The ICO exists to empower you through information.

The guidance on this page is suitable for organisations of all sizes and from all sectors. Small businesses can also use the resources on our small business web hub.

Brief guidance

Introduction to the Children's code

Who the Children's code applies to, and what you need to do to conform.

Codes of practice

Age appropriate design: a code of practice for online services

The Children's code details fifteen standards that providers of online services that are likely to be accessed by children (such as apps, online games, and web and social media sites) must conform with. 


Protecting children's privacy online: Our Children's code strategy

This strategy summarises our priorities for the next phase of our work, including how we will continue to enforce the law and conformance with our Children’s code.

Additional guidance

Best interest of the child

Introduction to the first standard, understanding the rights of the child, identifying and assessing impacts and prioritising actions.

Age assurance: Commissioner's opinion

How the Commissioner expects businesses to meet the code’s age-appropriate application standard, how we expect age-appropriate application to be carried out and expectations for age assurance data protection compliance. 

Likely to be accessed

Guidance for ISSs whose service is likely to be accessed by children, even if it is not aimed or targeted at children. 

In your sector

Edtech (schools and education technologies) – your questions answered

Frequently asked questions about applying the code to schools and education technologies.

Digital news industry FAQs

Frequently asked questions about applying the code in the digital news industry, including whether the code applies to your organisation. 

Top tips for games designers – how to comply with the Children’s code

Running risk assessments, getting age assurance, being transparent, preventing detrimental use of children's information, high privacy settings, profiling responsibly and positive nudge techniques. 


Children's code self-assessment risk toolkit 

Conduct a risk assessment of how both the UK GDPR and the Children's code apply to your digital service, and get practical steps to apply to ensure a proportionate and risk-based approach to protecting children and their privacy.

Data Protection Impact Assessment (DPIA) tools

General DPIA template and example DPIAs for online retail, connected toys and mobile games or apps.

Help us improve our website