Ofcom has discovered that porn sites were not, in fact, doing age verification. This required a £630,000 fine to establish. The sites are now scrambling to implement checks they’ve had the technology for since 2015.

The response from the tech industry has been swift and predictable. LinkedIn is already flooded with posts about “age-gating solutions” and “compliance-first architectures.” At least three startups have pivoted their entire product roadmap to become age-verification middleware companies. Their pitch decks all use the same shade of blue.

What’s remarkable is not that the fines worked—regulation always works when the penalty exceeds the cost of compliance. What’s remarkable is that nobody in the industry pretended they couldn’t do this before. They just didn’t. A £630,000 fine is basically a rounding error for sites generating millions monthly, which means Ofcom has accidentally priced child safety at “less than a week’s ad revenue.”

The real comedy is watching startups now treat age verification like a feature launch. They’ll ship a half-baked solution in Q3, call it “beta,” and spend the next year explaining why their database of birth dates is definitely secure. Meanwhile, the actual vulnerable users—kids without credit cards, kids with older siblings’ documents—will find their way around whatever gets deployed in about forty minutes.

Ofcom will declare victory. The tech industry will declare innovation. Nothing will actually change except the spreadsheet line item labeled “compliance costs.”