Source · Select Committees · Public Accounts Committee
Recommendation 14
14
Accepted
Ofcom has yet to develop automated data collection systems for non-supervised providers.
Conclusion
For the non-supervised service providers, Ofcom will monitor their compliance through automated data collection and analysis processes, supported by information from partner organisations that deal with the various harms. Ofcom told us that it has yet to develop the automated systems, but that it hopes the systems will provide an early warning system and enable it to spot emerging risks.25 Ofcom did not plan to ask large numbers of smaller companies for information at this stage, because it considered that 17 Q 28 18 Qq 26–28 19 Qq 28, 30, 31, 68 20 C&AG’s Report, para 1.16 21 Q 31 22 Q 16; C&AG’s Report, paras 14, 3.11 23 Q 44 24 Q 15 25 Qq 23, 48, 49: C&AG’s Report, para 3.12 Preparedness for online safety regulation 11 would not be proportionate.26 It recognised that, in an area where there has not been regulation before, this change is going to increase costs overall across the industry, and said it would therefore do everything it could to make the burden of compliance manageable and proportionate.27 It was also conscious of the need for it to manage carefully the risk that its regulation could prohibit the emergence of new players and innovation.28
Government Response Summary
The government agrees with the committee's observations and confirms Ofcom is designing data-driven tools and several interconnected automated systems, including a classification tool and analysis tools for terms of service and complaints, with a target implementation date of Spring 2025.
Government Response
Accepted
HM Government
Accepted
3.1 The government agrees with the Committee’s recommendation. Target implementation date: Spring 2025 3.2 Given the scale and scope of the regime, Ofcom is designing data-driven tools to identify potential risks, including non-compliance. 3.3 A foundational task is identifying the services likely to fall in scope. Ofcom has developed a classification tool, which is already providing insights into the profile of regulated services and will continue to refine it drawing from the experience of applying the Act. 3.4 Additionally, Ofcom is developing several interconnected tools which could help to flag where services may not be compliant. For example: • Building a live database of services’ characteristics including risk factors. • Automating the analysis of Terms of Service to check whether they include the provisions required by the Act. • Automating the analysis of news and users’ complaints about services to enable timely engagement in case of emerging threats. • Exploring tools to automatically verify whether users can access pornography without an age check. 3.5 This will inform the possible need for enforcement in several ways, including by flagging increasing risk of harm, which may be due to ineffective safety processes, or potential compliance concerns. 3.6 Ofcom expects services to engage constructively and openly, and to be willing to make improvements. Ofcom will use its enforcement powers where it considers appropriate, reasonable, and proportionate to do so, guided by its regulatory principles. Ofcom’s approach to investigating compliance concerns and enforcing the Act’s requirements is set out in its draft enforcement guidance, on which it has consulted. Ofcom intends to publish the final guidance in late 2024.