About nine in 10 of the pornography sites most visited by Australians in 2025 had introduced age assurance at the 18-plus threshold, according to the country's eSafety regulator. The percentage describes installation across a selected group of popular sites. It does not show whether the checks stop minors, protect adult users' data or cover the wider adult web. [1]
Australia's codes took effect in March and require adult sites, alongside services including app stores and AI companion chatbots, to take steps against access by people under 18 to pornography, extremely violent material and self-harm content. The July 11 record gives the adult-site implementation count. It does not measure outcomes across every service covered by the codes. [1]
eSafety said it monitored the 30 sites most visited by Australians and contacted 26 that lacked age assurance, leading some to add checks. Aylo, the owner of Pornhub and other large sites, first blocked Australian access, then removed pornography from free pages and restricted that material to paid subscriptions, which the regulator treats as a form of age check. [1]
Installation Is the First Stage
Those responses show that rules changed product access. They do not establish which assurance methods each site uses, how accurately those methods distinguish adults from minors, or what information is retained. The Guardian's report does not supply false-acceptance rates, false rejections, privacy audits or a measured change in minors' access. A compliance count cannot answer questions its denominator was not designed to test.
"Age assurance" is itself a category rather than one technical design. In the published account, a paid subscription can qualify for one service, while other sites may use different checks that the article does not enumerate. [1] The burden on an adult user, the data exposed to a site or vendor and the ease of bypassing a check can therefore vary even when both services count as having introduced assurance.
That variation is why installation and effectiveness need separate scorecards. A regulator can count a gate by viewing the site, but proving that it works requires test accounts, error rates and evidence about actual underage access. Proving that it is proportionate requires a privacy record as well. None of those measures can be inferred from the 90% headline number.
Virtual private networks provide the next enforcement problem. A VPN can make a user appear to connect from another country, outside the Australian rule. The Guardian previously reported a surge in Australian VPN-app downloads, but eSafety said it had not observed download peaks that alone explained the fall in users across the five largest adult services. Sites must take reasonable steps against workarounds, and the regulator said VPN detection would form part of its compliance assessment. [1]
That wording matters. A requirement to take reasonable steps is not a promise that every workaround will fail. Nor does evidence about app downloads reveal who used a VPN, why they installed it or which site they visited. Enforcement will need a stated test: what detection is expected, what evidence a site must retain and what warning, remediation order or penalty follows when the regulator finds the steps inadequate.
eSafety also said available data did not show traffic consolidating on one uncontrolled service beyond the five largest sites. [1] That is narrower than proof of no migration. Users could disperse among smaller services, change devices or use tools not visible in the published measure. The absence of one concentrated destination does not close every route around the rule.
No verified topical X status was found for this story, so neither privacy panic nor claims of effortless circumvention enter as evidence. The Guardian supplies a concrete first-stage result: checks now appear on most of the monitored popular sites. The policy's harder result will require effectiveness, privacy, migration and enforcement data that the installation percentage cannot provide.
-- DAVID CHEN, Beijing