Cyberflashing Crackdown: Dating Apps Face Revenue-Tied Fines by 2026

Dating platforms have until summer 2026 to prove they can actually stop unsolicited explicit images — or face fines pegged to global revenue. Ofcom opened consultation this week on how online services must tackle cyberflashing and self-harm content, newly designated as priority offences under the Online Safety Act. For an industry that's spent years treating dick pics as an unfortunate cost of doing business, the regulatory noose just tightened considerably.

The consultation, which runs until 22 May, will shape the specific compliance measures dating apps must implement to prevent users from sending and receiving unsolicited nude images. That means product teams at Bumble (BMBL), Match Group (MTCH), Grindr (GRND), and every other platform offering direct messaging or photo sharing will need to demonstrate they've taken 'proportionate measures' to assess and mitigate risk — not just slapped a report button on the problem and called it solved.

According to Ofcom, the new designations bring the total number of priority offences under the OSA to over 130. But cyberflashing hits differently for dating platforms. Unlike incitement to violence or terrorism content, this one sits at the core of how dating apps function: strangers sending images to other strangers. The product challenge isn't theoretical.

Create a free account

Unlock unlimited access and get the weekly briefing delivered to your inbox.

Register free

No spam. No password. We'll send a one-time link to confirm your email.

What compliance actually looks like

The regulatory framework splits responsibility across two groups. Services already classified as user-to-user platforms under the OSA — which includes the major dating apps offering messaging between members — must implement systems to prevent cyberflashing before content reaches recipients. Ofcom's guidance suggests this could include image detection technology, friction in photo-sharing workflows, or verification requirements before visual content can be sent.

Search services, meanwhile, face obligations around ensuring cyberflashed content doesn't surface in results or remain accessible after upload. That's less relevant for most dating platforms, but poses questions for any service offering profile browsing with user-generated photo galleries.

The consultation doesn't specify exact technological solutions, which is both blessing and curse. Platforms get flexibility in how they meet the standard, but they also inherit the risk of getting it wrong. Ofcom has made clear that 'proportionate measures' will be assessed based on service size, user base, functionality, and risk level — which means Tinder's obligations will look different from a 50,000-user niche platform's.

Dating platforms have generally relied on reactive moderation: users report unsolicited images, moderators review them, offenders get banned. Some have experimented with proactive measures — Bumble introduced a Private Detector feature in 2019 using AI to blur potentially explicit images before they're viewed, giving recipients the choice to delete without viewing. Grindr added similar functionality. Tinder has tested various iterations of photo verification and message request systems designed to add friction before visual content lands in inboxes.

But implementation has been patchy, opt-in rather than default, and often marketed as safety theatre rather than systematic prevention. The OSA framework removes the discretion. If a platform offers photo sharing between users, it must demonstrate it's mitigating cyberflashing risk.

The enforcement timeline

Summer 2026 isn't far off — roughly four to six months, depending on when Ofcom finalises the guidance after consultation closes in May. Platforms in scope will need to conduct and document risk assessments, implement or upgrade detection and prevention systems, train moderation teams on the new standards, and prepare for Ofcom's information requests. That's a non-trivial engineering and compliance lift, particularly for smaller operators without mature trust and safety infrastructure.

Penalties for non-compliance aren't capped. Ofcom can issue fines calculated as a percentage of global annual revenue — the same model used in GDPR enforcement.

For Match Group, which reported $3.64B in revenue for 2024, even a 2% fine would exceed $70M. Bumble's 2024 revenue hit $987M, putting a similar percentage penalty in the tens of millions. Ofcom can also pursue criminal action against senior management in cases of egregious non-compliance, though that threshold is higher and reserved for the most serious failures.

The consultation period gives platforms a window to shape how Ofcom defines 'proportionate measures' and what evidence of compliance looks like. Expect trade body submissions arguing for flexibility, pilot programmes, and phased rollouts. Expect user safety advocates to push for mandatory proactive detection, default-on protections, and transparency reporting on enforcement rates.

What operators should be watching

Three things matter between here and summer. First, whether Ofcom's final guidance includes specific technical standards or remains outcome-focused. The former would give platforms a clearer compliance roadmap but less room to differentiate on safety features. The latter shifts risk to platforms but allows for innovation.

Second, how Ofcom defines the user threshold for small-service exemptions. The OSA includes carve-outs for services below certain size thresholds, but those haven't been finalised for these offences. Niche dating platforms and white-label providers need clarity on whether they're in scope.

Third, how enforcement actually works in practice. Ofcom has spent the last two years building its regulatory machinery for the OSA, but this will be one of the first major tests of how it assesses compliance, investigates complaints, and calibrates penalties. The first round of enforcement actions — whenever they land — will set the tone for every platform in the market.

Cyberflashing has been a known, documented, quantified problem in online dating for years. The regulatory designation doesn't change the user experience overnight, but it does change the incentive structure for platforms that have treated prevention as optional. Dating apps are about to find out whether their trust and safety infrastructure was built to withstand scrutiny — or just to withstand earnings calls.