Recommendation 13

HM Government Accepted

3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2025 3.2 Given the scale and scope of the regime, Ofcom is designing data-driven tools to identify potential risks, including non-compliance. 3.3 A foundational task is identifying the services likely to fall in scope. Ofcom has developed a classification tool, which is already providing insights into the profile of regulated services and will continue to refine it drawing from the experience of applying the Act. 3.4 Additionally, Ofcom is developing several interconnected tools which could help to flag where services may not be compliant. For example: • Building a live database of services’ characteristics including risk factors. • Automating the analysis of Terms of Service to check whether they include the provisions required by the Act. • Automating the analysis of news and users’ complaints about services to enable timely engagement in case of emerging threats. • Exploring tools to automatically verify whether users can access pornography without an age check. 3.5 This will inform the possible need for enforcement in several ways, including by flagging increasing risk of harm, which may be due to ineffective safety processes, or potential compliance concerns. 3.6 Ofcom expects services to engage constructively and openly, and to be willing to make improvements. Ofcom will use its enforcement powers where it considers appropriate, reasonable, and proportionate to do so, guided by its regulatory principles. Ofcom’s approach to investigating compliance concerns and enforcing the Act’s requirements is set out in its draft enforcement guidance, on which it has consulted. Ofcom intends to publish the final guidance in late 2024.