Recommendation 10

HM Government Deferred

government is committed to working with Ofcom to ensure the Online Safety Act is implemented quickly and effectively. Services’ obligation to carry out illegal content risk assessments began in December 2024 following the publication of Ofcom’s risk assessment guidance. They have three months to complete the risk assessment, and we expect the application of the illegal content safety duties to coincide with this timing (this spring). Ofcom can then start enforcing against the regime. We are expecting Ofcom’s children’s risk assessment guidance to be published in April 2025, following which services will have to risk assess for harms to children. Subject to the draft codes passing parliamentary scrutiny once laid, the child safety duties regime should be fully in effect by summer 2025. All services in scope need to take steps to protect children from illegal content and criminal behaviour on their services. Services are required to have systems and processes that prevent users from being exposed to priority illegal content and behaviour and swiftly remove it if it is uploaded to the service. Beyond the priority offences, all service providers need to ensure that they have effective systems and processes in place to quickly take down other illegal content or behaviour once it has been reported or they otherwise become aware of its presence. The act sets out that, for pornography and other types of the most harmful content to children (“primary priority content that is harmful to children”), in-scope services must use age verification or age estimation that is highly effective at determining whether or not the user is a child. Ofcom has published the draft Children’s Safety Codes, proposing a range of measures that companies should take if their services pose a risk of exposing children to harmful content including pornography, bullying, and violent content. As well as recommending the use of highly effective age assurance (HEAA) technologies, measures include altering their algorithms to filter out harmful content for children; and provision of effective systems so parents and children can easily report and get responses about harmful online content. On 16 January 2025, Ofcom published its finalised guidance on HEAA. Online services that publish pornography (Part 5 services) must begin taking steps to implement HEAA immediately. User-to-user services (“part 3 services”) which are likely to be accessed by children to implement compliant age assurance once the safety duties are fully effective (expected July 2025). Ofcom will have robust enforcement powers available to use against services who fail to fulfil their duties under the act and will be able to issue confirmation decisions with a requirement to take steps to bring them into compliance. Further non-compliance could lead to services being fined of up to £18 million or 10% of their qualifying global worldwide revenue in the relevant year, whichever is higher.