Our three takeaways:

1. Auditors care about the details and their findings reach the public, but more importantly, it reaches the Board and the regulator – Auditors are studying your T&Cs, your Service Legal Agreements and Standard Operations Procedures, and independently testing your systems for compliance. While leadership may normally be miles away from the day to day of T&S, any failings of these systems will now be assessed and shown to the Board. Ultimately, it can also be used by regulators to start investigations for non compliance.

2. Audit findings are your business too – it is likely that you own or are involved in some part of the systems and processes that the auditor is looking at. And in the case where the conclusion is negative, the implementation of the audit recommendation will probably sit with you.

3. If you have an audit coming up: Gain familiarity with the auditor’s methodology, look towards the audit reports for benchmarks and test your controls before the auditor does! Spot checks can go a long way. If you’re looking to establish a model for monitoring and testing for existing controls, the auditor’s testing methods can act as a good starting point.

If you're interested in the slides, reach out to Toshali - toshali[at]tremau.com

Child safety online remains a major concern, with Ofcom reporting widespread underage social media use despite age limits. New laws like the EU’s DSA and UK’s OSA mandate stricter protections, forcing platforms to balance safeguarding children’s mental health and preventing exploitation with preserving free expression. The complexity of this task demands age-sensitive, nuanced strategies. This panel examined the shifting regulatory environment and how it’s reshaping platform approaches to Trust & Safety for young users.

Our three takeaways:

1. Regulations are flipping the script and putting trust and safety where it ultimately is – in the front line. From the UK’s Online Safety Act to Australia’s under-16 bans, laws are redefining platform duties, especially around age verification and content access.

2. Adaptation is not simple. Companies must navigate diverse regulatory frameworks and balance user privacy with compliance, particularly around age assurance and data sensitivity.

3. It’s time for safety at the top. Online child protection should be treated like financial or legal risks: addressed at the board level, designed with expert input, and tracked through measurable outcomes.

As online safety regulations tightened, age assurance is emerging as a key compliance topic. The panel examined regulatory, technical, and operational approaches to age verification for both under and over-18s, focusing on privacy-preserving and scalable solutions. It addressed global standards, interoperability, and practical strategies to future-proof systems while minimising user friction.

Our three takeaways:

1. Beyond the current debate on where, in the tech stack, age checks should be undertaken, age assurance measures should be privacy-preserving, easy and seamless for users, and simple to adopt for platforms.

2. Low-bar solutions won’t cut it. Self-declaration or simple payment checks are no longer sufficient. Regulators expect more robust, tech-agnostic approaches.

3. Platforms face four key challenges: affordability at scale, smooth user experience, balancing data privacy with effectiveness, and calibrating the right “level of risk” for their users and services.

The past year saw the EU’s Digital Services Act enforce new rules on content moderation transparency, appeals, and external dispute resolution. This session examined early responses from platforms, users, and regulators, and whether the DSA is beginning to redefine platform-user dynamics - raising broader questions for Trust & Safety, human rights, and what comes next.

Our three takeaways:

1. The DSA gives users more agency. Through transparency obligations like statements of reasons, complaint channels, and alternative dispute resolution, users now have clearer pathways to challenge platform decisions.

2. Implementation is proving complex - even for VLOPs. Operationalizing user-facing processes remains a challenge, as shown in audit reports. For smaller platforms, this highlights the urgency of investing in scalable infrastructure and automation.

3. Process quality matters. Research shows that users value fair treatment over the specific outcome of a complaint. Poor communication, delays, or a lack of explanation can erode trust and drive user churn - even if the decision itself is justified.