Wojtek's compliance assurances to take measures to prevent users from encountering or sharing child sexual abuse material (CSAM)

Background

Ofcom is the UK’s online safety regulator. Under the Online Safety Act, we are responsible for ensuring that services have systems and processes in place to protect UK users from illegal online content and protect child users in the UK from content harmful to children.

On 17 March 2025, we opened an enforcement programme to assess the measures being taken by providers of file-sharing and file-storage services that present particular risks of harm to UK users from image-based CSAM to ensure users do not encounter, and offenders are not able to disseminate, such content on their services.

Under our enforcement programme, we identified and assessed a number of file-sharing and file-storage services that presented particular risks of being used for the storage and sharing of image-based CSAM. Following initial engagement through our taskforce dedicated to driving compliance with small but risky services, we opened several investigations into file-sharing and file-storage services to assess whether these providers failed/were failing to comply with their duties under the Act.

Alongside this enforcement action, we also invited a small number of service providers to address our compliance concerns through ‘compliance remediation’ in lieu of opening formal investigations.

Our concerns

Our initial assessment of Gofile raised concerns about whether Wojtek had taken appropriate measures to ensure that users do not encounter, and offenders are not able to disseminate, image-based CSAM on its service.

In particular, we were concerned whether:

1. The illegal content risk assessment undertaken by Wojtek was suitable and sufficient; and
2. Wojtek had implemented perceptual hash matching in place on its service which utilised a hash dataset sourced from one or more persons with expertise in the identification of CSAM.

Wojtek’s commitments

Following our engagement, Wojtek agreed to review and revise its illegal content risk assessment. In particular, Wojtek took steps to reassess the level of risk it had assigned to the likelihood of their service being used for the storage and/or dissemination of image-based CSAM on the service, to better reflect the inherent risk presented by file-storage and file-sharing services, as set out in Ofcom’s Risk Profiles.

We also engaged with Wojtek about whether it had perceptual hash matching in place on its service, and whether the hashes used were sourced from one or more persons with expertise in the identification of image-based CSAM (as set out in ICU C9 in our Illegal Content Codes of Practice).

We worked closely with Wojtek to understand the different options for perceptual hash matching that it could implement on the service. We were pleased to receive confirmation from Wojtek that it had implemented an appropriate perceptual hash matching solution on Gofile.

Our response

We welcome the proactive approach that Wojtek has taken to engaging with Ofcom and its commitment to making timely and tangible improvements to the design and operation of its service.

Considering Wojtek’s constructive approach to engaging with Ofcom; its willingness to make improvements to the design and operation of its service to directly address our concerns; and our desire to work productively with providers where possible to drive rapid improvements that increase the safety of UK users, we have decided to close this period of compliance remediation with Wojtek and take no further action at this time.

We will continue to monitor Gofile to assess whether the measures implemented on the service are working effectively.

Our enforcement programme will remain open, and we will continue assessing the measures that other regulated service providers have taken to prevent users from encountering and sharing image-based CSAM.