As of March 2026, independent analysis of dating app compliance readiness finds significant gaps in child sexual exploitation and abuse reporting systems — with Ofcom's April 7 deadline now just 10 days away. Major platforms have invested in safety infrastructure, but verification systems remain inconsistent and transparency on CSEA incident data is virtually absent across the industry.
Executive Summary
The Online Safety Act's child sexual exploitation and abuse (CSEA) reporting deadline on April 7, 2026 marks the first time the UK dating industry faces legally binding child safety obligations with material financial penalties. DII's independent compliance readiness assessment of the major platforms operating in the UK market reveals that while some operators have begun implementing age verification and detection systems, the industry remains fragmented in its compliance approach, critical transparency is absent, and significant gaps exist in the technical infrastructure required to meet Ofcom's standards.
Key Findings
- Penalties up to 10% of global revenue. The Online Safety Act received Royal Assent in October 2023, imposing fines of up to £18 million or 10% of qualifying worldwide revenue — whichever is higher. For Match Group (2024 revenue $3.19 billion), potential exposure reaches $319 million; for Bumble ($1.07 billion), $107 million.
- Dating platforms are a primary exploitation vector. Research from the Childlight Global Child Safety Institute at the University of Edinburgh found that two-thirds of men who have sexually offended against children used dating platforms, with one in five using them daily. Child sex offenders are nearly four times more likely to use dating sites than non-offenders.
- Underage access remains endemic. According to Ofcom's 2025 research, 16% of 13–17-year-olds in the UK have used a dating app despite universal age-18 minimum policies, indicating current verification mechanisms are inadequate.
- Transparency promises remain unfulfilled. Match Group's internal Sentinel database has recorded every user reported for rape and assault since 2019, with hundreds of incidents per week by 2022. A transparency report promised in 2020 has not been published; the central trust-and-safety team was disbanded in 2024 and outsourced overseas.
- Implementation remains patchy. Large platforms have announced age verification rollouts and CSEA detection investments, but implementation is phased and selective. Mid-tier and smaller operators show minimal evidence of technical compliance infrastructure.
Platforms Assessed in This Report
Match Group
Bumble
Tinder
Hinge
OkCupid
Grindr
FeeldThe April 7 Deadline: What It Means and Why the Industry Failed to Prepare
On April 7, 2026, every dating platform with UK users must demonstrate compliance with the Online Safety Act's child sexual exploitation and abuse reporting requirements or face enforcement action from 
The stakes are unprecedented in the history of online dating regulation. Platforms that fail to implement adequate systems for detecting, reporting, and removing CSEA content face fines of up to £18 million or 10% of qualifying worldwide revenue, whichever is higher, according to Section 139 of the Online Safety Act. Senior executives face potential criminal liability for persistent non-compliance under Section 122 of the Act. These are not statutory maximums designed to signal intent; they are penalties designed to change behaviour through material economic consequence.
For an industry that has historically treated regulatory deadlines as suggestions, April 7 marks a genuine rupture. Between the Online Safety Act's Royal Assent in October 2023 and the April 2026 deadline, the industry had 17 months to prepare. Most major platforms knew that CSEA compliance would be required at least since the draft Online Safety Bill was published in May 2022 — four years before the deadline.
The failure to prepare is therefore not a function of insufficient notice. It reflects institutional choices about where to direct capital and engineering resources.
DII conducted an independent compliance readiness assessment of every major dating platform operating in the UK market between January and March 2026. The findings are sobering. While some of the largest operators have begun implementing age verification systems and announced investments in CSEA detection technology, implementation remains inconsistent, selective, and incomplete. Mid-tier platforms have published policy commitments but show minimal evidence of technical infrastructure. Smaller operators appear entirely unprepared.
Critically, across every tier of the market, transparency about CSEA incident data, detection infrastructure, and reporting arrangements with the National Crime Agency is virtually absent.
This is the state of the industry 10 days before the deadline.
Academic Evidence: The Scientific Case for Urgent Action
The urgency of the April 7 deadline cannot be understood without reference to the academic and law enforcement evidence that dating platforms have become primary exploitation infrastructure in the UK.
Research published by the 
These findings are not speculative or anecdotal. The research was based on rigorous methodology applied to datasets including criminal justice records and behavioural analysis. The implications are unambiguous: dating platforms are not incidental to child sexual exploitation in the UK. They are primary vectors through which perpetrators identify, groom, and exploit victims.
The urgency is further underscored by historical law enforcement data. According to the National Crime Agency, there was a 600% increase in serious sexual assault cases initiated through online dating platforms between 2009 and 2014, establishing that the problem of exploitation through dating platforms is not recent or marginal.
More recent data shows the trajectory continuing. According to analysis of law enforcement crime reports, predatory offences linked to dating apps rose 175% between 2017 and 2021, climbing from 699 recorded cases to 1,922 cases. This pattern of escalating harm is also central to the growing problem of romance fraud on dating platforms, which DII analyses in a separate investigation.
These figures represent documented crime. They are not projections or worst-case scenarios. They are cases that proceeded to law enforcement investigation, victim report, and formal recording. The actual volume of exploitation occurring through dating platforms is substantially higher, given the documented barriers to victim reporting and the siloing of incident data across platforms that have historically resisted transparency.
The Childlight research recommended mandatory identity verification and AI-powered detection of predatory behaviour — measures that the industry has been slow and inconsistent in implementing.
The Match Group Sentinel Database: Transparency Promised, Not Delivered
In 2019, Match Group — the world's largest online dating company, controlling Tinder, Hinge, OkCupid, and multiple other platforms with millions of UK users — implemented an internal database called Sentinel. The database records every user reported to the platform for rape and assault. The system was designed to centralise incident data across Match Group's portfolio and identify patterns of predatory behaviour.
By 2022, Sentinel was capturing hundreds of incidents every week across Match Group's platforms. The volume and granularity of this data would provide unprecedented insight into the scale and nature of sexual violence facilitated through dating platforms.
In 2020, Match Group announced that it would publish a transparency report disclosing anonymised data from the Sentinel database, promising the dating industry's most comprehensive public accounting of sexual violence on its platforms. The transparency report was never published.
As of March 2026 — six years after Sentinel was implemented and six years after the publication promise — no transparency report has been released. Match Group's publicly available disclosures on CSEA incidents, sexual assault reports, and its incident response infrastructure remain minimal. The company does not publish data on the volume of CSEA content detected on its platforms, the speed of its response to reports, or the effectiveness of its detection systems.
Compounding this transparency deficit, in 2024 Match Group disbanded its central trust-and-safety team — the executive and technical function responsible for coordinating child safety, CSAM detection, and incident response across the company. The functions were outsourced to overseas contractors. This restructuring occurred after the Online Safety Act had been enacted and with less than two years until the April 7 deadline.
Match Group's 2024 annual revenue was $3.19 billion according to its SEC filings. A penalty of 10% of qualifying worldwide revenue would reach $319 million. This is a material sum even for a multi-billion-dollar company. The company's failure to publish promised transparency data, combined with the outsourcing of its trust-and-safety function in 2024, creates a compliance risk profile that Ofcom is unlikely to treat lightly.
The Scale of Underage Access: Age Verification as Foundation, Not Solution
One foundational requirement of the Online Safety Act is age verification — preventing minors from accessing adult dating services. Every major dating platform requires users to be at least 18. In practice, this requirement is universally circumvented.
According to Ofcom's research on children's media use, 16% of 13–17-year-olds in the UK have used a dating app. This figure represents approximately 600,000 to 700,000 UK teenagers with active or recent experience on platforms explicitly designed for adults.
Several platforms have announced age verification measures in advance of the April 7 deadline. Bumble implemented selfie-based age estimation technology in 2025, using AI-powered facial analysis to estimate user age at signup. Match Group has begun rolling out ID-based age verification in select UK markets, requiring users to verify identity through government-issued documentation or third-party age verification services. Grindr introduced document verification for users flagged by its systems.
These measures are necessary. They are not sufficient.
The reason is structural. Age verification addresses the front door — preventing minors from creating accounts in the first place. But CSEA reporting requirements exist because exploitation also occurs through:
- Grooming of young adults by predatory users who progress from age-appropriate initial contact to requests for sexual content
- Circulation of existing CSAM through messaging features
- Coercion of young women into producing non-consensual intimate imagery — a pattern also central to the cyberflashing problem analysed in DII's investigation
- Off-platform continuation of relationships initiated through dating apps, where control and exploitation intensify
Age verification at signup does nothing to prevent these forms of exploitation. A platform with perfect age verification at the front door still requires:
- Automated detection of grooming patterns and predatory messaging
- CSAM detection technology applied to user-generated images
- Rapid reporting infrastructure to the National Crime Agency
- Trained human review of flagged content
- Evidence preservation for law enforcement investigations
The platforms that treat April 7 as an age-check deadline rather than a comprehensive child safety transformation are the ones most likely to find themselves in Ofcom's enforcement queue.
Tier 1: The Largest Operators — Committed but Uneven in Implementation
Match Group and Bumble control the UK dating market. Between them, they operate the platforms with the largest UK user bases and the highest frequency of use. Both companies have publicly committed to CSEA compliance and age verification rollouts.
Match Group's Approach
Match Group has announced investments in safety technology across its UK-operating platforms (Tinder, Hinge, OkCupid). The company has begun rolling out ID-based age verification in select UK markets, initially deployed on Tinder and expanding to other properties. The company has also announced partnerships with third-party age verification service providers.
However, the implementation is phased rather than universal. As of March 2026, age verification is not mandatory across all Match Group platforms in all UK geographies. Users in some regions and on some properties still encounter the legacy age-attestation model — checking a box confirming age 18+ — rather than genuine identity verification. The company has not published a schedule for universal rollout, nor has it committed to universal implementation by April 7.
On CSEA detection infrastructure, Match Group's public disclosures remain vague. The company has announced investments in "AI-powered detection systems" without specifying the technological approach, the volume of false positives, the speed of escalation to human review, or the reporting arrangements with the NCA.
Bumble's Approach
Bumble has taken a more transparent approach to age verification implementation. In 2025, the company implemented selfie-based age estimation technology across its platform globally, including in the UK market. The technology uses AI-powered facial analysis to estimate user age based on their photograph.
Selfie-based age estimation is innovative and addresses a real barrier to age verification — the fact that many users lack formal government documentation. However, the technology has documented accuracy limitations across different demographics. Bumble has not published independent validation of its age estimation accuracy, nor has it disclosed error rates by demographic category.
On CSEA detection and reporting, Bumble's public disclosures are similarly limited. The company has announced investment in safety technology but has not published data on detection volume, response times, or NCA reporting arrangements.
The Transparency Deficit
Neither Match Group nor Bumble has published detailed information about their CSEA detection infrastructure, the volume of CSEA incidents identified on their platforms, or their reporting arrangements with the NCA. With less than two weeks until the April 7 deadline, this absence of transparency is notable.
For context on the competitive and financial pressures driving these companies' investment decisions, see DII's investigation into the male exodus from dating apps and how AI companions are emerging as competitive threats to traditional dating platforms.
Tier 2: Mid-Tier Platforms — Policy Statements Without Technical Implementation
Mid-tier platforms — including Grindr, Feeld, and other operators with significant but smaller UK user bases than Match Group or Bumble — have announced policy changes and updated their terms of service to reflect Online Safety Act requirements.
Updated terms of service are necessary. They are not sufficient. Ofcom's codes of practice require proactive technical measures — detection technology, reporting infrastructure, age verification systems — not just policy commitments.
Grindr
Grindr, a platform with approximately 11 million global users and a significant UK user base predominantly comprising gay and bisexual men, has introduced document verification for users flagged by its automated systems as potentially underage or high-risk.
However, Grindr has not announced comprehensive age verification systems for all new users at signup, nor has it committed to mandatory document verification for all UK users. The platform also has not published information about its CSEA detection technology or its reporting arrangements with the NCA.
Feeld
Feeld, which positions itself as a platform for "open-minded" dating and explicitly caters to sexual content sharing, faces particularly acute CSEA risks given its product design. The platform allows explicit sexual imagery and text, and its user base includes individuals exploring diverse sexual interests and identities.
DII's assessment found minimal evidence of Feeld's compliance preparations. The platform has not announced mandatory age verification at signup, has not published information about CSEA detection technology, and has provided no public statements about its reporting arrangements with the NCA.
The Pattern
The pattern across Tier 2 is consistent: updated policy language and updated terms of service, but minimal technical implementation. A platform with up-to-date terms of service but no automated CSAM detection, no trained incident response team, and no documented reporting mechanism to the NCA will be non-compliant on April 7.
Tier 3: Smaller Operators — Virtually No Evidence of Compliance Preparation
Smaller operators and niche dating platforms show virtually no public evidence of compliance infrastructure. DII identified multiple platforms with documented UK user bases of 50,000 or more that have made no announcements about age verification, CSEA detection, or NCA reporting arrangements. Some of these platforms have not updated their public-facing policy documentation to reflect the existence of the Online Safety Act.
This segment of the market is most likely to face immediate Ofcom enforcement action after April 7. Many of these platforms likely lack the financial resources and technical capability to rapidly implement compliant systems.
The concentration of compliance preparation among Tier 1 operators means that smaller competitors face a competitive disadvantage — larger platforms' compliance investments create barriers to entry for smaller operators that cannot afford equivalent safety infrastructure.
Financial Exposure: Why Economics Should Have Made This Priority One
The financial penalties for non-compliance are designed to be material even for the largest operators.
Match Group reported global revenue of $3.19 billion in its 2024 annual report. According to Section 139 of the Online Safety Act, a penalty of 10% of qualifying worldwide revenue would reach $319 million. Bumble reported global revenue of $1.07 billion in its 2024 annual report, putting its maximum exposure at $107 million. Even the fixed £18 million penalty would be material for smaller operators.
Beyond direct fines, Ofcom has statutory powers to:
- Issue confirmation decisions requiring specific remedial action
- Impose ongoing compliance monitoring and reporting conditions
- Seek court orders requiring UK ISPs to block access to non-compliant services
- Impose significant operational restrictions on platform functionality
For platforms operating on slim margins and with declining user bases, even an £18 million fine could trigger debt covenant breaches, credit downgrades, or operational restructuring. DII's investigation into subscription dark patterns under the DMCC Act analyses how revenue-dependent business models compound these financial risks.
The financial exposure alone should have made CSEA compliance the industry's number one priority for the last two years. The fact that compliance readiness remains patchy tells you everything about how this industry has historically prioritised user safety relative to other business objectives.
The Broader Regulatory Landscape: CSEA as One Piece of Comprehensive Transformation
The April 7 CSEA reporting deadline does not exist in isolation. It is one component of a broader regulatory transformation that is reshaping the obligations of dating platforms operating in the UK.
The Online Safety Act also classifies cyberflashing (non-consensual sending of intimate images) as a priority offence, requiring platforms to proactively prevent and report such conduct. The Digital Markets, Competition and Consumers Act introduces new subscription transparency requirements that will affect how dating apps sell and renew premium memberships. The UK's Age Appropriate Design Code continues to impose requirements on services likely to be accessed by children.
Meanwhile, structural shifts in user behaviour — including the male exodus from dating apps and the rise of AI companion services — are eroding the revenue base that platforms need to fund compliance investment. For the full context on DII's mission and editorial approach to covering these intersecting challenges, see our launch investigation.
For dating platforms, the cumulative compliance burden is substantial. However, the CSEA deadline is the most urgent and the most consequential because it directly implicates child safety and carries the highest financial and criminal penalties. April 7 is the date the law says that child exploitation on dating platforms is no longer a reputational risk to be managed. It is a legal obligation to be met with technical infrastructure, financial resources, and executive accountability.
What Happens After April 7: Enforcement Outlook and Phased Compliance
Ofcom has signalled that enforcement will be phased but firm. The regulator's approach distinguishes between platforms that have made genuine, good-faith compliance efforts and those that have made no meaningful progress.
For platforms demonstrating good-faith compliance efforts — implemented age verification systems, deployed CSEA detection technology, established NCA reporting infrastructure, and published transparency data — Ofcom is expected to provide guidance and remediation windows.
For platforms that have made no meaningful progress by April 7 — no age verification, no detection systems, no documented reporting arrangements — Ofcom has indicated that it will move to investigation and enforcement promptly. The regulator has explicitly stated that it will not wait for documented harm to occur before acting. The failure to implement required systems is itself an enforceable breach.
The Children's Commissioner for England has publicly called on Ofcom to take an aggressive enforcement posture, arguing that the 30-month period between the Online Safety Act's Royal Assent in October 2023 and the April 2026 deadline gave platforms more than adequate time to prepare.
Platforms should expect Ofcom to:
- Request detailed compliance evidence from every operator with significant UK users
- Conduct technical audits of detection systems and reporting infrastructure
- Interview executives about resource allocation and compliance governance
- Examine training and incident response procedures
- Demand publication of anonymised transparency data on CSEA incidents
Failure to respond to information requests or to provide credible evidence of compliance will trigger formal investigation powers, which carry statutory deadlines and mandatory findings.
Methodology
This analysis is based on:
- Regulatory filings and guidance: Online Safety Act 2023, Ofcom online safety code of practice, and Ofcom enforcement guidance documents
- Platform compliance statements and product announcements: Published statements from Match Group, Bumble, Grindr, Feeld, and other operators regarding age verification, CSEA detection, and regulatory compliance, compiled between January and March 2026
- Product feature assessment: Direct testing of age verification mechanisms on major platforms conducted between January and March 2026
- Academic research: Childlight Global Child Safety Institute research at the University of Edinburgh on dating platform use by individuals with histories of sexual offences against children
- Financial data: Match Group SEC filings and Bumble SEC filings for 2024 annual revenue
- Law enforcement data: National Crime Agency and police crime recording data on predatory offences linked to dating apps
- Ofcom research: Ofcom children's media literacy and online research documenting underage access to dating apps
Published 28 March 2026. This analysis was not commissioned, funded, or reviewed by any dating platform, technology company, or regulatory body. DatingIndustryInsights.com operates with no advertising from the companies it covers.
Frequently Asked Questions
Create a free account
Unlock unlimited access and get the weekly briefing delivered to your inbox.
DII Editorial Team
Published
DatingIndustryInsights.com is an independent B2B intelligence platform covering the global online dating industry. It publishes original research, financial analysis, regulatory tracking, and investigative reporting. It operates with no advertising from the companies it covers.
What To Read Next
The £106 Million Question: Romance Fraud, Deepfakes and the Dating App Safety Crisis
· 17 min read
Cyberflashing on Dating Apps: The Online Safety Act's Priority Offence
· 20 min read
AI Companions vs Dating Apps: The Battle for Human Intimacy
· 18 min read
The Male Exodus: Why Men Are Leaving Dating Apps
· 18 min read
Subscription Dark Patterns: How Dating Apps Trap Users in Renewal Cycles
· 19 min read
Why We Launched DII: The Case for Independent Dating Industry Intelligence
· 15 min read