Source · Select Committees · Public Accounts Committee
Recommendation 3
3
Accepted
Finalise automated compliance monitoring systems and clarify enforcement approach for non-engaging providers.
Conclusion
Ofcom lacks clarity about how it will identify and respond to non-compliance and when to use its enforcement powers. Ofcom estimates that there could be 100,000 or more service providers subject to regulation, with most of these being small businesses and / or based overseas. Ofcom will rely on automated processes 6 Preparedness for online safety regulation to identify and collect monitoring data on the compliance of the vast majority of service providers, but does not have these processes in place yet. Where non- compliance issues arise, Ofcom will engage with service providers to encourage their compliance. This approach has already had some success, when, following recent news stories about a website promoting suicide, Ofcom contacted its overseas provider which then agreed to block access to the site for UK users. However, Ofcom recognises some providers may choose not to engage, and it may prove difficult to contact the many smaller, overseas companies. Where engagement fails, Ofcom has a range of enforcement powers, including fines of up to 10% of a company’s global revenue and business disruption measures. These enforcement powers will only come into effect in stages as the regime is implemented, and Ofcom has already begun to consult on its approach to using these powers. Recommendation 3: Ofcom should urgently finalise its automated compliance monitoring systems and clarify its enforcement approach with service providers where engagement has not proved possible.
Government Response Summary
Ofcom is developing several automated compliance monitoring tools, including a classification tool, live database of service characteristics, and automated analysis of terms of service, news, and user complaints. Ofcom will publish its final enforcement guidance in late 2024.
Government Response
Accepted
HM Government
Accepted
The government agrees with the Committee’s recommendation. identify potential risks, including non-compliance. A foundational task is identifying the services likely to fall in scope. Ofcom has developed a classification tool, which is already providing insights into the profile of regulated services and will continue to refine it drawing from the experience of applying the Act. Additionally, Ofcom is developing several interconnected tools which could help to flag where services may not be compliant. For example: • Building a live database of services’ characteristics including risk factors. • Automating the analysis of Terms of Service to check whether they include the provisions required by the Act. • Automating the analysis of news and users’ complaints about services to enable timely engagement in case of emerging threats. • Exploring tools to automatically verify whether users can access pornography without an age check. This will inform the possible need for enforcement in several ways, including by flagging increasing risk of harm, which may be due to ineffective safety processes, or potential compliance concerns. Ofcom expects services to engage constructively and openly, and to be willing to make improvements. Ofcom will use its enforcement powers where it considers appropriate, reasonable, and proportionate to do so, guided by its regulatory principles. Ofcom’s approach to investigating compliance concerns and enforcing the Act’s requirements is set out in its draft enforcement guidance, on which it has consulted. Ofcom intends to publish the final guidance in late 2024.