Ireland’s Online Safety Code: What you need to know
Ireland’s Online Safety Code (OSC) fully went into effect on July 21, 2025, joining a growing list of regulations aimed at making the internet safer, especially for children. But the OSC takes a more targeted approach than some laws by focusing on video content. Learn more about what the law requires, which organizations it affects, the penalties for noncompliance, and how to comply with its age assurance requirements.
What is the Online Safety Code?
The OSC is an Irish law intended to address harmful and illegal content on video-sharing platform services (VSPSs). According to the law, the content can include user-generated videos, platform-produced videos, and comments associated with the videos.
The law is one piece of Ireland’s three-part Online Safety Framework:
The Online Safety and Media Regulation Act 2022 (OSMR): The OSMR established the Coimisiún na Meán (the media commission), which creates and regulates online safety laws in Ireland. The OSMR is the basis for the rules that the OSC requires VSPSs to follow.
The EU’s Digital Services Act (DSA): The DSA created a unified framework for online intermediaries and platforms that operate in the EU. It’s intended to protect users and combat illegal content, products, and services.
The EU Terrorist Content Online Regulation (TCOR): The TCOR prohibits the sharing of terrorist content, including the promotion or glorification of terrorist activity. The law also requires the quick removal of terrorist content from online platforms.
| Online Safety Media Regulation Act | Digital Services Act | Terrorist Content Online Regulation |
|---|---|---|---|
Applicable area | Ireland | EU | EU |
Affected organizations | Video-sharing platform services with an EU headquarters in Ireland. | Intermediary service providers, very large online platforms, and very large online search engines that operate in the EU. | Hosting service providers that operate in the EU. |
Intent | Protect people, primarily children, from harmful and illegal content online. | Protect people online and combat illegal content, products, and services. | Stop the distribution of terrorism-related content. |
Penalties | Up to €20 million or 10% of revenue | Up to 6% of annual global revenue | Up to 4% of annual global revenue |
Which organizations does the Online Safety Code impact?
The OSC applies to VSPSs that have an EU headquarters in Ireland.
The definition of VSPS includes different types of online platforms or services that allow users to upload, share, or engage in video and social media content. Organizations can be affected even if their primary purpose isn’t to host or share video content if they allow users to share videos.
The Coimisiún na Meán also names specific online services that must comply. In December 2023, it designated Facebook, Instagram, YouTube, Udemy, TikTok, LinkedIn, Pinterest, Tumblr, and Reddit as regulated services. However, it de-designated Reddit in May 2025, after Reddit began using a Dutch entity to provide services in the EU. The remaining named services are still regulated as of August 2025.
Six main requirements for platforms
VSPSs that must comply with the OSC have to take multiple steps to help protect people from harmful and illegal content online. Six of the main requirements are to:
Restrict users from uploading and sharing harmful videos, including content with:
Cyberbullying
Promotion of self-harm or suicide
Promotion of eating or feeding disorders
Incitement of hatred or violence
Terrorism
Child sex abuse material
Racism
Xenophobia
Use effective age assurance methods to keep children from seeing pornography and videos with extreme or gratuitous violence. Depending on their size and nature, VSPSs may also need to use effective age assurance methods to limit children’s access to videos and “associated content which may impair their physical, mental or moral development.”
Offer parental controls that allow parents to limit their children’s time on the platform, the content their children see, and which users can see their children’s content. The parental controls requirement only applies to VSPSs that permit users who are 15 and younger.
Create reporting and flagging mechanisms that allow users to easily report or flag restricted, adult-only, and harmful content.
Publish an annual action plan that outlines how the VSPS will promote media literacy to its users.
Avoid using children’s data that was collected or generated in relation to the OSC for commercial purposes, such as marketing or advertising.
Timelines, compliance deadlines, and penalties
The OSC is divided into two parts. Part A covers the context for the law and the general requirements, and Part B covers more specific requirements. Both parts are now fully in effect.
Part A | Part B | |
|---|---|---|
Effective date | November 18, 2024 | July 21, 2025 |
Key focus | Content moderation, harmful content definitions, and reporting requirements | Age assurance systems, parental controls, and enhanced transparency |
The Coimisiún na Meán (the media commission) enforces the OSC and can investigate and fine companies that don’t comply. The fines can be up to the greater of €20 million or 10% of revenue. However, according to the law, the Coimisiún na Meán should consider the platform's size and nature when enforcing the OSC.
How Persona can help with the OSC’s age assurance requirements
The OSC requires VSPSs to use “effective methods” for age assurance; simply asking users if they’re over 18 years old won’t suffice. But it doesn’t specify which age assurance methods it considers effective.
Persona can help you navigate this uncertainty by offering flexible solutions to meet age assurance compliance requirements in Ireland and around the world, and adapt as requirements inevitably shift over time.
“The Persona team was able to speak to a level of depth about how they could meet our use case, and the product proved it. That’s why we partner with Persona to determine if someone’s over the age of 18 or not,” says Anissa Chen, lead product manager at Lime, a global micromobility company.
The Persona platform offers age assurance, identity and age verification, compliance solutions, and fraud prevention in one place. You can benefit from:
A large library of age assurance methods: Choose the age assurance methods you prefer or need, including selfie age estimation, government ID verifications (including NFC verifications), and mobile driver’s licenses.
Fast and user-friendly age assurance flows: Use Dynamic Flow, a no-code platform for designing user flows, to minimize friction for users and comply with region-specific requirements.
The latest fraud-prevention solutions: Leverage fraud prevention tools, including generative-AI detection, passive signals, and link analysis, to stop scammers and fraudsters.
Scalable data policies and parental consent: Collect the data you need, and nothing more, to meet compliance requirements and customize your parental consent flows. Link parents’ and children’s accounts for easy management.
Persona’s age assurance solutions have also been extensively tested and certified by third-party organizations, including the Age Check Certification Scheme, iBeta, and Kantara.
Ready to learn more? Reach out to book a demo or try Persona today.