Internet Regulation Updater
The UK regulator Ofcom, recently released draft guidance for online safety for women and girls.
Why is this important? This is the latest in a burst of regulator activity in Europe, including the release of the European regulator’s draft guidance on children’s safety online released this week. With the foundational new regulations (EU Digital Services Act and UK equivalent Online Safety Act) now in force and bedding in, regulators are focusing on specific aspects of online safety, including vulnerable groups like women and children. The landscape is continuing to develop.
Impact: For providers in scope it is important to keep abreast of these developments and to mature the approach to compliance and risk management to cater for this. This is not a static landscape; the regulations require ongoing risk management and the regulators are maturing and increasing the requirements to achieve that. One-off regulatory readiness is not enough for ongoing regulatory compliance.
Details: Alongside Ofcom’s already published final Codes and risk assessment guidance's on how they expect platforms to tackle illegal content and children’s safety, Ofcom is also required to produce guidance that sets out how service providers can take action against harmful content and activity that disproportionately affects women and girls. This includes the implementation of practical steps to tackle the unique risks faced by women and girls, including misogyny, harassment, domestic and intimate image abuse.
Ofcom have stated that women are five times more likely to be victims of intimate image abuse; around 75% of women journalists have suffered online threats and abuse, almost a quarter of teenage girls regularly see content that objectifies or demeans women and more deepfake intimate image abuse was posted online in 2023 than all other previous years combined.
Making the internet a safer place for women and girls has been a long-standing priority for Ofcom, and the draft guidance demonstrates Ofcom’s priority to tackle this issue as part of its OSA consultation process.
“No woman should have to think twice before expressing herself online, worry about an abuser tracking her location, or face the trauma of a deepfake intimate image of herself being shared without her consent.”
- Dame Melanie Dawes, Ofcom Chief Executive
Key takeaways
Understanding the harms
Ofcom notes that the first objective of the draft guidance is to help ensure providers understand the risks and harms that women and girls currently face on online services including areas where women and girls experience a disproportionate and distinct harm. Based on this, Ofcom outlined the following four focus areas in the guidance:
- Online misogyny – content that actively encourages or cements misogynistic ideas or behaviours, including through the normalisation of sexual violence.
- Pile-ons and online harassment – which include cases where a woman or groups of women are targeted with content, including misogynistic content, abuse, threats of violence, image-based sexual abuse and gendered disinformation. It was noted that while pile-ons can affect any women, they often target women in the public-eye, including journalists and politicians.
- Online domestic abuse – the use of technology for coercive and controlling behaviour within an intimate relationship.
- Intimate image abuse – the non-consensual sharing of intimate images – including those created with AI; as well as cyberflashing – sending explicit images to someone without their consent.
What service providers can do to improve women and girls’ safety
Ofcom’s second objective for the draft guidance is setting out practical and achievable recommendations providers can implement to improve women and girls’ safety. As part of this, Ofcom has identified a total of nine areas where providers should be doing more to improve women and girls’ online safety, split into three chapters, each representing one of the stages of how a service is run:
Taking responsibility
- Action 1: Ensure accountability processes address online women and girls’ online safety, for example by consulting subject matter experts and setting policies on prohibiting these harms;
- Action 2: Conduct risk assessments that capture harms to women and girls – this could be by engaging with survivors and victims and conducting user surveys; and
- Action 3: Be transparent about women and girls’ online safety through sharing information about the prevalence of harms on a service and the effectiveness of safety measures.
Preventing harm
- Action 4: Conduct abusability evaluations and product testing, for example by using red teaming (a process for testing cybersecurity effectiveness) to identify malicious ways actors may try to use the service features to perpetrate harm;
- Action 5: Set safer defaults, by ‘bundling’ default settings together to make it easier for women experiencing pile-ons to secure their accounts; and
- Action 6: Reduce the circulation of online gender-based harms, by using hash matching to detect and remove intimate images shared without consent.
Supporting women and girls
- Action 7: Give users better control over their experiences by providing the option to block multiple accounts at once;
- Action 8: Enable users who experience online gender-based harm to make reports, for example by building reporting systems designed in a way that is supportive and accessible for those experiencing domestic violence; and
- Action 9: Take appropriate action when online gender-based harm occurs, by taking action against users who repeatedly violate the service’s policies.
Encouraging providers to take ambitious action
Ofcom’s third objective has been to encourage providers to take action beyond their core compliance requirements. As part of the response, Ofcom has outlined both Foundational steps and Good Practice steps that can be taken by Service Providers:
Foundational steps
These are the steps included in Ofcom’s Code measures and risk assessment guidance as part of their work on Illegal Harms and Protection of Children. As part of this, providers had a duty to assess the risk of illegal harms on their services, with a deadline of 16 March 2025.
Good practice steps
These are steps that provide additional ways providers could build on the foundational steps to meet each of the actions and further improve women and girls’ online safety. While not mandatory requirements for compliance with the legal duties, Ofcom considers these steps as a demonstration of their work on user safety more broadly.
The future
Ofcom has stated their intention to publish an assessment of how providers are keeping women and girls safe on their services by the first half of 2027. Currently, the draft guidance is under consultation until 5pm on 23 May 2025, with the final guidance expected by the end of 2025.
Your contacts
If you would like to speak to the Deloitte team supporting clients on complying with fast-paced global digital regulations, please contact:
Joey Conway, Internet Regulation Partner, Legal Lead
Nick Seeber, Global Internet Regulation Lead Partner
Laurie Gilchrist, Internet Regulation Director
Hilary Atherton, Internet Regulation Director
Sian Bundred, Internet Regulation Director
Kirti Bhalsod, Internet Regulation Associate, Legal
Alana Warbrick, Internet Regulation Associate, Legal
/Passle/5d1eec76989b6e0f3cff1041/MediaLibrary/Images/2025-05-20-14-29-01-616-682c91ad7f300619aacc28d1.jpg)
/Passle/5d1eec76989b6e0f3cff1041/MediaLibrary/Images/2025-05-20-08-32-41-066-682c3e29ca02b4d8fb2116ea.png)
/Passle/5d1eec76989b6e0f3cff1041/MediaLibrary/Images/2025-04-08-10-49-04-900-67f4ff200e63d1a01b5e2414.png)