UK Online Safety Act Backfires: VPN Demand Skyrockets 1,800% as Users Bypass Age Verification
New provisions of the United Kingdom’s Online Safety Act have come into force, mandating stringent age verification protocols for accessing content deemed potentially harmful. This move has triggered a widespread backlash, with users turning en masse to VPN services to bypass the restrictions—a development that casts doubt on the law’s practicality and security implications.
As of July 25, more than a thousand websites—including major platforms like TikTok, Reddit, and X—have begun requiring British users to confirm they are over 18 before granting access to material related to topics ranging from pornography and self-harm to cyberbullying. To pass verification, users must upload a photo ID or provide credit card information. These requirements have drawn sharp criticism, citing both the risk of data breaches and fears that such measures may hinder access to legitimate, socially relevant content.
In response, demand for VPN services in the UK has surged dramatically. Proton, a leading provider, reported a staggering 1,800% increase in sign-ups within days of the law’s enactment. According to company representatives, such spikes typically accompany political unrest or mass protests—indicating deep public concern over privacy violations.
Yet VPN usage now exists in a legal grey area. Under Ofcom guidelines, platforms are prohibited from publishing or disseminating information on how to circumvent age checks. Nevertheless, the proliferation of VPN usage continues to erode the efficacy of the law itself, complicating efforts to curb exposure to harmful content and deepening the debate over digital governance.
Compounding the issue, not all VPN providers are created equal—some have been found logging user activity, selling data to third parties, or even leveraging user devices to route illicit traffic. Thus, uncritical reliance on VPNs may inadvertently introduce new threats to user safety.
The law, introduced by the Conservative government in 2023, imposes steep penalties for noncompliance—up to 10% of global revenue or £18 million. Modeled after the EU’s Digital Services Act, its stated aim is to restrict minors’ access to harmful online material. However, since its implementation, public resistance has only intensified. A petition calling for its repeal has garnered over 280,000 signatures on the UK Parliament’s official website, potentially prompting a debate in the House of Commons.
One of the most contentious flashpoints involves Wikipedia. Under the new law, the site may be classified as a “Category 1” platform, obliging it to enforce age verification, collect user data, and remove content deemed harmful. The Wikimedia Foundation has flatly refused to comply, arguing that such demands violate its principles of free knowledge and anonymous participation. The privacy of editors—and the continued presence of Wikipedia in the UK digital sphere—now hangs in the balance. Legal proceedings brought by Wikimedia against the government took place on July 22 and 23 at the Royal Courts of Justice, and the platform’s fate awaits a court ruling.
Meanwhile, authorities remain resolute. Technology Secretary Peter Kyle has insisted the law is non-negotiable, declaring the protection of children online to be an uncompromising priority. Similar policies are already being implemented across several U.S. states, including Texas, Louisiana, and Alabama. Yet even major adult sites such as Pornhub have warned that enforcing such measures without robust technical safeguards could amplify cybersecurity risks—particularly the threat of personal data theft by hackers.
The final outcome remains uncertain, but one thing is clear: this attempt at digital regulation has sparked one of the most widespread acts of technologically driven civil disobedience in recent UK history—carried out by citizens not typically known for protest.
