What's in the Online Safety Act?

The UK's Online Safety Act aims to protect online users, and especially children, from illegal and certain types of harmful user-generated content. Weighing in at around 300 pages, the final version of the Online Safety Act has been published following Royal Assent on 26 October 2023.

We've analysed the main themes and issues in a series of articles and tables in the latest edition of Interface, our tech and media update. Our group of experts look at:

• The OSA in two pages - a summary table setting out what is covered by the OSA including types of services, types of content, safety duties and other obligations. 
• Who's caught? - Ofcom says around 100,000 services will need to consider the application of the OSA to them. We look at which services will be in scope.
• Safety duties and in-scope content - the OSA imposes different safety duties on service providers relative to different types of illegal and harmful content. We break down the requirements. 
• The OSA and children - services likely to be accessed by children have additional duties and all in-scope services have to complete an access assessment to determine whether those duties apply to them. Protecting children online is a major goal of the OSA and we look at how the new system is intended to work.
• Ofcom's powers and duties - Ofcom is the regulator of the OSA with a wide range of duties and powers including, ultimately, the power to impose sanctions up to the higher of £18m or 10% of annual global turnover. We summarise Ofcom's obligations.
• Ofcom's approach to regulating the OSA - Ofcom has set out a three-year plan for finalising the various codes of practice and guidance providing the details around compliance which will be crucial to in-scope services. We look at what to expect when.
• The UK's Online Safety Act compared with the EU's Digital Services Act - many service providers caught by the UK's OSA will also be subject to the EU's Digital Services Act. We look at the main similarities and key differences.
• Risk assessments - a critical part of OSA compliance is assessing the extent to which services are in scope and the extent of the risk posed by user-generated content on those services. There are different types of risk assessments required for different types of services. We outline the requirements.
• Freedom of speech and privacy, journalistic content, news publisher content and content of democratic importance - a controversial aspect of the OSA as it made its way through Parliament was the balance between protecting fundamental freedoms and protecting online users. We look at where that balance was struck.

Ofcom's first tranche of consultations is set to launch on 9 November so these articles are essential reading to prepare for the detail to come.