The UK communications regulator, Ofcom, has announced robust new measures to prevent children from accessing online pornography (plus other potentially harmful content), a key component of the Online Safety Act.

By July

These new regulations will require websites and apps to implement highly effective age assurance systems by July 2025, marking a significant step towards creating a safer digital environment.

What Kind of Websites and Apps Will The New Regs Apply To?

Ofcom says its new regulations will apply to websites and apps that host pornographic content, including those that publish their own material and platforms with user-generated content, such as social media, tube sites, and cam sites. The rules will extend to services that allow harmful content and are likely to be accessed by children. Also, they cover platforms with user-to-user or search functionalities where children may encounter inappropriate material. These categories are defined under the “Part 3” and “Part 5” provisions of the Online Safety Act.

What’s The Problem?

Children in the UK are encountering explicit material online at alarmingly young ages. For example, research from the Children’s Commissioner for England shows that among those who have seen online pornography, the average age of first exposure is just 13. Alarmingly, more than a quarter of children (27 per cent) encounter explicit content by the age of 11, and one in ten as young as nine!

This pervasive exposure poses significant risks to children’s mental health and understanding of relationships, consent, and self-worth. However, despite these dangers, it seems that many platforms have operated without adequate safeguards, allowing harmful material to reach young users with ease.

As Melanie Dawes, Ofcom’s Chief Executive, puts it: “For too long, many online services which allow porn and other harmful material have ignored the fact that children are accessing their services. Today, this starts to change.”

Also, up until now, it seems that self-declared age verification methods, such as ticking a box to confirm your age, have proven ineffective. Platforms frequently treat all users as if they are adults and fail to provide meaningful barriers to prevent children’s access to explicit content.

A New Era of Online Safety

To tackle this issue, Ofcom has published detailed guidance for implementing effective age assurance measures as mandated by the UK’s Online Safety Act (passed in October 2023). These measures form a cornerstone of the Act, which aims to make online platforms accountable for their content.

What the new Ofcom regulations will mean for the platforms include:

– Immediate action for pornographic services. Platforms hosting their own pornography (‘Part 5’ services) must start introducing robust age checks immediately.

– Measures for user-generated content. Social media platforms and other user-to-user services (‘Part 3’ services) that allow user-generated pornography must implement highly effective age checks by July 2025.

– Children’s risk assessments. All user-to-user and search services likely to be accessed by children must complete a children’s access assessment by April 2025, with detailed risk assessments required by July.

What Is ‘Highly Effective’ Age Assurance?

Ofcom defines “highly effective” age assurance as methods that are accurate, robust, reliable, and fair. These methods must go beyond basic checks and address technical and practical challenges to ensure children cannot bypass safeguards.

For example, approved technologies include:

– Photo ID matching. Verification using government-issued identification.

– Facial age estimation. Analysing users’ facial features to estimate age.

– Open banking and credit card checks. Ensuring users’ ages align with financial account requirements.

– Mobile network age verification. Checks conducted through mobile operators.

– Digital identity services. Systems leveraging verified digital identities.

Self-Declaration Methods No Longer Acceptable

Critically, methods like self-declaration of age and payment processes not requiring proof of adulthood are no longer deemed acceptable. Also, platforms must ensure explicit content is not visible to users during the verification process and prevent efforts to circumvent the age assurance system.

A Gradual Rollout with Broad Implications

Ofcom says the introduction of these measures will roll out incrementally, with adults beginning to notice changes in how they access certain services. For example, platforms may require users to upload ID, verify through biometric data, or use credit card checks.

As Ofcom’s CEO, Melanie Dawes, says: “As age checks start to roll out in the coming months, adults will start to notice a difference in how they access certain online services. Services which host their own pornography must start to introduce age checks immediately, while other user-to-user services – including social media – which allow pornography and certain other types of harmful content will have to follow suit by July at the latest.”

While these measures aim to protect children, Ofcom has also emphasised the importance of balancing privacy rights for adults. Notably, a survey by Yonder Consulting found that 80 per cent of UK adults support the implementation of age assurance measures to prevent children’s exposure to pornography.

How Will It Be Enforced?

To enforce compliance, Ofcom has launched an enforcement programme targeting platforms that fail to engage or comply with the new requirements. Non-compliance could result in fines and other penalties.

Benefits of the New Rules

Clearly, a key benefit of the new rules should be to protect children from harmful online content and the hope is that by mandating robust age checks, platforms can significantly reduce the likelihood of children encountering explicit material, promoting safer and healthier online experiences.

Also, as regards safeguarding children, these measures appear to reinforce the UK’s leadership in the tech-safety sector. For example, according to research by Paladin Capital and PUBLIC, the UK accounts for 23 per cent of the global safety tech workforce, with 28 per cent of safety tech companies based in the UK. The introduction of age assurance measures is, therefore, expected to stimulate further innovation and growth within this burgeoning industry.

Julie Dawson, chief regulatory and policy officer at age verification platform Yoti, emphasised the importance of the guidance, saying: “It is essential for creating safe spaces online. Age assurance must be enforced across pornographic sites of all sizes, creating a level playing field and providing age-appropriate access for adults.”

Challenges and Criticisms

Despite the obvious benefit of protecting children, privacy and rights campaigners have raised significant concerns about Ofcom’s new age verification regulations under the Online Safety Act, warning of potential risks to privacy, security, and user rights. For example, The Open Rights Group (ORG), a digital rights advocacy organisation, has been vocal in highlighting these issues. Abigail Burke, ORG’s Programme Manager for Platform Power, has stated, “Age verification technologies for pornography risk sensitive personal data being breached, collected, shared, or sold.”

The ORG has also pointed to similar proposals that were abandoned in Australia due to privacy and security concerns, suggesting that the UK should carefully consider these issues to avoid unintended consequences. Civil society groups have similarly criticised Ofcom for allegedly prioritising changes suggested by the tech industry over recommendations from privacy advocates to strengthen the codes.

Campaign group Big Brother Watch has also highlighted risks associated with age assurance methods, including data breaches, digital exclusion, and the erosion of online privacy. They argue that while protecting children online is essential, many age verification technologies could create new vulnerabilities, particularly around data security.

Some critics have also drawn attention to unintended consequences observed in similar initiatives elsewhere. For instance, when Louisiana introduced age verification laws for pornography sites, traffic to regulated platforms dropped by 80 per cent. However, users did not stop accessing explicit material and instead migrated to less-regulated and potentially more harmful corners of the internet.

This sentiment has also been echoed by Aylo, the parent company of Pornhub, which has criticised the measures as “ineffective, haphazard and dangerous.” The company warned: “These people did not stop looking for porn; they just migrated to darker corners of the internet that don’t ask users to verify age. In practice, the laws have just made the internet more dangerous for adults and children.”

These criticisms highlight the tension between enhancing online safety for children and preserving individual privacy rights in the digital realm. While the regulations aim to protect vulnerable users, critics argue that their implementation must be carefully managed to avoid creating new risks or driving harmful behaviours underground.

Looking Ahead

Ofcom’s guidelines are a step forward in addressing the long-standing issue of children’s exposure to harmful online content. By enforcing robust age assurance, it’s hoped that the measures can foster a safer online environment while balancing privacy considerations for adults.

As the July 2025 deadline approaches, the challenge will lie in ensuring that platforms adopt these measures effectively, without creating unintended consequences or compromising user rights. With rigorous enforcement and collaboration between regulators, platforms, and the safety tech industry, these changes could redefine online safety in the UK.

What Does This Mean For Your Business?

The introduction of Ofcom’s age verification regulations could be a pivotal moment in the effort to create a safer digital environment, particularly for children. By requiring websites and apps to implement robust age assurance systems, the UK aims to address the significant risks posed by children’s exposure to harmful online content, ensuring they are protected during formative years.

The potential benefits are clear, i.e. stronger safeguards for children, a reduction in exposure to inappropriate material, and a reinforcement of the UK’s leadership in tech-safety innovation. These measures signal progress in holding platforms accountable for their content and prioritising the safety of vulnerable users. As Julie Dawson of Yoti points out, creating “safe spaces online” is essential, and the consistent enforcement of age assurance can help achieve this goal.

However, this ambitious undertaking is not without its challenges. Privacy and rights campaigners have raised (valid) concerns about the risks of data breaches, digital exclusion, and the potential erosion of online privacy. The possibility of unintended consequences, such as users migrating to less-regulated corners of the internet, further complicates the picture. Critics, including Aylo and Big Brother Watch, have emphasised the need for careful implementation to avoid exacerbating existing risks.

For platforms, the regulations will demand a shift in how they manage user access and content. Implementing robust age verification systems will likely require significant investment in new technologies, such as photo ID matching or facial age estimation. Smaller platforms, in particular, may face challenges in meeting these requirements without external support or resources. Also, platforms must carefully balance compliance with privacy concerns to maintain user trust, particularly as adults begin to notice changes in how they access services.

Advertisers, too, will need to adapt. Platforms that introduce age verification systems may see shifts in user demographics, potentially affecting audience reach and targeting strategies. Advertisers that rely on platforms hosting adult content may need to navigate a changing landscape where regulated and unregulated spaces coexist, with a heightened emphasis on compliance and ethical advertising.

The success of these regulations will, therefore, ultimately depend on how well they balance the protection of children with the rights and privacy of all users. Ofcom’s approach, which allows space for technological innovation while setting clear standards, provides a solid foundation. However, ongoing dialogue and collaboration between regulators, platforms, advertisers, and advocacy groups will be essential to address concerns and adapt to unforeseen challenges.

As the July 2025 deadline draws closer, the spotlight will remain on how platforms respond to these requirements, how advertisers adjust their strategies, and how effectively Ofcom enforces the new rules. If managed successfully, the hope is that these measures could set a global benchmark for online safety, shaping a digital landscape where safety, privacy, and commercial interests coexist harmoniously.

The US International Trade Commission (ITC) has issued a scathing complaint against web-hosting giant GoDaddy, accusing the company of failing to implement basic cybersecurity tools and practices since 2018.

What Is the ITC, and What Is the Complaint?

The ITC is a US federal agency responsible for enforcing trade laws, addressing unfair trade practices, and protecting industries from harm. Although its remit typically covers trade-related matters, it has increasingly expanded its oversight to include consumer protection, particularly in cases where corporate failings have broader implications for commerce and public interest.

In a recent formal complaint, the ITC alleged that GoDaddy violated Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive business practices. Despite marketing itself as a secure and reliable hosting provider, GoDaddy (according to the ITC) failed to live up to its claims, thereby leaving millions of customer websites vulnerable, resulting in multiple security breaches and significant data compromises.

The Allegations in More Detail

The ITC’s complaint paints a troubling picture of GoDaddy’s cybersecurity practices (or lack of them). It accuses the company of failing to implement even the most rudimentary safeguards to protect its hosting environment. Among the lapses cited by the ITC are the absence of essential measures such as multi-factor authentication (MFA), proper asset inventory, and robust threat monitoring.

Specifically, the ITC’s complaint (published online) identified the following failings:

– No centralised asset management. As of 2020, GoDaddy had visibility over only 15,000 devices out of the approximately 450,000 in its environment.

– Irregular patch management. Despite a policy requiring critical updates to be applied within 30 days, GoDaddy relied on scattered teams to handle patches with no central oversight, leading to unpatched vulnerabilities across thousands of servers.

– Inadequate logging and monitoring. Security-related events were inconsistently logged, making it difficult to investigate breaches or suspicious activity.

– Weak authentication practices. The company relied on username/password combinations without requiring MFA for privileged accounts until 2020, thereby exposing sensitive systems to unauthorised access.

– Network mismanagement. A lack of segmentation between shared hosting and other services enabled threat actors to move laterally within GoDaddy’s infrastructure.

– API insecurity. GoDaddy’s APIs, critical for managing customer data, used outdated protocols, such as plaintext credentials, leaving them highly susceptible to interception and exploitation.

A History of Breaches and Consequences

The ITC report also details several high-profile security incidents that occurred under GoDaddy’s watch, starting back in 2019. The ITC alleges that these breaches highlight the tangible risks posed by the company’s inadequate security measures.

The 2019-2020 Breaches

A breach in October 2019 saw attackers exploit vulnerabilities in GoDaddy’s infrastructure to move laterally into its shared hosting environment. Threat actors replaced critical server files with malicious versions, ultimately compromising customer and employee login credentials. Shockingly, these intrusions went undetected for six months until another unrelated event in March 2020 prompted an external security audit.

During this time, attackers reportedly stole credentials for over 28,000 customer accounts and 199 employees, gaining administrative access to key systems. The breach also involved the theft of approximately 1,000 payment card details.

2021 WordPress API Breach

In November 2021, GoDaddy discovered another breach targeting its Managed WordPress hosting service. This time, attackers exploited an exposed API, obtaining data for 1.2 million customers, including email addresses, private encryption keys, and login credentials for WordPress and database management tools. Evidence suggests the attackers used this access to plant malware and commit search engine optimisation (SEO) fraud, misleading visitors and search engines alike.

2022 Malware Resurgence

The most recent breach, in December 2022, saw the same threat actors return to exploit remnants of the 2019-2020 compromise. This time, attackers deployed malware that redirected visitors to customers’ websites to malicious destinations, such as phishing pages or explicit content. Despite the repeated nature of these attacks, the ITC alleges that GoDaddy failed to proactively detect the intrusion, learning of it only through customer complaints.

Impact on Customers and the Broader Ecosystem

The consequences of GoDaddy’s (alleged) failings have been far-reaching. Small businesses that rely on its hosting services have endured significant disruptions, including compromised websites, stolen customer data, and tarnished reputations. Some customers have faced financial fraud or identity theft, while others have spent substantial time and resources remediating the damage caused by breaches.

The ITC’s complaint makes the point that these harms were entirely avoidable had GoDaddy employed widely available, low-cost security measures. Also, it accuses the company of misleading customers by marketing its services as secure while failing to back these claims with appropriate protections.

GoDaddy’s Response and the Way Forward

In response to the ITC’s allegations, GoDaddy has neither admitted nor denied the charges but has agreed to implement a comprehensive security overhaul. This includes creating a centralised inventory of its hardware and software, adopting SIEM (Security Information and Event Management) tools for real-time threat detection, and enforcing MFA across all privileged accounts.

A spokesperson for the company stated: “We are committed to safeguarding our customers’ data and continually improving our security posture. Many of the measures outlined in the settlement are already underway.”

The Settlement

Despite the gravity of the accusations and the scale of harm outlined in the ITC’s complaint, the settlement agreement struck with GoDaddy has left some questioning its adequacy. Under the terms of the proposed deal, GoDaddy must implement sweeping improvements to its cybersecurity practices. This includes undergoing regular, independent third-party assessments of its security programme and adhering to a ban on making deceptive claims about its data protection efforts in the future.

Notably, the ITC has not imposed any fines but has warned that future violations could result in penalties of up to $51,744 per breach.

What’s Next?

The ITC has opened the settlement for public comment, and its finalisation will mark a critical juncture for GoDaddy. The case serves as a cautionary tale for other companies, demonstrating the risks of neglecting cybersecurity in an increasingly hostile digital landscape.

What If You’re A Business Customer of GoDaddy’s?

For businesses that rely on GoDaddy’s hosting services, the revelations in the ITC’s complaint may understandably be a little unsettling. Many may now be questioning whether their websites or customer data were compromised in the breaches. Those who suspect they have been affected can review communications from GoDaddy, as the company has stated that it notified impacted customers following major incidents. Also, another option for businesses may be to engage independent security experts to audit their sites and data for any lingering vulnerabilities. Moving forward, customers will need to think carefully about whether GoDaddy’s promised security enhancements can restore their confidence or if alternative hosting providers may better meet their needs.

What Does This Mean For Your Business?

As one of the largest web-hosting providers, GoDaddy holds a significant position of responsibility, safeguarding not only its customers but also the broader ecosystem of internet users who interact with its hosted websites. The ITC’s findings, therefore, paint a very concerning picture of (allegedly) some very basic and systemic failures in cybersecurity practices over several years, leading to serious breaches that have impacted countless businesses and their customers.

For GoDaddy, the settlement offers a chance to repair its reputation and demonstrate a renewed commitment to cybersecurity. Although the lack of financial penalties has been surprising to some, it appears to be more of a case of getting some swift remedial action rather than prolonged litigation. However, it is understandable that some stakeholders may view the resolution as lenient, given the scale of the alleged failings and the potential harm caused. The onus is clearly now on GoDaddy to follow through on its promises and implement the sweeping changes outlined in the settlement.

For businesses affected by the breaches, the road to recovery may be a long and complex one. While GoDaddy’s notification efforts and security improvements may offer some reassurance, the damage to customer trust and the potential for lingering vulnerabilities remain pressing concerns. Businesses should, perhaps, weigh the risks and benefits of continuing their reliance on GoDaddy and consider proactive steps to safeguard their operations, regardless of the hosting provider they choose.

This case serves as a wake-up call for the entire tech industry, underscoring the need for vigilance in an era of evolving cyber threats. Basic security hygiene, while often viewed as a standard requirement, is essential to maintaining trust and preventing harm on a global scale. For organisations of GoDaddy’s stature, the stakes are even higher, as lapses in security can reverberate far beyond their own systems.

The ITC’s intervention, therefore, not only holds GoDaddy to account in some way but also sends a clear message to the industry, i.e. that data protection and cybersecurity are not optional. As businesses and consumers alike navigate the fallout, the hope is that this episode will lead to meaningful changes, not just for GoDaddy but for the industry as a whole, ensuring a more secure digital landscape for everyone.

Discover how to use Windows 11 Energy Saver to extend your laptop’s battery life and reduce energy consumption, with straightforward steps to customise it to your needs.

What Is The Energy Saver Feature?

Windows 11 includes a robust Energy Saver feature designed to help laptops run longer on battery power by optimising system settings. This tool adjusts background processes, screen brightness, and other power-intensive tasks to strike the right balance between performance and energy efficiency. So, whether you’re working remotely, travelling, or just trying to reduce electricity costs, here’s how to make the most of this feature.

Step 1: Ensure Your System is Compatible

To use the Energy Saver feature, your laptop must be running Windows 11 version 24H2 or later. To confirm your version:

– Press the Windows key and click Settings.

– Navigate to System and select About at the bottom of the sidebar.

– Under “Windows specifications,” check the version number listed next to Version. If it reads “24H2” or higher, you’re ready to proceed.

– If your version is older, click Windows Update in the same menu and then select Check for updates. Install any available updates to ensure you’re running the latest version.

Step 2: Enable Energy Saver Mode

Once you’ve confirmed compatibility:

– Open Settings and go to System, then click Power & battery.

– Scroll down to the Battery section and expand the Energy saver menu.

– Enable the Always use Energy Saver option to have it active at all times, or choose to activate it automatically when your battery reaches a specified level. For example, setting this to 20 per cent ensures Energy Saver kicks in when the battery is running low.

Step 3: Adjust Screen Brightness Settings

The laptop screen is one of the largest power drains. Energy Saver can reduce the screen’s brightness automatically:

– In the Power & battery menu, enable Lower screen brightness when using Energy Saver. This dims the screen slightly whenever Energy Saver is active, helping conserve battery power.

– If you find the dimmed brightness too low for your needs (e.g. in bright environments), you can turn this setting off or manually adjust the screen brightness using the slider in the system tray.

Step 4: Optimise Sleep and Screen Time-Outs

To minimise energy waste when your laptop is idle:

In the Power & battery menu, click Screen, sleep, & hibernate time-outs.

– Set shorter intervals for Turn my screen off after and Make my device sleep after. For example, choosing 3 minutes for screen off and 10 minutes for sleep ensures your laptop conserves power when inactive.

Step 5: Configure Power Modes

Customise how your laptop balances performance and efficiency:

– In Power & battery, scroll up to Power Mode and select your preferred setting:

– Best power efficiency: Minimises energy consumption, ideal when running on battery.

– Balanced: Offers a mix of energy savings and performance, dynamically adjusting settings.

– Best performance: Prioritises speed over energy savings, more suitable when plugged in.

– Selecting Best Power Efficiency ensures maximum battery longevity.

Step 6: Explore Energy Recommendations

Windows 11 provides tailored recommendations to further optimise energy usage:

– At the top of the Power & battery page, click Energy recommendations.

– Work through the suggestions listed, which may include enabling dark mode or fine-tuning other settings. Green ticks indicate recommendations already applied.

Step 7: Manage Background Apps

Some applications running in the background can unnecessarily drain battery power. To control this:

– In Settings, go to Apps, then Installed apps.

– Locate any app you wish to manage, click the three dots next to it, and select Advanced options.

– Under Background app permissions, set the app to Power optimised (recommended) or Never to prevent it from running when not in use.

– By limiting unnecessary background activity, your laptop will conserve power more effectively.

Enjoy Longer Battery Life

Using the Energy Saver feature and additional power management tools in Windows 11, you can significantly extend your laptop’s battery life without compromising functionality. Whether you’re conserving energy at home or ensuring your laptop lasts through a long workday, these steps provide a straightforward way to optimise your device for efficiency. Try these adjustments today to experience the difference.

The UK government is consulting on plans to ban ransomware payments by public sector bodies and critical national infrastructure (CNI) to disrupt the financial model underpinning cybercrime.

The proposals also include mandatory reporting of ransomware attacks and measures to block payments to criminal groups, aiming to reduce the threat and support law enforcement investigations.

Ransomware is the most serious cybercrime threat to the UK, with attacks on organisations like the NHS and Royal Mail causing widespread disruption and recovery costs. Security Minister Dan Jarvis highlighted the urgency of action, noting $1 billion was paid globally to ransomware groups in 2023.

Banning payments would make public organisations less attractive targets, while mandatory reporting would provide intelligence to help disrupt criminal networks. Penalties for non-compliance, such as fines or leadership bans, are also being considered to ensure adherence.

This initiative is part of a wider strategy to strengthen the UK’s cyber resilience, complementing global efforts like the disruption of the LockBit network and sanctions against major ransomware groups.

Businesses are advised to adopt strong cybersecurity measures, including frameworks like Cyber Essentials, regular data backups, and tested incident response plans, to mitigate the risk and impact of ransomware attacks.

Borobotics, a Swiss startup, has unveiled an autonomous drilling machine that could make geothermal energy more affordable and accessible, transforming how we harness heat from beneath the Earth’s surface.

Grabowski

The machine (nicknamed “Grabowski”) is being heralded as the “world’s most powerful worm” for its ability to silently and efficiently burrow through various terrains. Compact, resource-efficient, and designed for urban environments, this cutting-edge technology promises to address significant challenges in the push for sustainable energy.

What Is Geothermal Energy, and Why Is It Crucial?

Geothermal energy is a clean, renewable (and always available) energy source derived from the heat stored beneath the Earth’s surface. While most people associate renewable energy with solar and wind, geothermal energy offers distinct advantages, i.e. it’s not weather-dependent, it operates 24/7, and it is virtually limitless.

This underutilised resource currently accounts for just 1 per cent of global energy demand. However, the International Energy Agency (IEA) estimates that geothermal energy could actually supply 15 per cent of the world’s energy needs by 2050 if advancements like Borobotics’ technology gain traction. The environmental benefits could be immense, particularly for heating and cooling, which together account for 50 per cent of global energy consumption, most of which still relies on CO2-producing and polluting fossil fuels.

Enter Borobotics and “Grabowski”

Founded in Winterthur (Switzerland) in July 2023, Borobotics says it’s on a mission to accelerate the energy transition. The company’s co-founder, Hans-Jörg Dennig, began conceptualising the “bore-robot” back in 2017, with technical refinements brought in by Philipp Ganz and the business expertise of Moritz Pill.

At the core of their innovation is “Grabowski,” an autonomous geothermal drill that is radically smaller and quieter than traditional rigs. Measuring just 2.8 metres long with a diameter of 13.5 centimetres, it is designed to fit into tight spaces, such as back gardens, parking lots, or even basements. By comparison, conventional drilling rigs are often 6 metres tall and require significant space and logistical support.

As Pill explains, “Drilling will become possible on properties where it would be unthinkable today — small gardens, parking lots, and potentially even basements.”

Grabowski’s compact design is a game-changer, requiring only 6-8 square metres of operating space (84 per cent less than traditional rigs) and weighing just 150 kilograms. Once activated, the robot can operate autonomously, thereby reducing labour costs and allowing small teams to manage multiple drilling sites simultaneously. This efficiency could address the growing shortage of skilled heat pump installers, especially in Europe.

How Does Grabowski Actually Work?

Grabowski employs advanced technology to drill through diverse materials. For example, equipped with sensors in its head, the robot drill can detect different layers of earth, including water tables, and automatically seal the borehole if it encounters gas or water springs. This ensures safety and reduces the risk of environmental contamination.

The robot’s propulsion system, described as “fluid muscles,” allows it to move smoothly within boreholes, while its unique gearbox and dual-engine design enable effective hammering and rotation to break down tough materials, from sand to granite.

Unlike traditional diesel-powered drills, Grabowski runs purely on electricity and can plug into a standard power outlet, producing just 288 kilograms of CO2 emissions per borehole (a staggering 86 per cent reduction compared to its diesel counterparts). Also, its noise level of under 60 decibels makes it 94 per cent quieter than traditional rigs, ensuring minimal disturbance in residential areas.

Why Geothermal Energy Needs a Boost

Geothermal energy has long been overlooked due to the high upfront costs of drilling and installation. Heat pumps, which transfer heat from underground to buildings, are more efficient than gas boilers and can double as air conditioning systems. However, they are often more expensive to install, particularly when combined with the drilling required for geothermal systems.

The European Union (EU) is actively promoting heat pump adoption as part of its €300 billion REPowerEU plan. For example, it aims to install 43 million new heat pumps between 2023 and 2030. While air-source heat pumps are currently more popular due to their lower costs, geothermal pumps actually offer superior efficiency because they rely on the Earth’s stable subterranean temperatures rather than fluctuating outdoor air.

“In many European countries, at a depth of 250 metres, you have an average temperature of 14 degrees C,” says Pill. “This is ideal for efficient heating in winter, while still being cold enough to cool the building in summer.”

The key to unlocking geothermal energy’s potential lies in reducing costs and making the technology more accessible. Grabowski could therefore represent a significant step towards achieving this goal.

Challenges and Competition

Despite its promise, Grabowski does face some limitations. For example, the robot can currently drill to a maximum depth of 500 metres, which is less than the multi-kilometre depths achieved by larger rigs used in utility-scale geothermal projects. Its drilling speed is also slower, which could be a drawback in certain scenarios. However, Borobotics is targeting shallow geothermal systems, where these limitations are less of an issue.

It should be noted here that Borobotics certainly isn’t alone in the geothermal tech race. For example, startups like Fervo Energy in the United States and Eavor in Canada are making strides with advanced geothermal systems too. Fervo (backed by Bill Gates’ Breakthrough Energy Ventures) recently partnered with Google to power a data centre with geothermal energy. Meanwhile, Eavor is building a massive underground “radiator” in Germany capable of heating an entire town.

Nonetheless, Borobotics’ focus on small-scale, decentralised systems differentiates it from these competitors. By providing an affordable, accessible solution for residential and small commercial properties, Grabowski could carve out a niche market.

What’s Next for Grabowski?

Borobotics is currently developing its first working prototype, with plans to begin field testing at an (as yet) unspecified date in 2025. The company’s CHF 1.3 million (€1.38 million) pre-seed funding round, led by Copenhagen-based Underground Ventures, highlights growing investor confidence in geothermal technology.

As Torsten Kolind, managing partner at Underground Ventures, says, “The potential of geothermal heat pumps to decarbonise Europe is substantial, as long as the cost comes down. The minute that happens, the market is open.”

Borobotics’ approach seems to align perfectly with this vision. By addressing cost, efficiency, and accessibility, the company may be poised to make geothermal energy a viable option for millions of households. If successful, Grabowski could play a pivotal role in reshaping the energy landscape, reducing reliance on fossil fuels, and advancing global sustainability efforts.

What Does This Mean For Your Organisation?

Borobotics’ innovation sounds like it could offer a step forward in the quest for more sustainable (and hopefully cheaper) energy solutions. By focusing on affordability, compactness, and accessibility, the company is addressing some of the key barriers that have historically limited the adoption of geothermal energy. With the EU’s ambitious goals to decarbonise heating and cooling, Grabowski could fill a crucial gap in the market, particularly in urban and residential settings where traditional rigs are impractical.

Grabowski’s environmental credentials are also quite impressive. Its reliance on electricity over diesel, combined with its reduced CO2 emissions and quieter operation, make it a gentler option for the planet and its people. The prospect of an autonomous drilling robot that can be set up by a single worker and left to operate independently could significantly streamline geothermal installation processes. This innovation sounds like it may alleviate bottlenecks caused by Europe’s shortage of skilled heat pump installers, potentially accelerating the adoption of geothermal systems.

That said, challenges remain. Grabowski’s maximum drilling depth of 500 metres and slower speed may limit its application in certain contexts, especially in large-scale energy projects requiring deeper wells. Also, although Borobotics appears to be well-positioned in the growing geothermal market, competitors like Fervo Energy (with some serious backing) and Eavor are pursuing equally innovative solutions, which may overshadow the Swiss startup’s ambitions on a global scale.

The geothermal sector itself must also overcome broader obstacles. While the technology offers immense potential, upfront costs and public awareness remain barriers to widespread adoption. Public and private investment could be crucial in bringing costs down and fostering a shift towards geothermal energy. Borobotics’ ability to deliver on its promises, particularly as it transitions from prototype development to real-world deployment, will determine its impact on this evolving landscape.

Borobotics is, therefore, now entering a market primed for change, with a product that seems tailor-made to capitalise on the growing demand for sustainable heating and cooling. If the company can navigate the challenges ahead and scale its technology effectively, the Grabowski autonomous bore/drill may well become a vital player in the push to decarbonise energy systems. While the road ahead is far from smooth, the possibilities for a more sustainable future make this an endeavour worth watching closely.

This handy new feature from those clever people at OpenAI now lets you set ‘tasks’ which can then be scheduled for specific times and the results can be emailed across to you. Have a play with it – it’s fascinating!

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]