The Internet (and social media for many) is big part of our daily lives, influencing many aspects of it. However, it also exposes individuals—especially children and vulnerable people—to potential harm.
The Online Safety Act is a landmark law aimed at making the UK a safer place online. It holds you and your business accountable for protecting users from harmful and illegal content, with a strong focus on safeguarding children. It introduces a range of legal requirements for online services, particularly those that enable user interaction or offer search functionalities.
The Online Safety Act received Royal Assent on 26 October 2023, marking a significant step toward safer online platforms. Various provisions are already in force. If your business does not comply, you could face substantial fines, so it’s critical to understand the Act and your responsibilities under the law.
This guide will give you an overview of the background and purpose of the Online Safety Act and its implications for your businesses. However, the legislation is extensive, complex, and evolving, with a phased implementation. If you need tailored advice on what actions to take, our data privacy team is here to assist you.
Contents:
What does the Online Safety Act mean for your business?
The Act builds on existing frameworks, such as the Information Commissioner’s Age-Appropriate Design Code, and aims to protect individuals online. It introduces new stringent requirements to strengthen child protection, tackle illegal online activity, and enhance accountability.
The Act applies to various online services, including user-to-user services (like social media platforms, messaging apps, marketplaces, and gaming platforms), search services (such as search engines that allow users to look up content) and pornographic content platforms.
This law introduces substantial business responsibilities in its scope and appoints Ofcom as the primary online safety regulator. Ofcom is now responsible for issuing guidance and codes of practice to help you meet your obligations. Some guidance is already in place, while others will be introduced gradually. Although these codes of practice are not legally binding and businesses can take alternative measures, following their steps will deem you compliant.
Ofcom estimates that over 100,000 online services will fall under this law. This includes businesses across various sectors, such as social media, messaging, gaming, search, online advertising, and pornography. The law doesn’t just apply to UK businesses – it has international reach and applies to services with “links” to the UK (regardless of where the business is based).
You must carefully assess if your services fall under the Online Safety Act and take immediate steps to understand how to meet your specific obligations.
What are some of the key obligations for your business?
The Act sets out various obligations based on your service's size, risk profile, and the extent of children’s access. The Act’s provisions are extremely detailed, but in broad terms, some of your key obligations include:
- Removing illegal content quickly as directed under the Act
- Preventing children from accessing harmful or age-inappropriate material using age assurance systems
- Conducting risk assessments to identify and address potential harms
- Providing accessible mechanisms for users to report harmful or illegal content
- Balancing safety measures with users’ rights to freedom of expression and privacy
- Maintaining compliance records and reviewing them regularly
- Implementing robust content moderation and age-verification systems
- Strengthening accountability through senior oversight and user reporting mechanisms
Additional obligations apply to specific categorised services, determined by thresholds set in secondary legislation.
Key compliance obligations and deadlines are being introduced in phases.
The risks of getting non-compliance
Ofcom enforces the Online Safety Act and holds significant powers to address non-compliance. Businesses that fail to meet certain key obligations could face fines of up to £18 million or 10% of their global turnover. Senior managers may even face criminal liability, such as failing to comply with Ofcom’s information requests. Beyond the financial penalties, non-compliance carries serious risks to a business's reputation, with widespread media attention and potential loss of trust from customers and stakeholders.
Being prepared for the Online Safety Act
The law is being implemented in phases, and if your business provides online services, now is the time to act by:
- Assessing your services: Determine whether your business falls under the scope of the Online Safety Act by reviewing its provisions and relevant Ofcom’s guidance. Identify which of your services are covered, any applicable categorisations, and their specific requirements. Early action will help you allocate resources effectively and minimise compliance risks.
- Staying informed: Monitor Ofcom’s updates and consultations to stay current with new compliance requirements. As implementation progresses, you will face increasing obligations. Regularly reviewing updates and refining your compliance practices will help you stay ahead. For key dates, refer to Ofcom’s timeline for online safety compliance.
- Seeking legal advice: Given the law’s complexity, expert legal guidance is vital to fully understanding and effectively meeting your specific obligations.
Meeting your legal obligations
The Online Safety Act represents a significant shift in online regulation, introducing new and substantial obligations for your business. With key deadlines phased in over time, it’s important to stay alert, act promptly, allocate the necessary resources, and prioritise online safety to meet legal responsibilities.
If you’re unsure whether your business is affected or need guidance on compliance, our data privacy team is here to help.
