Online safety

Latest developments

The Online Safety Act is a new piece of UK legislation which received the Royal Assent on 26 October 2023. The Act is overseen and regulated by OFCOM, who are tasked with issuing codes of practice. OFCOM has recently announced that it plans to release the initial draft codes of practice soon after it acquires its powers, as opposed to the original plan of doing so within 100 days. Additionally, it anticipates publishing draft guidance on age verification in autumn 2023, followed by further codes in the coming months.

Summary

The Online Safety Act seeks to regulate online providers of user-to-user content and search, as well as providers of pornography. It will impose a duty of care on them to conduct risk assessments and take proportionate measures to deal with risks.

The duty of care will require online providers to address various types of risks, including harmful content, cyberbullying, and online grooming. Providers will need to take steps to remove harmful content, prevent its re-upload, and ensure that users are protected from it. They will also need to ensure that age verification and age assurance measures are in place to prevent children from accessing inappropriate content.

How could it be relevant for you?

The Act has different tiers of regulation for user-to-user platforms with only one for search. The Act imposes additional duties on very large user-to-user services, known as Category 1 services. Ofcom alongside Government will work to determine the threshold for Category 1. Research will be required to determine where the threshold should lie, which will probably be based on the scale of business, functionality, and a third criterion that is not yet known.

There are various provisions which can impose liability for failure to comply with the law upon Directors and Officers so senior level engagement with compliance obligations will be an important consideration, alongside who in the organisation will be appointed to take responsibility for online safety issues.

The rapidly evolving landscape of the digital world has led to the need to be able to reclassify businesses. Platforms that were not even in existence five years ago now have a massive user base and therefore a greater responsibility towards online safety. To address this issue, a new subcategory will be provided for providers that are on the brink of becoming Category 1.

It is estimated that the Online Safety Act will impact a vast number of entities, from big tech companies to small indie platforms, with an estimated capture of 25,000 entities in the UK alone so a close reading of the provisions to calculate whether your organisation may be in scope will be important at an early stage. There are various provisions which can impose liability for failure to comply with the law upon Directors and Officers so senior level engagement with compliance obligations will be an important consideration, alongside who in the organisation will be appointed to take responsibility for online safety issues. Steps can then be taken to assess what compliance steps may be required and/or whether change could be made to change the way the business operates to put the relevant activities out of scope of the legislation. Alternatively, if necessary, you can be well prepared to challenge any classification by Ofcom with which you disagree.

Next steps

Whilst a large number of organisations are likely to be covered Ofcom will likely prioritize the big tech platforms in its efforts to ensure compliance. To help with this process, it is recommended that companies within the Act's scope proactively conduct risk assessments and demonstrate that they have considered potential risks. Ofcom will focus on companies that it believes are not attempting to comply, but it's important to note that the duties of care will not apply until codes of practice are published. Public consultations will take place in the coming months, and the direction Ofcom will take remains uncertain. As such, it is crucial for companies to stay informed, contribute to consultations of relevance to their services, and be prepared to adapt to any changes.

Regarding the practice of risk assessments, Ofcom is seeking confidence that the process is being thought about at senior levels of an organization. The more the organization communicates to Ofcom about governance, the more likely Ofcom will be satisfied with the organization's response and approach. It is worth it for organizations to be planning ahead and conducting thorough assessments.

*Information is accurate up to 27 November 2023