Online Safety Act – what you need to know
The Online Safety Act is a new set of laws which aim to protect children and adults online
It’s a chilly Wednesday morning and you want nothing more than to sip your coffee and read… about the Online Safety Act (OSA). Luckily for you we knew this would be just the content you were after so we’ve written a short summary to help keep you and your team informed. You might need to make a second coffee for this one.
Disclaimer: dxw doesn’t provide legal advice. This blog post is to help people understand the changes taking place. While we’ll do what we can to facilitate client websites being compliant, ultimately the onus is on the website owners. If you’re in any doubt about whether your site is affected by the OSA then we’d recommend seeking independent legal advice.
What is the OSA trying to do?
After passing into law in 2023, the first parts of the Online Safety Act will be implemented in March 2025.
The OSA is a new set of laws which aim to protect children and adults online. It’s putting more responsibility on service providers to make sure they’re doing all they can to prevent illegal or age-inappropriate content being accessed. The OSA makes users’ safety the priority.
Who’s affected by the Act?
Ofcom, the independent regulator for the communication services we use, has created a regulation checker for service providers to check if the OSA might apply to their services. The OSA might apply to anyone who provides an online service. An online service could include a website, app, or another type of platform. The OSA applies to any online service which has a UK audience, regardless of where the service provider is located.
Specifically, the OSA covers services where:
- people may encounter content (like images, videos, messages or comments) that has been generated, uploaded or shared by other users. These are called ‘user-to-user services’
- people can search other websites or databases (‘search services’); this doesn’t include internal site search functionality
- you or your business publish or display pornographic content
The rules apply to all sizes of organisations with the potential risk factors to users, size and capacity of organisations being taken into account. Some exemptions apply, such as specific user-to-user services. And your online services will be exempt from the OSA if they’re an internal business service (only accessible to employees etc), are provided by a public body or by an education or childcare provider.
Most of dxw’s clients are exempt because either they don’t have user-to-user services or they fall into one of the business categories. Clients who may not fall into one of the above categories, such as charities, housing associations or art organisations, may be affected by the OSA. In this case, the most likely reason for that service being within the scope of the OSA is if it has user-to-user generated content enabled on their website. This might include things like blog comments being enabled – more so if users are able to reply to each other. It’s worth checking the settings in your admin dashboard.
If you choose to use the Ofcom regulation checker, once you have submitted your answers you will either get a ‘Yes’, ‘No’ or ‘Unclear’ response on whether the OSA applies to your online service. Ofcom advises that you read more about the OSA, keep up to date with any news, and bear in mind that any changes you make to your service may mean that the regulations apply in the future. Ofcom has the authority to fine businesses if they’re deemed as not meeting the OSA. It’s not yet clear when they will charge fines or which size of organisations will be required to pay them.
What’s expected of services that fall within the scope of the OSA?
If your service falls within the scope of the OSA then the first steps will be to complete the various risk assessments that Ofcom outlines. These risk assessments will then indicate what you need to do.
Some examples of the actions that are expected to be put in place are having content moderation for user-to-user generated content and taking action to remove content that violates the OSA. The level of moderation required will depend on the size of your service.
Key dates
Mid-March 2025 – if the OSA applies to you, Ofcom expects services to disclose their illegal content risk assessment from 31 March 2025.
July 2025 – Ofcom expects specific services to disclose their children’s risk assessment from 31 July 2025.
Recommended steps to take:
- Complete the Ofcom regulation checker for your online service.
- If any of the questions in the regulation checker are unclear then read more about the OSA via the Ofcom or GOV.UK websites.
- If the OSA applies to you, make sure you and your team factor in time to complete the risk assessments before the above deadlines.
- Subscribe to Ofcom for regular updates about online safety. Further OSA updates will be released this year.
- Periodically re-run the Ofcom regulation checker, especially if there are any changes to your site’s functionality, as the answers to the questions may change.
Information sources:
https://ofcomlive.my.salesforce-sites.com/formentry/RegulationChecker
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/guide-for-services/
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/important-dates-for-online-safety-compliance/
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/roadmap-to-regulation/
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/time-for-tech-firms-to-act-uk-online-safety-regulation-comes-into-force/
https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer
https://russ.garrett.co.uk/2024/12/17/online-safety-act-guide/
https://www.legislation.gov.uk/ukpga/2023/50/contents
https://onlinesafetyact.co.uk/