UK Regulator Ofcom Launches Formal Investigation Into Telegram Over Child Safety

The UK's online safety regulator has officially launched an Ofcom Telegram investigation under the Online Safety Act 2023, examining whether the messaging platform has met its legal duties to protect users from child sexual abuse material (CSAM). This enforcement action targets one of the world's most widely used messaging services, marking a significant escalation in the UK's effort to police digital platforms. For tech industry watchers and privacy advocates, this probe highlights the growing legal risks for platforms balancing user anonymity with strict government compliance.

Under the current regulatory framework, Ofcom possesses the authority to fine non-compliant companies the greater of £18 million or 10% of their qualifying worldwide revenue. In cases of severe and ongoing violations, the regulator can apply for business disruption measures, which could force internet service providers to block Telegram entirely within the UK. However, the opening of this formal investigation does not constitute a finding of wrongdoing; it initiates a months-long evidence-gathering process where the company will have the opportunity to respond to any provisional decisions.

Telegram's relationship with UK regulators has seen recent shifts, complicating the narrative of total non-compliance. In December 2024, the platform joined the Internet Watch Foundation (IWF) and committed to deploying hash-matching technology and AI-blocking tools to identify known CSAM across its public channels. Furthermore, Ofcom's March 2026 annual review explicitly acknowledged that Telegram had successfully introduced age controls in response to the Online Safety Act.

Despite these steps, the core tension lies in the platform's dual architecture. While public channels are accessible to outside detection tools, the encrypted private messaging feature creates a structural limit on content moderation. The NSPCC has argued that there should be no part of the service where perpetrators can act without detection, directly challenging the existence of unmonitored private chats. This echoes the broader industry debate over end-to-end encryption, which previously prompted Signal to warn it would withdraw from the UK if forced to implement client-side scanning.

This latest probe is part of a sustained regulatory pressure campaign on messaging and social media platforms operating in the UK. Since the Online Safety Act came into force in 2025, Ofcom has opened investigations into nearly 100 services and issued almost a dozen fines. The framework being applied to Telegram is identical to the ongoing investigation into X, which was opened in January 2026 following reports that its Grok AI chatbot was generating and distributing sexually explicit images of children.

The regulatory net is widening rapidly across the entire tech sector. In March 2026, Ofcom wrote directly to six of the largest platforms - Facebook, Instagram, Roblox, Snapchat, TikTok, and YouTube - demanding concrete evidence of further child safety improvements by April 30. The addition of Telegram to this enforcement list shifts the regulator's focus from niche image boards and pornography sites to mainstream, globally dominant communication networks.

The Ofcom Telegram investigation exposes the unavoidable collision between end-to-end encryption and aggressive content moderation mandates. Telegram has clearly attempted to appease regulators by deploying detection tools in its public-facing channels, but its foundational appeal - secure, unmonitored private messaging - remains a massive regulatory blind spot under the Online Safety Act 2023.

If Ofcom ultimately concludes that Telegram's private architecture violates UK law, it will force a market-defining ultimatum. Mandating client-side scanning would not only compromise the privacy of millions of legitimate users, including journalists and activists, but it could also trigger a mass exodus of privacy-focused applications from the UK market. The outcome of this probe will likely set the definitive legal precedent for how encrypted messaging apps can operate within heavily regulated Western jurisdictions.