For the set of hashes to be appropriate, it should: a)听听听听听 contain hashes of a significant number of original items of听content; b)听听听听听 be proactively updated with reasonable regularity; and c)听听听听听 be secured from unauthorised access, interference and (to the extent the database is comprised of verified hashes) exploitation (whether by persons who work for that person or are providing a service to that person, or any other person).
ICS C8.10	Where the provider becomes aware of听intimate image abuse content听a hash of which is not included on any database used by the provider, the provider should take reasonable steps to secure that a hash of that听content听is added to each such database.
ICS C8.11	The provider should take reasonable steps to secure the removal of a hash from any hash database used by the provider where it has determined that the hash is not of听intimate image abuse content听(see ICS C8.12).
ICS C8.12	For the purposes of ICS C8.11, the provider determines that the hash is not of听intimate image abuse content听in any of the following circumstances: a)听听听听听 the provider views the听content听used to generate the hash and determines it is not听intimate image abuse content; b)听听听听听 the provider otherwise reasonably believes that the hash is of听content听that is not听intimate image abuse content; c)听听听听听 the provider views听detected content听matched with the hash using听cryptographic hash matching technology听and determines that that听content听is not听intimate image abuse content; or d)听听听听听 the provider views听detected content听matched with the hash using听perceptual hash matching technology听and determines that that听content听is not听intimate image abuse content,听provided that the provider reasonably believes that there is an exact match between the hash of the听detected content听and the hash included on the database.
听	Technical configuration
ICS C8.13	In configuring the听hash matching technology听so that its performance strikes an appropriate balance between听precision听and听recall, the provider should ensure that the following matters are taken into account: a)听听听听听 the service鈥檚听risk听of harm relating to听intimate image abuse, reflecting the听risk assessment听of the service and any information reasonably available to the provider about the prevalence of relevant content that is听intimate image abuse content听on the service; b)听听听听听 the proportion of听detected content听that is a听false positive; and c)听听听听听 the effectiveness of the听systems and/or processes听used to identify听false positives.
ICS C8.14	The provider should ensure that the performance of the听hash matching technology, and whether the balance between听precision听and听recall听continues to be appropriate, is reviewed at least every 6 months.
ICS C8.15	The provider should ensure that a written record is made of how this balance has been struck in configuring the听hash matching technology, including what information has been considered, and information about reviews and steps taken in response.
听	Safeguards for freedom of expression and privacy
ICS C8.16	Paragraphs ICS C8.4 to ICS C8.6 and ICS C8.8 to ICS C8.15 of this Recommendation ICS C8 are safeguards to protect听United Kingdom users鈥�听and听interested persons鈥�听right to freedom of expression and the privacy of听United Kingdom users听and听interested persons.
ICS C8.17	The following measures are also safeguards to protect听United Kingdom users鈥�听and听interested persons鈥�听right to freedom of expression and the privacy of听United Kingdom users听and听interested persons: a)听听听听听 Recommendation ICS C1, and where they are applicable, Recommendations ICS C2, ICS C3, ICS C5 and ICS C6 (in relation to search moderation); b)听听听听听 Recommendations ICS D1 and ICS D2, so far as they relate to听appeals听or complaints by听United Kingdom users听and听interested persons听if they consider that the provider is not complying with its duties in relation to freedom of expression or privacy; c)听听听听听 Recommendations ICS D7 or ICS D8 (whichever is applicable), ICS D9 (in relation to听appeals) and ICS D11; and d)听听听听听 听Recommendation ICS G1 (publicly available statements: substance (all services)).鈥�.

Amendments to definitions and interpretation

2.4听听听听听听听听听听听听听听 In Section 5 (Definitions and interpretation), in Table A, in the appropriate places, insert the following entries鈥�

Cryptographic hash matching technology	Technology that detects exact matches to digital听content听by comparing cryptographic hash values of the听content听against a reference database of cryptographic hash values. A match is identified only where the hash values are identical.
Detected content	Search content听detected by the use of a听relevant technology听as being (or as likely to be)听target content听(and related expressions are to be read accordingly).
False positive	Detected content听that is not听target content.
Hash matching technology	Either听perceptual hash matching technology听or听cryptographic hash matching technology.
Intimate image abuse content	Search content听which amounts to an offence: a)听听听听听 under section 66B of the Sexual Offences Act 2003 (sharing or threatening to share intimate image or film); or b)听听听听听 under section 2 of the Abusive Behaviour and Sexual Harm (Scotland) Act 2016 (asp 22) (disclosing, or threatening to disclose, an intimate photograph or film).
Perceptual hash matching technology	Image matching technology which compares the similarity between hashes created from images by means of an algorithm known as a perceptual hash function, to assess whether those images are perceptually similar to each other. This does not include technology which compares similarity through the use of machine learning.
Precision	A measure of statistical accuracy, calculated as the proportion of听detected content听that a听relevant technology听has correctly identified as听target content.
Recall	A measure of statistical accuracy, calculated as the proportion of听target content听analysed by a听relevant technology听that the technology has听detected.
Relevant technology	The kind of technology specified in the measure in question.
Target content	Content听of the kind the use of a听relevant technology听is designed to identify.