The digital gaming landscape in the UK has undergone a significant shift, but the new rules designed to protect minors are already facing their first major test as users discover a simple workaround.
In a move to comply with the UK's stringent Online Safety Act, Valve Corporation, the company behind the massive PC gaming platform Steam, rolled out a new age verification system on August 29, 2025. The mechanism, which relies on users having a valid credit card attached to their account to access adult-rated games, was intended as a robust barrier. However, within days, the digital community found a loophole, raising questions about the effectiveness of the measure and frustrating legitimate adult gamers.
The New Rule: A Credit Card as Your ID
Under the new system, any Steam user wishing to view or purchase games rated for adults must now have a verified credit card on their account. The logic, as guided by the independent regulator Ofcom, is that since individuals in the UK must be 18 or over to obtain a credit card, this serves as a "highly effective age assurance measure." Debit cards, which have no age restriction, do not suffice.
Valve, in an official FAQ, stated that this method was chosen after review as it "provides the most privacy" for users compared to other proposed measures. Once a credit card is successfully registered, the account remains permanently verified for adult content.
The Exploit: A Legal but Temporary Workaround
Despite the intent, the gaming community on platforms like Reddit was quick to dissect the new rules. A now-viral post on the r/Steam subreddit detailed a method that allows users to bypass the restriction entirely.
The exploit is surprisingly straightforward: users can view the adult-rated game's store page through a different source, such as Steam's built-in web browser or an external mobile browser, and leverage compatibility features to add the game to their library and complete the purchase. Sources familiar with the method describe it as a "loophole" rather than a hack, suggesting it is legal but almost certainly temporary. As one commenter on the active Reddit thread aptly put it, "Measures like this make piracy look more appealing than ever."
The sentiment echoes a growing frustration among adult gamers in the UK who either do not own a credit card or are uncomfortable linking one to their gaming account solely for verification purposes.
A Wider Crackdown: The Imgur Conundrum
Steam's policy change does not exist in a vacuum. It coincides with a broader enforcement of the Online Safety Act that has ensnared other major online platforms. Most notably, the image-hosting site Imgur, a service commonly used by game developers to host screenshots and artwork on their Steam store pages, has been completely banned in the UK.
This creates a secondary problem for UK Steam users: even if they are age-verified, they may find key visual elements of game store pages missing. Imgur's ban came after the UK's Information Commissioner's Office (ICO) notified its parent company, MediaLab AI, of an intent to fine them over inadequate age-checking methods and the handling of minors' data. Rather than implement new systems, Imgur opted for a blanket geo-block.
Support at a Dead End, Users Directed to Regulators
For users stuck in the middle, the situation is frustrating. One user shared their exchange with Steam support, seeking an alternative verification method due to not owning a credit card. The support team's response, as detailed in their public FAQ, was unambiguous: "For now, verification based on credit card ownership is the only path we can provide for age verification under the OSA."
The support agent effectively directed the user's grievance elsewhere, suggesting that "it may be better to contact Ofcom" directly if they are a UK resident over 18 without a credit card.
The rapid emergence of a bypass and the accompanying user backlash highlight the delicate balance regulators and platforms must strike between enforcing safety and maintaining a functional, user-friendly experience. While Valve is expected to patch the current exploit quickly, the underlying friction suggests this may not be the last challenge for the UK's new online safety framework.
Post a Comment