Table of Contents
In Short
- The UK’s Online Safety Act 2023 sets strict legal responsibilities for online services to protect users from harmful and illegal content, focusing on children and vulnerable users.
- The OSA covers UK and international businesses offering user-to-user interaction or search services targeting UK users.
- Severe penalties include fines up to £18 million or 10% of global turnover and possible criminal liability for senior managers.
Tips for Businesses
Determine if the OSA applies to your services, especially if you operate online platforms or search engines. Review Ofcom’s guidance to ensure compliance and implement robust risk management, moderation, and age-verification processes. Consider legal advice to navigate complex obligations and avoid significant penalties.
If you are operating an online business, keeping up with laws and regulations affecting your business activities is vital. The UK’s Online Safety Act 2023 (OSA) has introduced a mandatory and strict legal framework designed to enhance the safety of individuals online. This new law sets out a wide range of rigorous and far-reaching responsibilities for online services (particularly focusing on protecting children and adults from harmful and illegal content). Businesses operating in the digital space offering in-scope services as defined by the OSA must understand and comply with their mandatory obligations. This article explores the background and purpose of the OSA and highlights key issues that business owners should understand to comply.
Why Was the Online Safety Act Introduced?
By way of background, the OSA was introduced to address significant risks associated with harmful and illegal content in digital spaces. The legislation introduced rules and strong enforcement powers over businesses that fail to comply, requiring companies to protect users online proactively.
Key rules include increasing transparency and accountability and protecting children and adults from harmful content. Overall, the OSA aims to create a safer and more responsible digital environment for all, an important target goal given individuals’ severe online risks.
Which Services are Covered by the Online Safety Act?
The OSA applies to many businesses and services that enable user-to-user interactions or provide search functionalities.
Some examples of the businesses caught under the OSA include:
- social media platforms;
- messaging services;
- search engines;
- online forums;
- gaming platforms;
- dating apps;
- file-sharing services; and
- pornography sites.
Given how broad the remit of the law is, any online provider should carefully review the OSA rules to determine whether its obligations could catch them. Ofcom (the regulator responsible for compliance) has provided helpful guidance to assist businesses in understanding their obligations under the OSA and whether they need to comply.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
What Responsibilities and Duties Does the OSA Impose?
The OSA requires businesses to take several proactive steps to manage risks associated with harmful and illegal content on their platforms. The law sets out rules for providers of online services who allow interaction between users or search services to ensure that their services reduce the risks of illegal and harmful content. Such businesses must show they have taken steps to prevent harmful material from appearing, for instance, by implementing risk assessments and safeguard measures to mitigate such risks.
The OSA imposes a broad set of specific obligations. Some obligations include conducting detailed risk assessments to identify potential harms, detecting and removing flagged illegal content, and implementing robust age-assurance measures to protect children from harmful material. Certain businesses must also meet additional duties, such as giving users more control over what they see online and maintaining transparency about their activities.
Ofcom is publishing codes of practice to assist businesses in meeting these obligations. These codes and guidance include specific rules to follow. Ofcom’s codes and guidance lay out the details of how companies can comply with these further requirements. Businesses must carefully review the relevant guidance and seek legal advice if they need help understanding their specific obligations.
How is the OSA Being Implemented?
Ofcom is responsible for developing codes of practice to guide businesses in complying with their legal duties. The OSA states that various duties will apply from the date the relevant codes of practice regarding such duties come into force. The OSA is rolling out in phases, and some obligations are already in effect. Currently, the focus is on provisions relating to illegal content, but additional requirements will be introduced in later phases.
Companies within the OSA’s scope should ensure they are well-prepared, carefully monitor Ofcom’s updates and comply with their legal obligations as the law is further implemented. Although not binding, Ofcom has stated that compliance with the codes will give businesses a ‘safe harbour’ to demonstrate their compliance.
This factsheet sets out how your business can become GDPR compliant.
What are the Risks and Why is It Important to Seek Legal Advice?
Under the OSA, Ofcom has significant enforcement powers. Key penalties include severe fines and possible criminal sanctions. Businesses that fail to meet their obligations risk penalties of up to £18 million or 10% of global turnover, whichever is higher. Senior managers may face personal liability if they do not comply with Ofcom’s enforcement notices. As such, businesses must take their compliance obligations seriously.
A data protection solicitor can help your business assess its obligations, interpret Ofcom’s codes of practice, and ensure compliance with its duties. Legal advice from a UK lawyer can also be especially crucial for businesses operating internationally that need support understanding their obligations.
Key Takeaways
The OSA introduces strict legal responsibilities for numerous online services to help protect users (particularly children) from harmful and illegal content online. It applies to many businesses, including social media platforms, messaging services, and search engines, and can catch companies in the UK or abroad. Non-compliance can result in heavy fines and even criminal liability for senior managers in some instances. As such, it is vital for online businesses to carefully assess whether they need to comply and ensure they prioritise compliance with this strict new legal framework.
If you need help understanding the OSA and its application to your business, our experienced IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
The OSA can apply to any business (including those outside the UK) if the services have ‘relevant links’ to the UK—for instance, if they have a significant number of UK users or if UK users are a target market.
Ofcom can impose fines of up to £18 million or 10% of a business’s global turnover, whichever is higher.
We appreciate your feedback – your submission has been successfully received.
