Updates from Ofcom on the UK Online Safety Act: Essential Deadlines and Enforcement Focus

Key Deadlines: Preparing for Compliance

The OSA regulates a wide range of online platforms that facilitate user interactions or provide search functionalities for users within the UK. Although the Act received Royal Assent in 2023, its enforceable duties were contingent upon Ofcom's completion of relevant codes of practice and guidelines.

Ofcom has now clarified essential deadlines that will depend on the finalisation of these codes:

1. Assessments for Illegal Harms: All user-to-user (U2U) and search services must initiate their assessments in December 2024, completing them by March 2025. Specific services are required to submit these assessments by March 31, 2025.
2. Child Access Evaluations: All U2U/search services are to commence these evaluations in January 2025, with a completion deadline in April 2025.
3. Compliance with Illegal Content Safety Regulations: U2U/search services must adhere to these regulations by March 2025.
4. Child Risk Evaluations: Services likely to be accessed by children will start in April 2025 and conclude by July 2025. Some will need to submit their evaluations by March 31, 2025.
5. Adhering to Child Safety Regulations: Compliance should be achieved around July 2025 for services likely to be used by children.
6. Responses to Transparency Notices: Services under the OSA will begin addressing these notices starting in summer 2025.
7. Other Compliance Duties: Further details will be provided, but these responsibilities are not expected to commence until 2026.

Notably, duties for UK-based video-sharing platforms are likely to be delayed until Q3 2025, pending the repeal of existing regulations.

While Ofcom has mentioned that these timelines could shift, businesses should proactively prepare to meet these deadlines as they approach.

Initial Enforcement Focus Areas

In its recent communication, Ofcom identified eight primary enforcement priorities for the first three years, signalling its readiness to act as organisations become subject to these duties. Businesses within the OSA’s scope should pay close attention to the following focus areas:

1. Enhancing user safety and addressing associated risks, including appointing senior accountable personnel.
2. Safeguarding children from harmful content and activities through age verification and adjusted recommendation systems.
3. Preventing the dissemination of child sexual abuse material (CSAM) and ensuring children encounter no unsafe interactions.
4. Prompt removal of illegal content, including hate speech and materials related to terrorism.
5. Reducing online gender-based harm and abuse, especially aimed at women and girls.
6. Combating online fraud with detection and prevention strategies.
7. Empowering users, particularly children, to manage their online experiences.
8. Enhancing transparency regarding user safety measures and Ofcom's initiatives, with a commitment to transparency reporting by the end of 2025.

Ofcom emphasises that risk assessments will be the foremost obligation for all affected organisations, viewing these assessments as a key enforcement focus for 2025. Notably, five out of the eight priorities are categorised as design changes, underscoring the need for businesses to take proactive measures in these areas.

Implementation and Enforcement Challenges

Ofcom’s update suggests that certain initiatives, particularly effective age assurance and proactive monitoring tools, may encounter significant implementation challenges. These tools are essential for addressing the severe risks associated with CSAM, pornography, and fraud.

To enhance its strategy, Ofcom plans to consult in spring 2025 regarding the integration of additional automated content moderation tools to better identify illegal or harmful content.

Upcoming Fee Structure

Earlier this year, Ofcom sought input from organisations that may fall under a fee structure related to their qualifying revenue assessments. A consultation is anticipated later this month to address the relevant thresholds and exemptions, but the fee structure itself is not expected to be implemented until the 2026/2027 financial year.

Next Steps for Businesses

Organisations must ascertain whether they are subject to the OSA. If this assessment has not been made, determining the law's relevance should be a top priority. Features that could bring businesses under the OSA include:

• Forums, including those for business users
• Chat rooms or similar functionalities
• Marketplaces enabling user sales or listings
• Review features
• File-sharing platforms
• Certain direct messaging services

Preparing for Compliance

As we await the finalisation of the guidance on Illegal Harms, businesses should begin assembling the necessary evidence and data for their risk assessments. This includes identifying relevant risk profiles for their services covered by the OSA and determining appropriate measures to mitigate risks associated with illegal harms, particularly those related to the 15 priority illegal harms specified by Ofcom.

Ofcom has indicated that it will offer certain resources to assist small and medium-sized enterprises (SMEs) impacted by the OSA, though a specific timeline for these resources has yet to be established.

In summary, businesses must act swiftly to ensure they comply with the forthcoming requirements of the UK Online Safety Act, emphasising the importance of risk assessments and necessary operational adjustments.

Get in touch if you need help understanding this new legislation and what you will need to do in order to comply with its requirements.