Following the introduction of the Online Safety Act 2023 (the OSA) just over a year ago, the topic of online safety has remained at the forefront of public discussion and debate. At the same time, steps to facilitate the implementation of various provisions of the OSA have proceeded at pace.
Whilst several provisions of the OSA came into force when it received Royal Assent on 26 October 2023, or have done so subsequently, there remain some provisions which are yet to commence.
Under the OSA, Ofcom was appointed as the regulator for online safety. Amongst its duties as regulator, Ofcom is responsible for monitoring compliance with the OSA, taking enforcement action where necessary, and publishing guidance and codes of practice to assist OSA-regulated service providers in complying with their duties of care.
The service providers which fall within the remit of the OSA include:
- User-to-user services (such as social media sites or apps, photo- or video-sharing services, chat or instant messaging services, dating apps, and online or mobile gaming services);
- Search services (where a person can search other websites or databases); and
- Businesses which publish or display pornographic content.
The provisions of the OSA apply to service providers regardless of their size and level of resource, from very small 'micro-businesses' to large and very well-resourced companies, where the service they provide has a significant number of users in the UK or where the UK is a target market.
Since its appointment as regulator, Ofcom has engaged in public consultations on various issues and has begun publishing initial guides and guidance in line with the various phases of implementation it had outlined at the outset. For example and most recently:
- On 16 December 2024, Ofcom published its Illegal Harms statement, which included the first edition of the Illegal Harms Codes of Practice and the illegal content risk assessment guidance. It also confirmed that regulated service providers have a duty to complete an illegal content risk assessment, to assess the risk of illegal harms on their services, by 16 March 2025.
- On 16 January 2025, Ofcom published industry guidance on the implementation of age verification and age estimation measures (known as 'age assurance') to ensure that children are not able to encounter pornography or certain other types of harmful content.
- Ofcom also confirmed this month that services likely to be accessed by children have additional duties to protect children online, with such services needing to undertake a children's risk assessment by 16 April 2025 and to implement safety measures to ensure children are protected online.
It is essential for all regulated service providers to understand exactly what is expected from them under the OSA. In particular, the age assurance requirements mean that regulated service providers will need to consider carefully how they implement such measures, so that the processes they use are "appropriate" and “highly effective”, as set out in Ofcom's Guidance on highly effective age assurance. The OSA confirms that self-declaration methods (where a user is simply required to self-declare their age without any other method of verification) are not to be regarded as age assurance. Instead, the measures must be (i) technically accurate, (ii) robust, (iii) reliable, and (iv) fair.
In February 2025, Ofcom is expected to publish draft guidance on protecting women and girls, particularly with advice in relation to online content and activity which disproportionately affects them. This is likely to be another area of significant public interest.
Want to hear more from us? 
