There are significant risks in creating a centralised system that is responsible for governing access to pornography sites. Such a system would be a honeypot for blackmailers and hostile foreign governments to exploit. It has been asserted that ID checkers will not record viewing habits and have committed to hashing emails. However, there is still immense danger that a hacker could insert a code exploit into an ID system to gather plain text emails and site viewing habits.

These sorts of hacks are becoming more common. We know that computer systems, even the best, are never fully safe - as demonstrated by the 2015 Ashley Madison leak. Notably, AgeID—the most prominent age verification system—is owned by MindGeek: owner of the world’s largest pornography sites. MindGeek have had five major data breaches since 2012. The privacy standard certification scheme being developed by the BBFC for age verification providers is currently voluntary, which raises additional concerns. A hack exposing the details and viewing habits of tens of millions of British pornography users could have enormous negative impacts on marginalised people, public figures, and the general public.