Marcus Wright — Writing

Safety by Design: A Code of Practice for Online Gaming Services

Adapted from the Safety by Design Code of Practice (Online Safety Act Network, Prof. Lorna Woods OBE)

May 2026

Preface: Reader's Guide to This Adaptation

What you are reading, and why it exists

In May 2026, the Online Safety Act Network, working with 5Rights Foundation, the NSPCC, the Molly Rose Foundation, and a coalition of civil society organisations, led by Professor Lorna Woods OBE, published a Safety by Design Code of Practice. That document established a comprehensive lifecycle framework for making digital services safe by design: from governance structures and pre-launch testing, through deployment and monitoring, to decommissioning. It represented the most detailed and ambitious attempt to date to translate the Online Safety Act's "safe by design" requirement into operational guidance.

But there are significant overlaps between social media and gaming, so I've explored how easy they are to adapt to promote awareness of what Safety by Design looks like in games.

Gaming presents a related but distinct risk profile: the harms are real, well-evidenced, and increasingly serious, but the mechanisms through which they occur are different enough from social media that the original code, applied without adaptation, would leave significant gaps.

What the framework is, and what has changed

The original code's structure, a four-part lifecycle approach covering governance, development, deployment, and decommissioning, applies to gaming without fundamental restructuring. The same principles hold: design out hazards rather than manage them; apply safety across the product in its entirety; treat safety as an ongoing governance responsibility, not a compliance checkbox.

What changes is the specific content of each section. The table below shows, at a glance, what was retained, what was substantially rewritten, and what is entirely new:

New sections: no social media equivalent
New
Monetisation design · Section 11
Loot boxes, virtual currencies, battle passes, spend limits; no equivalent in the original
Online gaming revenue depends on direct-to-user in-game purchases rather than upfront sales. This creates commercial incentives to exploit psychological vulnerabilities (variable reward schedules, near-miss mechanics, artificial scarcity, social pressure) in ways that advertising-based social media revenue does not. This section is the most significant addition to the code, and covers: virtual currency transparency; prohibition on randomised reward mechanics for children; hard parental spend limits; battle pass and squad-pass mechanics; in-game advertising rules; and a requirement to assess monetisation features against gambling criteria.
New
In-game social features · Section 12
Voice chat, gifting as grooming vector, friend systems, group mechanics
Online games increasingly include rich social features that create specific risks not present in social media: voice chat during live gameplay, gifting mechanics that can be weaponised for grooming, group and guild structures that create power dynamics over children. This section establishes safety requirements for each of these features, including real-time voice moderation, gifting defaults for child accounts, and protections against exploitation of competitive dynamics.
New
Feature-level age assurance · Section 15c
Age restrictions must apply to specific features within a game, not just service-level access
In gaming, many games children legitimately play contain high-risk features (loot boxes, voice chat, direct messaging) that should require separate age assurance. A child permitted to play a PEGI-3 game should not thereby gain unrestricted access to in-game purchasing or unfiltered contact with adult strangers. This provision requires feature-level, not merely service-level, age assurance.
New
Voice chat moderation · Section 16d
Real-time voice during live gameplay requires technically different moderation from text content
Detecting grooming in a live voice chat during a multiplayer session is a significantly harder technical and operational challenge than detecting harmful content in a post or image. This provision requires real-time or near-real-time AI-assisted voice moderation, mid-game reporting mechanisms, and regular audits of voice moderation systems.
New
Parental spending controls · Section 17b
Hard spend limits as a first-class safety tool; zero-spend default for child accounts
Parental controls in gaming have historically been ineffective: technically complex, easily circumvented, inconsistently implemented. This provision requires spending controls to be a first-class feature: zero-spend defaults for child accounts, real-time purchase notifications, and the ability to approve or decline individual purchases; not buried in settings or requiring a customer support call.
New
Monetisation transparency · Section 18b
Loot box probabilities and spend data by age group must be published
Many gaming companies do not publish loot box probabilities, spending data, or information about how their monetisation systems are designed. Some jurisdictions (China, several EU member states) have required mandatory disclosure. This provision treats such disclosure as a baseline transparency obligation, including verified probability data for randomised rewards and aggregate spend data broken down by age group.
New
Gaming-specific scope · Who is it for
Publishers, platform holders, mobile developers each have distinct responsibilities
The original code addressed social media platforms as a relatively uniform category. Gaming involves a more complex supply chain: developers, publishers, platform holders (console manufacturers, PC storefronts), and mobile operators each make distinct design decisions that create distinct risks. The scope section is rewritten to address this supply chain explicitly.
New
Gaming-specific dark patterns · Section 10
EOMM, pity mechanics, virtual currency obfuscation; no social media equivalent
The original code's dark patterns section addressed primarily social media manipulation. Gaming has its own documented taxonomy of dark patterns (engagement-optimised matchmaking, pity mechanics that encourage extended spending, virtual currency systems designed to obscure real cost, power creep, infinite treadmills) none of which have direct social media equivalents. These are added to the prohibition list.
Modified sections: substantially rewritten for gaming
Modified
Context section · Context
Replaced Meta/YouTube cases with Gambling Commission research, CMA, Belgium/Netherlands decisions
The original context section drew heavily on social media case studies. This version replaces those with gaming-specific regulatory context: Gambling Commission research on loot boxes and problem gambling, the CMA's investigation into mobile gaming monetisation targeting children, and the Belgium/Netherlands decisions classifying certain loot box mechanics as gambling.
Modified
Legislative framework · Legislative framework
Added Gambling Commission, CMA, PEGI; clarified PEGI is not age assurance
The legislative framework section now includes the Gambling Commission's position on loot boxes, the CMA's jurisdiction over unfair commercial practices in gaming, and the PEGI rating system, with an explicit note that PEGI ratings are not a substitute for age assurance. The original section's references to advertising standards and social media-specific frameworks have been replaced with gaming-relevant equivalents.
Modified
Default safety settings · Sections 9–10
Voice chat off, gifting disabled, purchase controls applied; replaces autoplay/infinite scroll
The original code's default settings addressed autoplay, infinite scroll, and algorithmic amplification. Gaming defaults are substantially different: voice chat disabled for children, gifting features off by default, purchase controls applied, session exit permitted without penalty, artificial wait timers disclosed. The structure is retained but all specific provisions are replaced.
Modified
Dark patterns list · Section 10
Added virtual currency obfuscation, near-miss mechanics, pity mechanics to existing list
The original prohibited dark patterns list is retained and extended. Gaming-specific additions include: virtual currency systems that obscure real-money cost, countdown timers creating artificial urgency, near-miss mechanics in loot box systems, pity mechanics, engagement-optimised matchmaking (EOMM), accidental purchase design, anchoring tricks, power creep, pay walls, waste aversion exploitation, and grinding as a monetisation vector.
Modified
Terms of service · Section 14
Must cover monetisation design, not just player behaviour
The original terms of service section focused on prohibiting harmful player behaviour. This version adds a requirement that terms of service address the design and operation of the service itself: how monetisation features work, what psychological mechanisms they employ, and how design choices may influence user behaviour and spending. A terms of service that says nothing about loot box probabilities is failing its transparency obligations.
Modified
Moderation · Section 16
Expanded for voice communications, mid-game reporting, gift pattern monitoring for grooming indicators
The original moderation section addressed text and image content. Gaming moderation is meaningfully different: the primary risks are in real-time voice communications, player behaviour during gameplay, and in direct messaging. Dedicated provisions are added for voice chat moderation, mid-game reporting that does not require exiting gameplay, and monitoring of gifting patterns for grooming indicators.
Modified
Product entirety definition · What is safety by design?
From content/social mechanics to gameplay mechanics, monetisation design, social features
The original "product entirety" concept referred primarily to content and social mechanics. For gaming, this is expanded to explicitly include gameplay mechanics (including engagement-maximising design), monetisation features (including in-game purchases, loot boxes, and virtual currencies), and social and communication features. The concept of assessing revenue generation strategies through a safety lens is added.
Deleted sections: removed or reduced
Deleted
Social media platform examples removed · Commentary examples
Somewhere Good, Mastodon, Bluesky; no verified gaming equivalents yet
The original code used named social media platforms as case study examples throughout its commentary sections. These have been removed because no directly equivalent gaming examples have been verified for accuracy and appropriateness. Gaming-specific examples should be developed in consultation with organisations with specialist gaming expertise before being incorporated.
Deleted
Bumble/Chayn partnership example removed · Redress commentary
Intimate image abuse context specific to social media; does not translate to gaming
The original code cited the Bumble/Chayn partnership as an example of good practice in redress for intimate image abuse. This context is specific to social media and does not translate to gaming. The redress section has been rewritten to focus on financial harm caused by monetisation design and on grooming/exploitation through in-game social features.
Deleted
Peterson-Salahuddin and Cole moderation examples removed · Moderation examples
Content moderation theory for social media does not apply to real-time voice and gameplay behaviour
The original code drew on academic content moderation theory developed in the social media context. That theory does not straightforwardly apply to gaming moderation, which involves real-time voice, gameplay behaviour, and in-game social features. The moderation section has been substantially rewritten rather than adapted from these foundations.
Deleted
VAWG-specific provisions reduced · Throughout
Real and serious problem in gaming, but requires gaming-specific development in consultation with relevant organisations
The original code included specific provisions drawing on Ofcom's Safer Life Online for Women and Girls guidance, which was written for social media contexts. Violence against women and girls is a real and serious problem in gaming environments, but the specific provisions required, and the organisations best placed to inform them, are different. These provisions have been reduced pending sector-specific development in consultation with relevant organisations.

The dark pattern taxonomy: what this code now covers

This adaptation cross-references the full gaming dark pattern taxonomy catalogued at darkpattern.games, which identifies 32 documented dark patterns across four categories. Click any pattern to see its definition and where it is addressed in the code.

Temporal dark patterns: designed to control when and how long players engage
Playing by appointment · §9h
Forces you to play on the game's schedule, not yours.
Daily rewards · §9h
Rewards return visits; punishes missed days.
Grinding · §10
Repetitive tasks used to make paid shortcuts desirable.
Advertisements · §11e
Forced ad-watching to progress.
Infinite treadmill · §10
No meaningful completion; indefinite engagement by design.
Can't pause or save · §9h
Traps players in sessions by withholding exit.
Wait to play · §9h
Artificial timers gate progress until you wait or pay.
Monetary dark patterns: designed to increase or obscure spending
Pay to skip · §11
Pay to remove artificial waiting.
Premium currency · §11a
Exchange rate obscures real-money cost.
Pay to win · §10
Purchased advantages over other players.
Artificial scarcity · §10, 11d
Limited-time offers with manufactured urgency.
Accidental purchases · §11h
No confirmation; no undo or refund.
Recurring fee · §11i
Subscription design drives compulsive play.
Gambling / loot boxes · §11b
Random rewards for real money.
Power creep · §11j
Purchased items devalued to force more spending.
Pay wall · §11k
Progress blocked unless additional payment made.
Waste aversion · §10, 11a
Deliberate leftover premium currency pressures more spend.
Anchoring tricks · §10
Cheap items placed beside expensive ones to distort value.
Social dark patterns: designed to exploit relationships and social pressure
Social pyramid scheme · §12d, 12g
Bonuses for recruiting friends who must then recruit others.
Social obligation / guilds · §12e
Group mechanics create duty to play even when unwilling.
Friend spam / impersonation · §12g
Game sends unsolicited messages to your contacts.
Reciprocity · §12c
Gifting creates felt obligation to return.
Encourages anti-social behaviour · §12i
Rewards lying, cheating, or exploiting other players.
Fear of missing out · §10, 11d
Stopping play means losing out permanently.
Competition exploitation · §12h
Designed to make losing socially painful or financially costly.
Psychological dark patterns: designed to exploit cognitive biases and emotional states
Invested / endowed value · §10a(a)
Sunk cost fallacy used to prevent stopping.
Badges / endowed progress · §10a(b)
Partially-completed goals create anxiety and drive return.
Complete the collection · §10a(c)
Completionist urge exploited through incomplete sets.
Illusion of control · §10a(d)
Random outcomes presented as skill-based.
Variable rewards · §11b
Unpredictable rewards more addictive than predictable ones.
Aesthetic manipulation · §10a(f)
Visual/audio design targets subconscious to impair decisions.
Optimism and frequency biases · §10a(e)
Near-miss mechanics and misleading win display.

All 32 documented patterns are addressed in the code.

Editor's note

This is an adaptation of the Safety by Design Code of Practice (May 2026), produced by the Online Safety Act Network, 5Rights Foundation, NSPCC and others, led by Professor Lorna Woods OBE. That document was written primarily with social media services in mind. This version applies the same framework, including the lifecycle approach, hierarchy of control, and governance structures, to online gaming services, which present a related but distinct risk profile. Where the original code applies without significant modification, it has been retained substantially unchanged. Where gaming presents different risks, different mechanisms, or different gaps in the regulatory framework, the text has been amended, expanded, or replaced. New sections with no equivalent in the original (particularly on monetisation design, in-game social features, and psychological design risks) have been drafted from scratch, informed by cross-referencing against the documented dark pattern taxonomy at darkpattern.games. Deletions and substitutions are not individually marked; this document is intended to stand on its own as a gaming-specific code.

Introduction

Safety by design has emerged as a central principle in digital regulation, reflecting a shift toward tech accountability that requires digital services to assess and mitigate risks to users from the earliest stages of product development and throughout the entire lifecycle of the product or service.

While there is broad consensus that safety by design involves proactively building protections into systems and designing out risks to ensure user safety, there remains less clarity around the specific measures platforms must adopt and how these principles translate into operational practice. This is particularly acute in the context of online gaming, where the regulatory framework has developed more slowly than the industry, and where significant design choices, including monetisation mechanics, in-game social features, and engagement-maximising gameplay design, have proceeded largely without systematic safety scrutiny.

This code of practice seeks to address that gap by providing a practical overview of safety by design for online gaming services, within the framework of the Online Safety Act and Ofcom's existing codes and guidance.

Context

Safety by design is increasingly referenced in relation to digital services. In gaming specifically, there is growing evidence that design choices made by developers and publishers create measurable risks to users, and that children are disproportionately exposed to those risks.

Recent high-profile proceedings against gaming companies in multiple jurisdictions have highlighted the role of design choices on user safety and wellbeing, particularly in relation to addictive mechanics and monetisation features. Belgium and the Netherlands have formally classified certain loot box mechanics as gambling. The UK Gambling Commission has published research demonstrating links between loot box engagement and problem gambling behaviours, particularly among young people. Ofcom's commissioned research on persuasive design features and potential child financial harms identifies online games as a significant site of risk. In 2024, the Competition and Markets Authority announced an investigation into subscription and monetisation practices in mobile gaming targeting children.

Despite clear evidence that design choices made by gaming platforms can be harmful, civil society organisations have highlighted a lack of clarity around what safety by design means in the gaming context, and have called for safety by design to be more clearly mandated to ensure gaming services do not continue to put users, especially children, in harm's way.

The Online Safety Act applies to user-to-user services including online games with social features. The Act's requirement that regulated services be "safe by design" applies as much to a multiplayer game as to a social media platform; yet Ofcom's codes of practice have not specifically addressed gaming, and the gaming industry's own voluntary frameworks (including PEGI, and UKIE's Safe by Design commitment) fall significantly short of what a robust statutory code would require.

Beyond the UK, international principles and legislation, including the EU Digital Services Act and guidance from the Australian eSafety Commissioner, emphasise accountability, transparency, the assessment and mitigation of risk, and the protection of fundamental rights for users. The UN Special Rapporteur on the sale, sexual exploitation and sexual abuse of children has highlighted that "despite existing national, regional and international regulations and guidelines calling for the design and development of digital products with the highest level of privacy, safety and security for children, enforcement remains inconsistent, with limited oversight and liability frameworks. Many companies fail to implement safety by design approaches, robust age verification and algorithmic transparency."

A safety-by-design approach as outlined in this code enables gaming companies to align with these global expectations, and provides a template for Ofcom to extend its codes to cover gaming services specifically.

Safety by Design Code of Practice: Gaming Services

What is this code?

Safety by design has become a core tenet in digital regulation. While there is agreement on what it means in broad terms, there is less certainty about what is specifically required in the gaming context and how that might work in practice.

This code aims to provide an overview of safety by design for online gaming services, set within the framework of the Online Safety Act and Ofcom's existing codes and guidance. Our code takes a more ambitious approach than Ofcom has taken to date in relation to gaming. However, its positioning within the framework of the OSA means that, with just a few technical amendments, Ofcom could adopt this swiftly as a gaming-specific supplement to its existing codes.

Who is it for?

This Code of Practice provides detailed guidance for all companies involved in the development, publishing, and operation of online gaming services. This includes:

The code also serves as a template for adoption by Government and Ofcom as a model for delivering on the Act's requirement that regulated services are "safe by design", and specifically for extending that requirement clearly and comprehensively to gaming services, where it has to date been insufficiently applied.

What is safety by design?

Safety must be embedded into product design decisions from the outset and retroactively. It requires:

Hierarchy of control means that services should seek to design out hazards from the outset. Where this is not possible, services should seek to manage and mitigate risk of harm. Remediation is a mechanism of last resort. In making design choices, services should seek solutions which best optimise outcomes for users, rather than relying on harsh trade-offs.

As part of this approach, risk assessments are key and appropriate product testing essential. Gaming companies should approach risk assessments holistically, scrutinising their products through audits including (but not limited to) gameplay mechanic testing for behavioural exploitation, monetisation feature assessment, algorithm quality testing (including for matchmaking systems), human rights impact assessments, and environmental safety testing that accounts for broader impacts across the value chain.

Product entirety means that safety issues should be considered across the product in its entirety: this includes not just user-facing gameplay but also the backend systems, recommendation and matchmaking algorithms, monetisation mechanics, and business models. Gaming companies should assess their revenue generation strategies, including free-to-play mechanics, in-app purchase design, and virtual currency systems, through a safety and human rights lens. This should include consideration of:

Safety by design should be considered across all elements of a gaming service, including: account sign-up processes; core gameplay mechanics; progression and reward systems; monetisation features (including in-game purchases, loot boxes, virtual currencies, and subscription mechanics); social and communication features (including voice chat, direct messaging, friend and group systems, and gifting); content discovery and matchmaking functions; and moderation and reporting tools. Hazards should be tackled as close to source as possible.

Product lifecycle requires consideration of safety at the product development stage, through ongoing monitoring and updating, and finally decommissioning. This code is structured around the product lifecycle.

As numerous studies have shown, different users have different exposure to harm, and different features may produce additional or more acute risks for some users. For a product or service to be "safe by design," it should be designed in accordance with design justice principles. This includes:

In the gaming context, this means giving particular attention to: children and young people; users with problem gambling vulnerabilities; users with mental health conditions; women and girls, who face distinct patterns of online harassment in gaming environments; and players from minoritised communities.

Where does this sit within the legislative framework?

Ofcom is required to produce codes to help services fulfil their safety duties (section 41 of the Online Safety Act 2023). Online gaming services with user-to-user features are regulated services under the Act. The OSA explicitly references the need for user-to-user services to be 'safe by design' on the face of the Act in section 1(3):

Duties imposed on providers by this Act seek to secure (among other things) that services regulated by this Act are — (a) safe by design, and (b) designed and operated in such a way that — (i) a higher standard of protection is provided for children than for adults, (ii) users' rights to freedom of expression and privacy are protected, and (iii) transparency and accountability are provided in relation to those services.

The Secretary of State for DSIT sets out safety by design as a key priority in their Statement of Strategic Priorities for Online Safety, making clear that Ofcom should ensure platforms embed safety by design to deliver safe online experiences for all users but especially children.

In addition to the OSA, the following regulatory frameworks are specifically relevant to gaming:

Our approach

The following code of practice seeks to address safety by design through the entire lifecycle, considered across the product in its entirety, and taking a hierarchy of control approach. The early design process is key to identifying and seeking to mitigate risk, including risks arising from gameplay mechanics designed to maximise engagement, monetisation features that exploit psychological vulnerabilities, and social features that can be weaponised by those wishing to harm children.

Risks can evolve once a service is live and interacting with real users at scale. Having anticipated potential harms and risks during the design stage, the second stage of a safety-by-design approach requires services to ensure that protective measures are effectively implemented when a product, feature, or business strategy is deployed.

A safety-by-design approach treats deployment as an extension of the design process. It ensures that safety measures are fully integrated, tested in real-world conditions, monitored, and adapted in response to emerging risks or unforeseen patterns of harm.

Effective safety-by-design requires robust governance at every stage of a service's lifecycle. Boards, senior managers, and relevant decision-makers must have clear oversight of risks, mitigation strategies, and emerging harms. There must be clear allocation of accountability for safety-by-design, with clear reporting lines and sufficient mitigation of any conflicts of interest, including commercial incentives to expand monetisation or engagement features that may conflict with safety objectives.

Transparency is a core component of governance. Decision-making processes, evidence of effectiveness, and actions taken in response to risks should be documented, shared internally, and made accessible to regulators, researchers, and where appropriate, the public.

Part 1: Governance
1. Regulated gaming services should have a specific policy commitment to prevent harm and to take action to ensure their service is safe by design for all users. This commitment should be endorsed by the UK leadership of the organisation and a board member, or person reporting into the board, appointed to be accountable for delivering it. The policies should be informed by specialist expertise reflecting the experience of different groups using or affected by the service, including children, young people, and those with lived experience of gaming-related harm.
2. Services must implement governance structures that ensure safety considerations are embedded in strategic decision-making and product development. This must include:
a.Board-level oversight of safety risks and named responsible person(s), where the level of oversight is proportionate to the level of safety risk
b.Clear and public allocation of responsibility for compliance with this code, including by specifying a named person with overall responsibility for safety by design, as well as senior managers in relevant roles
c.Regular internal review of safety performance and risk mitigation measures, conducted by personnel with sufficient resources, expertise and independence as necessary, and which engages directly with users most affected by risks, including children, parents and carers, and those with gambling-related vulnerabilities
d.Conduct rules for senior managers, requiring actions that promote and uphold user safety, ensure transparency and disclosure, and necessitate due regard to the best interests of the child
e.Integration of safety-by-design principles throughout the product lifecycle, including during design, development, deployment, live service updates, and decommissioning
f.Independent oversight mechanisms
g.Explicit consideration of conflicts of interest between commercial incentives (particularly in relation to monetisation features, engagement mechanics, and user acquisition) and safety objectives; governance structures must be designed to ensure safety considerations can and do override commercial pressures where necessary
Commentary

Active leadership is necessary to ensure safe design. It is also important for ensuring that incentives within the company that influence design and development choices are aligned with safety objectives. In gaming, this requires specific attention to the fact that the most commercially successful design features are often also the most psychologically exploitative, a conflict that governance structures must be equipped to manage.

The Senior Managers and Certification Regime (SMCR) in financial services provides a relevant model: individuals in senior roles are approved by regulators, pass a 'fit and proper' test, and adhere to a statement of responsibilities. A similar approach in gaming would require named individuals to be accountable not just for compliance, but for actively ensuring that commercial design choices do not override safety obligations.

Part 2: Preparation and Development

Purpose

3. Before developing a game, feature, or functionality, providers of regulated gaming services must consider and document how the purpose and business model of the service is compatible with user safety, non-discrimination, and the protection of human rights, including privacy and freedom of expression. This should specifically include:
  • An assessment of how core gameplay mechanics interact with psychological reward mechanisms, and whether those interactions create foreseeable risks of harm
  • An assessment of how monetisation features are designed, including whether they use variable reward schedules, near-miss mechanics, artificial scarcity, or social pressure, and what risks these create for users, particularly children
  • An assessment of how in-game social features could be exploited to facilitate contact between adults and children in ways that create risks of harm, including grooming and exploitation

Understanding hazards and mitigation

4.
a.In support of the risk assessment required by the OSA, services should generate risk acceptance criteria, taking into account Ofcom's risk register and relevant risk profiles, and taking into account the potential impact on different groups of users, with particular attention to children, users with gambling vulnerabilities, and users at risk of exploitation through in-game social features. Services must engage with civil society, experts, and individuals with lived experience on this process.
b.Following testing, and carrying out risk assessments in accordance with Ofcom guidance, document mitigation strategies taking into account the Hierarchy of Control. Services must prioritise risk mitigation measures according to the following hierarchy:
  • Elimination: Remove features or system designs that create a foreseeable risk of harm; for example, removing loot box mechanics where risk cannot be mitigated to acceptable levels
  • Substitution or design modification: Redesign features to reduce the likelihood or severity of harm; for example, replacing randomised reward mechanics with transparent progression systems
  • Engineering and technical safeguards: Implement robust technical systems that limit or detect harmful behaviour
  • Administrative controls: Actionable and upheld policies, moderation systems, and governance processes to manage risks
  • User-level tools: Mechanisms enabling users to control their experience or respond to harm, noting that these are the weakest form of control and cannot substitute for design-level interventions

Trust and safety teams

5. Services must maintain adequately resourced and trained trust and safety teams responsible for implementing safety obligations under the code.
a.This must include a dedicated staff member or team responsible for online safety, harm prevention, and moderation, with access to sufficient staffing levels to respond to reports and emerging harms in a timely manner
b.Ongoing training, adequate compensation, welfare provisions, and psychological support for staff, including where outsourced
c.Clear internal and external escalation processes for serious harms, including child exploitation, threats, live incidents of sexual abuse, and self-harm
d.Regular reporting to senior leadership and the board on safety risks, incident trends, and mitigation actions, and publication of these reports for public transparency
e.Integration into product development, ensuring safety is considered in design decisions, including decisions about new gameplay mechanics, monetisation features, and social functionality
f.Sufficient authority and/or independence to carry out their roles while minimising any risk of conflict of interest with commercial teams
g.Sufficient expertise in how risks manifest in gaming environments specifically, including knowledge of how in-game mechanics, communication features, and monetisation systems create specific risk pathways

Safety testing

6. Services must test existing and new features, settings, and policies for potential harm, distinguishing between harms arising from the design of features, mass take-up, and malicious use. Safety testing must be a core input of risk assessments, and be carried out to assess the effectiveness of mitigation strategies. This includes but is not limited to:
  • Pre-launch safety reviews of gameplay mechanics, monetisation features, and social functionality
  • Adversarial testing and abuse scenario simulations, including scenarios in which adults attempt to use in-game social features to contact and groom children
  • Testing of reporting and moderation systems under realistic load conditions
  • Testing of age assurance and parental control mechanisms to ensure they are effective and not easily circumvented
Testing should take into account how users with different characteristics experience different forms and levels of harm, including on the basis of age, gender, gambling vulnerability, disability, race, and other protected characteristics.

Prohibited high-risk practices

7. There are some features and functionalities which should not be employed at all, or which require specific safeguards before deployment. Services must not deploy interfaces that manipulate, pressure, or mislead users into making decisions that reduce their safety, privacy, or wellbeing. This prohibition applies to all users, with enhanced protections required where children are likely to access the service.

Account creation

8. Regulated gaming services should determine an appropriate approach to account security and ensure, and be able to demonstrate, that their sign-up processes have taken an appropriate and proportionate approach to knowing their users, both in relation to age and, where relevant, to identity. For services where in-game purchases are available, account creation processes must be designed to ensure that spending by children cannot occur without meaningful parental awareness and consent.

Default safety settings

9. The following default safety settings should apply:
a.Accounts are private by default; when the user is a child the ability of the child to change this should be linked to the evolving capacity of the child, and require parental consent where appropriate
b.Restricted contact from unknown adults for children, including restrictions on adults being able to search for, friend-request, or send messages to child accounts
c.Voice chat disabled by default for children, requiring opt-in with age-appropriate friction
d.Direct messaging disabled by default for children under 13; restricted to confirmed friends only for children under 16
e.Gifting features (including in-game item gifts and virtual currency transfers) disabled by default for children, and requiring explicit parental consent to enable
f.Location-sharing features disabled by default; for children must require parental review where appropriate
g.Child accounts not included in "Players You May Know" or similar network expansion features
h.Persuasive design features must be disabled by default. Where risk assessments indicate these features cannot be made safe for children, they must be designed out entirely. This includes, but is not limited to:
  • Auto-queuing for new matches immediately after a session ends: off by default
  • Push notifications and alerts turned off by default, with sufficient granularity for users to choose notification types
  • Daily login rewards and streak mechanics disabled for children
  • Randomised reward features (loot boxes, gacha mechanics, mystery boxes) disabled for children; where they are available to adults, subject to the requirements set out in the monetisation design section of this code
  • Limited-time offers and countdown timers: off by default for children
  • Session exit and save: games must permit players to pause, save progress, and exit at any time without gameplay penalty. Any design that traps players in sessions by withholding save functionality, penalising early exit, or triggering adverse in-game consequences for logging off is a prohibited design feature. This includes mechanics that expire time-sensitive content during a session to coerce continued play.
  • Artificial wait timers ("wait to play" mechanics): timers that arbitrarily gate gameplay progression, requiring the player to either wait or pay to continue, must be off by default for children, and must be clearly disclosed as a monetisation mechanism in the service's terms of service

Prohibition of dark patterns

10. Services must not deploy interfaces that manipulate, pressure, or mislead users into making decisions that reduce their safety, privacy, or wellbeing. In the gaming context, dark patterns include but are not limited to:
  • Virtual currency systems designed to obscure the real-money cost of in-game purchases
  • Countdown timers creating artificial urgency around in-game purchases
  • Near-miss mechanics in loot box or gacha systems designed to simulate the experience of almost winning
  • "Pity mechanics" that encourage continued spending by promising a guaranteed reward after a defined number of unsuccessful attempts, where the cost of reaching the pity threshold is not clearly disclosed upfront
  • Pre-selected spending options that default to higher amounts
  • Removal of purchased content or progression without reasonable notice and compensation
  • Deliberate manipulation of matchmaking systems to place free or low-spending players in unfavourable matches to encourage spending (engagement-optimised matchmaking, or "EOMM")
  • Accidental purchase design: interfaces that make it easy to spend money without a clear confirmation step, or that remove the ability to undo or seek a refund for accidental in-game purchases
  • Anchoring tricks: placing inexpensive items directly adjacent to expensive ones to make high-cost purchases appear more affordable by comparison
  • Power creep: deliberately devaluing items that players have already purchased through the introduction of more powerful alternatives, as a mechanism to create renewed pressure to spend
  • Pay walls: blocking access to content or gameplay progression that a player has a reasonable expectation of continuing, unless they make an additional payment not disclosed at the point of original purchase
  • Waste aversion exploitation: deliberately selling premium currency in denominations that do not align with item prices, to ensure players routinely hold residual unspent currency
  • Grinding as a monetisation vector: requiring players to perform repetitive tasks not as a core gameplay design choice but as a deliberate mechanism to make paid shortcuts appear desirable
  • Infinite treadmill mechanics: designing games without any meaningful completion state as a deliberate strategy to maintain indefinite engagement and maximise lifetime spend

Psychological and temporal design risks

10a. In addition to the monetary dark patterns listed above, services must not deploy features that exploit psychological vulnerabilities to compel engagement or spending beyond what users would freely choose. Services must assess all features against the following risk categories:
a.Sunk cost and invested value exploitation: Features designed to exploit the sunk cost fallacy, making players feel that the time and money already spent in the game would be "wasted" if they stopped, must not be used as a mechanism to extend engagement or drive additional spend.
b.Endowed progress and artificially imposed goals: Services must not exploit the "endowment effect" by assigning players partially-completed goals without consent, and then making the incompleteness of those goals psychologically salient to drive continued play.
c.Completionism exploitation: Services must not exploit compulsive completionist tendencies by designing collection systems in ways specifically calibrated to be psychologically incomplete without substantial additional spend.
d.Illusion of control: Services must not deploy mechanics that create a false sense of player skill or agency in what are fundamentally random or predetermined outcomes.
e.Optimism bias and frequency manipulation: Services must not exploit cognitive biases around probability to encourage spending. Randomised reward systems must display verified probability data in a neutral format that does not exploit recency or salience biases.
f.Aesthetic manipulation: Services must not use visual design, sound design, or interface layout to exploit subconscious responses in ways that manipulate spending or engagement decisions.

Monetisation design

11. Monetisation design is a distinct and significant area of safety risk in gaming that has no direct equivalent in the original social media-focused code. Services must ensure that their monetisation design is safe by design. This requires:
a.Transparency of real cost: All in-game purchases must be clearly presented in real currency at the point of purchase. Virtual currency systems must not be used in ways that obscure the real-money cost of items.
b.Prohibition on randomised reward mechanics for children: Loot boxes, gacha mechanics, mystery boxes, card packs, and any other feature in which the content of a purchase is randomised must not be available to child users. For adult users, randomised reward mechanics may only be deployed where the probability of each possible outcome is clearly disclosed before purchase and near-miss mechanics are not employed.
c.Spending limits and parental controls: Services must provide robust, technically enforceable spending limits that can be set by parents or carers. These must be applied by default for child accounts, with a default zero or nominal spend limit unless a parent or carer actively increases it.
d.Battle pass and subscription mechanics: Time-limited progression systems and subscription services must not use countdown timers that create artificial urgency for children, or employ "squad pass" mechanics that use social pressure to drive spending.
e.In-game advertising and influencer marketing: Advertising within games, including branded cosmetic items and sponsored events, must be clearly labelled as advertising.
f.Assessment against gambling criteria: Services must assess their monetisation features against the functional criteria for gambling under the Gambling Act 2005 and Gambling Commission guidance.
g.Publication of spend data: Services should publish data on average and median spend per user by age group, alongside data on the proportion of revenue derived from users aged under 18.
h.Purchase confirmation and refund rights: All in-game purchase flows must include a mandatory, prominent confirmation step before any transaction is completed. Services must provide a reasonable mechanism for refunds for accidental or unauthorised purchases, including purchases made by children without parental consent.
i.Subscription and recurring fee design: Subscription mechanics must not frame the subscription fee as a reason to play more than the player wishes in order to "get their money's worth." Services must make it straightforward to cancel a subscription.
j.Power creep and purchase longevity: Services must not systematically devalue items or gameplay advantages that players have previously purchased as a mechanism to drive repeat spending. Where significant power creep substantially reduces the value of prior purchases, services must notify affected users and offer reasonable compensation.
k.Pay wall prohibition: Services must not impose pay walls that block progress through content that was accessible, or reasonably expected to be accessible, at the point of the user's original purchase or sign-up.

In-game social features

12. Online games increasingly include rich social features that create significant safety risks, particularly for children, including risks of grooming, exploitation, harassment, and unwanted contact from adults. Services must assess and mitigate these risks as a core part of their safety-by-design approach. This requires:
a.Voice chat: Disable voice chat by default for child accounts; provide real-time or near-real-time moderation of voice communications; enable users to mute, block, and report other players mid-game without disrupting gameplay.
b.Direct messaging: Apply age-appropriate restrictions. For child accounts, direct messages should be restricted to confirmed friends by default. Services should monitor direct message content for grooming indicators and child sexual exploitation material.
c.Gifting and in-game currency transfers: Disable gifting features by default for child accounts; require parental consent before enabling; limit gifting to confirmed mutual friends; monitor gifting patterns for indicators of grooming.
d.Friend and follower systems: Adults must not be able to send unsolicited friend requests to child accounts. Services must assess whether their friend recommendation systems are capable of surfacing adult accounts to children, and mitigate this risk.
e.Group, clan, and guild mechanics: Children cannot be added to groups by adults without the child's active consent. Group administrators cannot access private communications of child members.
f.Open-world and random-encounter features: Services must provide clear in-game tools to manage and restrict unwanted interactions with random strangers, with particular attention to child user safety.
g.Friend spam and contact list impersonation: Services must not send unsolicited communications to a user's contact list. Services must not impersonate users in communications sent to their contacts.
h.Exploitation of competitive dynamics: Services must not design competitive features that systematically exploit power imbalances to harm, distress, or manipulate players, including by making the gap between paying and non-paying players socially visible in ways designed to create shame or pressure.
i.Anti-social behaviour incentives: Services must not design game mechanics that incentivise or reward players for behaviour that harms, deceives, or exploits other players in ways that cause real distress or loss.

Content creation and user-generated content

13. Where gaming services include tools for content creation, services should risk-assess these tools for potential harm. This includes tools that could be used to create harmful imagery; content embedded from other platforms; and the use of AI-assisted content generation tools within the gaming environment.
Commentary

Risk assessment is central to safety by design. In gaming, this includes not only the content that users create and share, but the design of core gameplay and monetisation mechanics, areas that have historically been treated as purely commercial decisions but which the evidence increasingly shows create significant risks of harm.

The hierarchy of control is a significant element of safety by design. In the gaming context, this means that the presence of parental controls does not discharge a developer's responsibility to address the harm at source. A loot box mechanic does not become safe because a parent theoretically could set spending limits, any more than a dangerous fairground ride becomes safe because there is a sign advising parents to supervise their children.

The Ofcom commissioned report on children's financial harm and persuasive design features identifies gaming as a significant site of risk, identifying categories of harm-creating features relevant to gaming monetisation: risk-based (mystery rewards, features that visually resemble gambling mechanisms); dissociative (virtual currency systems that obscure spending); misleading (features that misrepresent the probability of obtaining desired items); impulsive (countdown timers, limited-time offers, flash sales); and social influence (squad mechanics, stark differences between default and paid cosmetic items).

Part 3: Deployment and Monitoring

Terms of service

14. Services must clearly define acceptable behaviour and prohibited activity, based on an assessment of risks experienced by users of the service.
a.Services should provide a clear framework of use that defines their relationship with users. On the part of users, this should set out acceptable and prohibited behaviour, including harmful or illegal conduct. On the part of the service, it should outline its responsibilities, including safety measures, default settings, monetisation practices, and how the service is designed, why particular mechanics or flows exist, and how these design choices may influence user behaviour and spending.
b.Terms of service must expressly prohibit conduct that causes unacceptable harm or breaches the law, including harassment, threats, abusive behaviour, coordinated abuse campaigns, exploitation of children, grooming, and cheating or griefing where this causes harm to other users. They must also cover illegal content and harms to children. Terms of service must describe how these risks are continuously monitored and evaluated, including engagement with relevant regulators or authorities to report harms.
c.Terms of service must recognise and explain that the design and operation of the service, including matchmaking systems, reward systems, behaviour-influencing gameplay mechanics, and monetisation features, can influence how users behave, how much they spend, and how their personal agency may be impacted (e.g. time spent on the service). Services must design and operate these systems in a way that does not incentivise or amplify harm to users.
d.Terms of service must explain how risks are mitigated through regular assessments, safety measures, and ongoing monitoring.
e.For children, terms of service must be clear, accessible, and tailored to their developmental stage. This means using simple language, breaking content into short, logically organised sections, and providing multiple formats including visual or interactive explanations where feasible.
f.Services must explain how breaches of terms of service are detected and assessed, whether through automated systems, human review, or player reports, and outline the full range of enforcement actions along with indicative timelines.
g.Reporting mechanisms must be accessible to all users, including parents or guardians, and cover sensitive or high-risk situations including child exploitation, grooming, and other illegal content. Where relevant, terms of service should describe how the service works with law enforcement.
h.Terms of service must be actively supported by service design. Features, matchmaking systems, and user flows should reinforce rules rather than undermine them.
Commentary

Terms of service constitute the contract between the service provider and the user. In gaming, they should reflect the full reality of the service, including how monetisation features are designed and what psychological mechanisms they employ, not merely a list of prohibited player behaviours. A terms of service that says nothing about how loot box probabilities are calculated, or how virtual currency systems are designed, is failing in its transparency obligations.

Robust age assurance mechanisms

15. Services must deploy proportionate and highly effective age assurance strategies, depending on the level of risk to children.
a–b.Services presenting unreasonable risks to children have a responsibility to know their users and ensure age assurance is proportionate to the identified risks.
c.Critically: age assurance should be applied not only to access to the service overall, but to access to specific high-risk features within the service. A child who is appropriately permitted to play a game should not thereby gain unsupervised access to in-game purchasing features, unrestricted voice chat, or unfiltered contact with adult players.
d–h.Age assurance methods must comply with UK GDPR and the AADC; be evaluated based on outcomes; be tested to avoid discriminatory outcomes; and be subject to ongoing review.
i.PEGI ratings do not constitute age assurance for the purposes of this code. They provide useful consumer guidance but are not a mechanism for verifying user age or restricting access by age group.
Commentary

Age assurance in gaming presents distinct challenges compared to social media. Many games that children play regularly have no age restriction; a child of seven may legitimately play a PEGI-3 title. The safety risk is not access to the game itself but access to features within it: voice chat, direct messaging, in-game purchasing, and social features that enable contact with strangers.

An effective age assurance strategy for gaming must therefore operate at the feature level, not just the service level. A child's account on a gaming platform should carry protections that limit access to high-risk features regardless of the age rating of any individual game; those protections should be technically robust, not merely nominal.

Moderation

16. Services must reduce the risks of harmful and illegal activity. Systems that promote, recommend, or enable communication between users must not systematically amplify harm. Services must use a proportionate mix of both automated and human moderation systems.
a–c.Services must conduct periodic reviews of enforcement efficacy; moderation systems must cover both user-generated activity and system-driven features; and for children, additional safeguards are required.
d.Voice chat moderation presents particular challenges in gaming because it takes place in real time during active gameplay. Services with voice chat features must provide real-time or near-real-time AI-assisted moderation of voice content; ensure that reporting a voice interaction does not require the player to exit gameplay; retain flagged voice communications; and conduct regular audits of voice moderation systems.
e–i.Moderation must be delivered through a mix of human review and automated systems; must be suitably resourced; must anticipate potential risks; must be a board-level responsibility; and services must provide transparency through public reporting of moderation outcomes.
Commentary

Moderation in gaming is meaningfully different from moderation in social media. The primary risks are often not in user-generated content but in the behaviour of users during gameplay, in real-time voice communications, and in direct messaging. Detecting grooming in a live voice chat during a multiplayer session is a significantly harder technical and operational challenge than detecting harmful content in a post or image.

The gaming industry has historically treated player safety as primarily a player behaviour problem, to be managed through terms of service, player reporting, and account bans. A safety-by-design approach requires services to also address the design of social features that create the conditions for harm, and to resource moderation commensurate with the scale and nature of risk.

User tools

17. Users must be provided with effective tools to control their experience and protect themselves. These include tools to report other players, block and mute communications, manage friend and contact lists, control voice and text communication settings, and manage spending.
a.Services must provide meaningful, accessible user tools that allow individuals to shape their experience of the service and manage exposure to risks. These tools should empower users by giving them control over communications, matchmaking preferences, monetisation settings, notifications, and other features that affect safety.
b.Spending controls must be a first-class user (and parent/carer) tool, not buried in settings or accessible only via a platform support request. Parents and carers of child users must be able to: set hard spending limits, including a zero-spend default; receive real-time notifications of purchase attempts; review and approve or decline individual purchase requests; and access a clear transaction history showing all purchases, including virtual currency conversions.
c.Communication controls must be similarly accessible. The ability to mute, block, and report other players, including during active gameplay, must be a visible, low-friction feature of the user interface.
d.User tools must be transparent, understandable, and effective. Services should monitor usage, assess effectiveness based on outcomes, and update tools based on user feedback and emerging risks.
e.For children, services must provide age-appropriate tools that embed safety and support throughout the user experience. This includes default safety settings, integration with age assurance and moderation systems, and clear crisis support pathways for children and caregivers.
f.Tools must be tested with a range of relevant user groups, including children, to prevent discriminatory outcomes.
Commentary

Parental controls in gaming have historically been ineffective: technically complex to set up, easily circumvented, inconsistently implemented across platforms and titles, and poorly understood by parents. A safety-by-design approach requires parental controls to be genuinely effective by design: the default position for a child account should be the safest position, and changing that position should require active parental consent, not just parental inaction.

The ICO's Age-Appropriate Design Code sets a clear standard: services likely to be accessed by children should provide high privacy settings by default, with any less protective settings requiring clear parental consent. The same principle applies to spending controls, communication settings, and social features.

Transparency

18. Services must have a comprehensive and proactive strategy for providing stakeholders with clear and accessible information about the design, operation, and remaining risk present on the service.
a.Services should publish regular, clear transparency reports covering: harmful or illegal content detected and acted on; enforcement actions and their outcomes; moderation of voice and text communications, including referrals to law enforcement; spending data by age group; the functioning of age assurance mechanisms; and how any automated safety tools are working.
b.Specifically in relation to monetisation, services must publish: the probability of each outcome in any randomised reward mechanic, clearly expressed as percentages; the expected average cost in real currency of obtaining specific items through randomised mechanics; aggregate data on average and median spend per user by age group; and the proportion of total revenue derived from users aged under 18.
c.Services should organise information into clear, meaningful categories and allow independent scrutiny, including by accredited researchers. Reporting should be part of an ongoing governance cycle.
d.When children are likely to access a service, transparency reporting must specifically highlight risks to children and how effectively those risks are being managed. Information aimed at children and caregivers should be presented in an age-appropriate, clear, and accessible way.
Commentary

Transparency in gaming has been notably poor, particularly around monetisation. Many gaming companies do not publish loot box probabilities, spending data, or information about how their monetisation systems are designed. Some jurisdictions, including China and several EU member states, have required mandatory disclosure of gacha and loot box probabilities. The UK has no such requirement, but this code treats such disclosure as a baseline transparency obligation.

Transparency about the design of engagement mechanics is equally important. A service that publishes how its matchmaking algorithm is designed, and what role (if any) spending history plays in matchmaking outcomes, is providing materially useful safety information. A service that refuses to disclose this information while its monetisation mechanics remain opaque should be treated with appropriate regulatory suspicion.

Redress mechanisms

19. Services must offer clear and accessible ways for users to seek help and remedies when they experience harm. This includes straightforward processes for taking action on accounts, challenging enforcement decisions, and obtaining remedies for financial harm caused by service design.
a.Redress should not exist in isolation. Insights from complaints, reports, and appeals should feed back into the design and operation of the service, helping to prevent future harm.
b.In the gaming context, redress mechanisms must specifically include: a clear process for parents or carers to obtain refunds for purchases made by children without meaningful informed consent, including purchases made through virtual currency systems where the real cost was not clearly disclosed; a process for challenging enforcement decisions, including bans, that is accessible and transparent; and signposting to external support services for users who have experienced harm, including resources for problem gambling, support for victims of online grooming or exploitation, and mental health support.
c.For children, redress must be age-appropriate, prioritising protection, support, and learning rather than purely punitive action. Services should respond in ways that match children's developmental stage, helping them understand harmful behaviour and how to stay safe.
d.Services should provide signposting and, where appropriate, funding to external services that support victim-survivors of online harms, including services supporting those harmed through in-game grooming or exploitation.
Commentary

The current state of redress in gaming is inadequate. Many companies have poor or no processes for addressing financial harm caused by their own monetisation design; parents who discover their children have made hundreds of pounds of in-game purchases often find refund requests rejected, and have limited recourse. A safety-by-design approach requires companies to take responsibility for harms created by their design choices, not merely for harms caused by player behaviour.

Part 4: Retirement and Decommissioning
20. Services must ensure that the retirement, withdrawal, or significant modification of features, systems, or the service itself is managed in a way that prioritises user safety and maintains existing protections. This includes:
a.Users must receive reasonable notice before services or features are withdrawn. In gaming, this is particularly significant where users have made substantial in-game purchases of items whose value depends on the continued operation of the service. Services must have clear policies on what happens to purchased content when a service is decommissioned.
b–c.Personal data must be securely deleted in accordance with UK GDPR. Where applicable, users must be able to exercise their rights to data portability.
d–e.Safety transition planning must consider whether decommissioning will weaken existing moderation safeguards or drive the migration of user communities to unregulated spaces. Services should conduct a forward-looking risk assessment before decommissioning any feature or system.
f–h.User data must be handled responsibly at end-of-life. For children, additional safeguards, age-appropriate communication, and ongoing protections are required. All decommissioning decisions should be documented and incorporated into ongoing governance processes.
Commentary

Decommissioning in gaming raises specific issues that do not arise in the same way for social media. Users of games often have substantial economic value tied to in-game purchases: virtual items, currencies, and progression that may be lost when a service shuts down. The practice of discontinuing "live service" games without adequate notice or compensation to players who have spent significant sums is a significant consumer harm, particularly where children are affected.

Services should ideally commit at the design stage to policies for handling player assets in the event of decommissioning, and should be transparent with users about those policies from the outset.

A note on references

The original Safety by Design Code of Practice (May 2026), on which this adaptation is based, contains a full set of footnotes and endnotes referencing the academic research, regulatory guidance, and case law underpinning its provisions. Those references have not been carried over into this gaming adaptation, as many cited sources relate specifically to social media contexts and would require replacement with gaming-specific equivalents before they could be relied upon.

Readers who wish to consult the underlying evidential and legal basis for the framework should refer to the original document:

Online Safety Act Network, Safety by Design: Code of Practice, May 2026
Available at: onlinesafetyact.net