Monday 16 December 2024 marked an important day in UK online safety regulation with Ofcom’s publication of its final illegal content risk assessment guidance and codes of practice under the new regime, which, in Ofcom’s own words, is “firing the starting gun on new duties for tech firms”. Our regulation multi-disciplinary experts and European Centre for Regulatory Strategy set out their key perspectives and practical points below.
Key takeaways
Ofcom’s publication of codes and guidance relevant to illegal harms (e.g. terror, hate, fraud, child sexual abuse and assisting or encouraging suicide) marks a major milestone for the implementation of the UK’s Online Safety Act.
This effectively kick-starts entry into force of the new online safety regime, which will apply to providers of online user-to-user and search services in the UK regardless of where they are based in the world.
Ofcom estimates that there are approximately 100,000 online services within scope of the Act.
A key requirement for all in-scope services is to conduct an illegal content risk assessment which will drive companies to protect individuals who are users of the service from harmful content. Once further guidance is published, in addition to the illegal content risk assessment, a children’s access assessment and (to the extent relevant) a protection of children risk assessment will also be needed.
The Codes published alongside the risk assessment guidance are a fundamental tool for service providers in scope in the new regime. Ofcom is effectively setting a baseline online safety standard by publishing more than 40 recommended safety measures for in-scope platforms to introduce from March (for example, each provider should name a senior person accountable to their most senior governance body for compliance with their illegal content, reporting and complaints duties).
Ofcom announced that it will be watching the industry closely and that is ready to use “the full extent of [its] enforcement powers” against providers which “come up short”.
Providers will now have a duty to assess the risk of illegal harms on their services by no later than 16 March 2025. From 17 March 2025 onwards, providers then will need to comply with measures set out in the Codes or use other effective measures to protect users from illegal content and activity that meet the safety duties in the Act.
Ofcom will continue to implement the OSA throughout 2025, publishing further codes of practice and guidance in due course.
Further detail on what Ofcom has now published
Ofcom released its Guidance and Codes across three main volumes (more details below), respectively focusing on:
Governance and risk management
Service design and user choice
Transparency and trust and other guidance
What in-scope online services should be doing now to complete an OSA illegal content risk assessment by 16 March 2025
If you are an online service in scope of the new rules, we suggest having the following building blocks in place, or start to get them in place as soon as possible:
- An understanding of the harms in scope including the 130+ UK offences mapped to your own risk taxonomy;
- An understanding of the activities of your service(s) and the functions it provides to users;
- A documented evidence base on which to make a suitable and sufficient risk assessment; and
- A dedicated project team with the remit and resources to facilitate the successful development, execution and drafting of the risk assessment process.
To get started, you can read our blog on the different types of OSA risk assessments and watch Deloitte’s webinar on the new risk assessments required under the OSA which gives further advice on no-regrets actions to get started on these critical risk assessments.
Your contacts
If you would like to speak to the Deloitte team supporting clients on complying with the Online Safety Act and other evolving global internet regulations, please contact:
Joey Conway, Internet Regulation Partner, Legal Lead
Nick Seeber, Global Internet Regulation Lead Partner
Brij Sharma, Media Regulation Expert
Matteo Orta, Senior Consultant, Strategy, Risk & Transactions Advisory
![Fiske-y business: Court of Appeal clarifies scope of Section 73 planning permission amendments - Fiske [2024]](https://images.passle.net/fit-in/512x288/filters:crop(0,123,1178,661)/Passle/5d1eec76989b6e0f3cff1041/MediaLibrary/Images/2024-12-19-20-52-47-997-6764879f3e67bad811f7a607.png)
/Passle/5d1eec76989b6e0f3cff1041/MediaLibrary/Images/2024-12-17-08-44-00-798-676139d0e47d4e3f62efc20c.jpg)