On 25 March 2024, Ofcom called for evidence for the third phase of its online safety regulations. This call for evidence will culminate in Ofcom’s third consultation paper, which will act as guidance for service providers to ensure compliance with the Online Safety Act (“OSA”).
The third phase of online regulations introduces further guidance on the extra duties that will arise under the OSA for category 1, 2A, and 2B services (explained here), which could include:
Additional Duties | |
Content | Protect news publisher, journalistic content and/or content of democratic importance |
Terms of Use | Include certain additional terms of use |
Specify a policy in the terms of use regarding disclosing information to a deceased child’s parents about their child’s use of the service | |
Advertising | Prevent fraudulent advertising |
Transparency | Publish a transparency report |
Additional features | Provide user empowerment features |
Provide user identity verification |
Along with this, Ofcom has also published their advice to the UK Government on the thresholds to be used to decide whether or not a service will fall into Category 1, 2A or 2B.
Through this call for evidence, Ofcom is inviting industry stakeholders, expert groups, and other organisations to provide evidence that will help inform and shape Ofcom’s approach to the OSA regulations. The call for evidence will close on 20 May 2024, after which Ofcom will publish its third consultation paper in 2025.
Preceding this third consultation paper are two consultation papers that have already been finalised and published by Ofcom. The first paper acts as guidance for user-to-user (“U2U”) and search services on how best to approach their new duties under the OSA. The second paper is specific to service providers of pornographic content.
The proposed measures under the first consultation paper vary based on the size and risk profile of the service. A “large service” is any service with an average user base greater than 7 million per month in the UK, which is approximately equivalent to 10% of the UK population. Every other service is a “small service”.
Further, when assessing the risk profile, services are expected to conduct the risk assessments themselves, and classify their services into one of the following criteria:
- Low risk: low risk for all kinds of illegal harm
- Specific risk: faces the risk of a specific kind of harm/harms
- Multi risk: faces significant risks for illegal harm
Notably, for large companies that have a multi-risk profile, almost all the proposed measures apply, except those recommended for automated content moderation, enhanced user control, and certain reporting obligations. Online safety regulations are expected to affect more than 100,000 service providers, many of which will be small businesses based in the UK and overseas[RS4] . Ofcom offers a free self-assessment tool to assess if these regulations will affect your company. If your organisation is large and sophisticated and requires a tailored approach to ensure compliance with these regulations, we can assist with this.