Ofcom Investigates Telegram for CSAM Sharing and Encryption Non-Compliance
UK regulator Ofcom launches a formal investigation into Telegram over evidence of child sexual abuse material (CSAM) sharing and potential breaches of the Online Safety Act's encryption reporting rules.
Executive Summary
The UK communications regulator Ofcom has opened a formal investigation into Telegram, citing evidence the platform is being used to share child sexual abuse material (CSAM) and may have failed to comply with encryption reporting requirements under the Online Safety Act. The probe, announced on April 21, 2026, could lead to significant fines or enforcement actions if Telegram is found in breach of its legal duties to assess and mitigate risks related to illegal content.
Technical Analysis
The investigation centers on two primary obligations under the Online Safety Act. First, Ofcom states it has gathered evidence indicating Telegram is being used to share CSAM. The regulator did not disclose the volume or specific sources of this evidence but characterized it as sufficient to warrant a formal probe into whether Telegram adequately assessed this risk and implemented appropriate mitigation measures.
Second, Ofcom is examining potential non-compliance with the Act's encryption reporting mandate. The law requires services using encryption to submit detailed reports outlining how their technology impacts their ability to identify and remove CSAM and terrorist content. According to Ofcom, Telegram may have failed to provide a complete report by the legal deadline of November 2024. A spokesperson for Telegram told BleepingComputer the company had submitted a report, but Ofcom's announcement suggests the provided documentation was insufficient.
Threat Actor Context
The investigation does not attribute the sharing of CSAM to a specific threat actor or group. The focus is on the platform's systemic compliance with regulatory duties to manage risks, rather than a specific intrusion or malware campaign.
Mitigations & Recommendations
Ofcom's announcement serves as a procedural step and does not include specific technical mitigations for users. The regulator's stated next steps are to gather further information from Telegram. For platform providers operating in the UK, the investigation underscores the stringent and enforceable reporting requirements under the Online Safety Act, particularly concerning encrypted services and risk assessments for illegal content.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.
