Legislation – Online Safety Act 2023

New Search

Introduction

PART 1
Introduction

1 Introduction

2 Overview of Act

PART 2
Key definitions

3 “User-to-user service” and “search service”

4 “Regulated service”, “Part 3 service” etc

5 Disapplication of Act to certain parts of services

PART 3
Providers of regulated user-to-user services and regulated search services: duties of care

CHAPTER 1 Introduction

6 Overview of Part 3

CHAPTER 2 Providers of user-to-user services: duties of care

User-to-user services: which duties apply, and scope of duties

7 Providers of user-to-user services: duties of care

8 Scope of duties of care

Illegal content duties for user-to-user services

9 Illegal content risk assessment duties

10 Safety duties about illegal content

User-to-user services likely to be accessed by children

11 Children’s risk assessment duties

12 Safety duties protecting children

13 Safety duties protecting children: interpretation

Category 1 services

14 Assessment duties: user empowerment

15 User empowerment duties

16 User empowerment duties: interpretation

17 Duties to protect content of democratic importance

18 Duties to protect news publisher content

19 Duties to protect journalistic content

Duties about content reporting and complaints procedures

20 Duty about content reporting

21 Duties about complaints procedures

Cross-cutting duties

22 Duties about freedom of expression and privacy

23 Record-keeping and review duties

CHAPTER 3 Providers of search services: duties of care

Search services: which duties apply, and scope of duties

24 Providers of search services: duties of care

25 Scope of duties of care

Illegal content duties for search services

26 Illegal content risk assessment duties

27 Safety duties about illegal content

Search services likely to be accessed by children

28 Children’s risk assessment duties

29 Safety duties protecting children

30 Safety duties protecting children: interpretation

Duties about content reporting and complaints procedures

31 Duty about content reporting

32 Duties about complaints procedures

Cross-cutting duties

33 Duties about freedom of expression and privacy

34 Record-keeping and review duties

CHAPTER 4 Children’s access assessments

35 Children’s access assessments

36 Duties about children’s access assessments

37 Meaning of “likely to be accessed by children”

CHAPTER 5 Duties about fraudulent advertising

38 Duties about fraudulent advertising: Category 1 services

39 Duties about fraudulent advertising: Category 2A services

40 Fraud etc offences

CHAPTER 6 Codes of practice and guidance

Codes of practice

41 Codes of practice about duties

42 Codes of practice: principles, objectives, content

43 Procedure for issuing codes of practice

44 Secretary of State’s powers of direction

45 Procedure for issuing codes of practice following direction under section 44

46 Publication of codes of practice

47 Review of codes of practice

48 Minor amendments of codes of practice

49 Relationship between duties and codes of practice

50 Effects of codes of practice

51 Duties and the first codes of practice

Guidance

52 OFCOM’s guidance about certain duties in Part 3

53 OFCOM’s guidance: content that is harmful to children and user empowerment

54 OFCOM’s guidance about protecting women and girls

CHAPTER 7 Interpretation of Part 3

55 “Regulated user-generated content”, “user-generated content”, “news publisher content”

56 “Recognised news publisher”

57 “Search content”, “search results” etc

58 Restricting users’ access to content

59 “Illegal content” etc

60 “Content that is harmful to children”

61 “Primary priority content that is harmful to children”

62 “Priority content that is harmful to children”

63 Content harmful to children: OFCOM’s review and report

PART 4
Other duties of providers of regulated user-to-user services and regulated search services

CHAPTER 1 User identity verification

64 User identity verification

65 OFCOM’s guidance about user identity verification

CHAPTER 2 Reporting child sexual exploitation and abuse content

66 Requirement to report CSEA content to the NCA

67 Regulations about reports to the NCA

68 NCA: information sharing

69 Offence in relation to CSEA reporting

70 Interpretation of this Chapter

CHAPTER 3 Terms of service: transparency, accountability and freedom of expression

71 Duty not to act against users except in accordance with terms of service

72 Further duties about terms of service

73 OFCOM’s guidance about duties set out in sections 71 and 72

74 Interpretation of this Chapter

CHAPTER 4 Deceased Child Users

75 Disclosure of information about use of service by deceased child users

76 OFCOM’s guidance about duties set out in section 75

CHAPTER 5 Transparency reporting

77 Transparency reports about certain Part 3 services

78 OFCOM’s guidance about transparency reports

PART 5
Duties of providers of regulated services: certain pornographic content

79 “Provider pornographic content” and “regulated provider pornographic content”

80 Scope of duties about regulated provider pornographic content

81 Duties about regulated provider pornographic content

82 OFCOM’s guidance about duties set out in section 81

PART 6
Duties of providers of regulated services: fees

83 Duty to notify OFCOM

84 Duty to pay fees

85 Regulations by OFCOM about qualifying worldwide revenue etc

86 Threshold figure

87 Secretary of State’s guidance about fees

88 OFCOM’s fees statements

89 Recovery of OFCOM’s initial costs

90 Meaning of “charging year” and “initial charging year”

PART 7
OFCOM’s powers and duties in relation to regulated services

CHAPTER 1 General duties

91 General duties of OFCOM under section 3 of the Communications Act

92 Duties in relation to strategic priorities

93 Duty to carry out impact assessments

CHAPTER 2 Register of categories of regulated user-to-user services and regulated search services

94 Meaning of threshold conditions etc

95 Register of categories of certain Part 3 services

96 Duty to maintain register

97 List of emerging Category 1 services

CHAPTER 3 Risk assessments of regulated user-to-user services and regulated search services

98 OFCOM’s register of risks, and risk profiles, of Part 3 services

99 OFCOM’s guidance about risk assessments

CHAPTER 4 Information

Information powers and information notices

100 Power to require information

101 Information in connection with an investigation into the death of a child

102 Information notices

103 Requirement to name a senior manager

Skilled persons’ reports

104 Reports by skilled persons

Investigations and interviews

105 Investigations

106 Power to require interviews

Powers of entry, inspection and audit

107 Powers of entry, inspection and audit

108 Amendment of Criminal Justice and Police Act 2001

Information offences and penalties

109 Offences in connection with information notices

110 Senior managers’ liability: information offences

111 Offences in connection with notices under Schedule 12

112 Other information offences

113 Penalties for information offences

Disclosure of information

114 Co-operation and disclosure of information: overseas regulators

115 Disclosure of information

116 Intelligence service information

117 Provision of information to the Secretary of State

118 Amendment of Enterprise Act 2002

119 Information for users of regulated services

120 Admissibility of statements

CHAPTER 5 Regulated user-to-user services and regulated search services: notices to deal with terrorism content and CSEA content

121 Notices to deal with terrorism content or CSEA content (or both)

122 Requirement to obtain skilled person’s report

123 Warning notices

124 Matters relevant to a decision to give a notice under section 121(1)

125 Notices under section 121(1): supplementary

126 Review and further notice under section 121(1)

127 OFCOM’s guidance about functions under this Chapter

128 OFCOM’s annual report

129 Interpretation of this Chapter

CHAPTER 6 Enforcement powers

Provisional notices and confirmation decisions

130 Provisional notice of contravention

131 Requirements enforceable by OFCOM against providers of regulated services

132 Confirmation decisions

133 Confirmation decisions: requirements to take steps

134 Confirmation decisions: risk assessments

135 Confirmation decisions: children’s access assessments

136 Confirmation decisions: proactive technology

137 Confirmation decisions: penalties

138 Confirmation decisions: offences

Penalty notices etc

139 Penalty for failure to comply with confirmation decision

140 Penalty for failure to comply with notice under section 121(1)

141 Non-payment of fee

142 Information to be included in notices under sections 140 and 141

Amount of penalties etc

143 Amount of penalties etc

Business disruption measures

144 Service restriction orders

145 Interim service restriction orders

146 Access restriction orders

147 Interim access restriction orders

148 Interaction with other action by OFCOM

Publication of enforcement action

149 Publication by OFCOM of details of enforcement action

150 Publication by providers of details of enforcement action

Guidance

151 OFCOM’s guidance about enforcement action

CHAPTER 7 Committees, research and reports

152 Advisory committee on disinformation and misinformation

153 Functions of the Content Board

154 Research about users’ experiences of regulated services

154A Information for research about online safety matters

155 Consumer consultation

156 OFCOM’s statement about freedom of expression and privacy

157 OFCOM’s reports about use of age assurance

158 OFCOM’s reports about news publisher content and journalistic content

159 OFCOM’s transparency reports

160 OFCOM’s report about reporting and complaints procedures

161 OFCOM’s report about use of app stores by children

162 OFCOM’s report about researchers’ access to information

163 OFCOM’s report in connection with investigation into a death

164 OFCOM’s reports

CHAPTER 8 Media literacy

165 Media literacy

166 Media literacy strategy and media literacy statement

PART 8
Appeals and super-complaints

CHAPTER 1 Appeals

167 Appeals against OFCOM decisions relating to the register under section 95

168 Appeals against OFCOM notices

CHAPTER 2 Super-complaints

169 Power to make super-complaints

170 Procedure for super-complaints

171 OFCOM’s guidance about super-complaints

PART 9
Secretary of State’s functions in relation to regulated services

172 Statement of strategic priorities

173 Consultation and parliamentary procedure

174 Directions about advisory committees

175 Directions in special circumstances

176 Secretary of State’s guidance

177 Annual report on the Secretary of State’s functions

178 Review

PART 10
Communications offences

179 False communications offence

180 Exemptions from offence under section 179

181 Threatening communications offence

182 Interpretation of sections 179 to 181

183 Offences of sending or showing flashing images electronically

184 Offence of encouraging or assisting serious self-harm

185 Extra-territorial application and jurisdiction

186 Liability of corporate officers

187 Sending etc photograph or film of genitals

188 Sharing or threatening to share intimate photograph or film

189 Repeals in connection with offences under sections 179 and 181

190 Repeals in connection with offences under section 188

191 Consequential amendments

PART 11
Supplementary and general

192 Providers’ judgements about the status of content

193 OFCOM’s guidance about illegal content judgements

194 Time for publishing first guidance under certain provisions of this Act

195 Providers that are not legal persons

196 Individuals providing regulated services: liability

197 Liability of parent entities etc

198 Former providers of regulated services

199 Information offences: supplementary

200 Offence of failure to comply with confirmation decision: supplementary

201 Defences

202 Liability of corporate officers for offences

203 Application of offences to providers that are not legal persons

204 Extra-territorial application

205 Offences: extra-territorial application and jurisdiction

206 Payment of sums into the Consolidated Fund

207 Publication by OFCOM

208 Service of notices

209 Amendments of Part 4B of the Communications Act

210 Repeal of Part 4B of the Communications Act

211 Repeal of Part 4B of the Communications Act: transitional provision etc

212 Repeals: Digital Economy Act 2017

213 Offence under the Obscene Publications Act 1959: OFCOM defence

214 Offences regarding indecent photographs of children: OFCOM defence

215 Power to regulate app stores

216 Power to regulate app stores: supplementary

217 Power to impose duty about alternative dispute resolution procedure

218 Power to amend section 40

219 Powers to amend sections 61 and 62

220 Powers to amend or repeal provisions relating to exempt content or services

221 Powers to amend Part 2 of Schedule 1

222 Powers to amend Schedules 5, 6 and 7

223 Power to make consequential provision

224 Regulations: general

225 Parliamentary procedure for regulations

PART 12
Interpretation and final provisions

226 “Provider” of internet service

227 “User”, “United Kingdom user” and “interested person”

228 “Internet service”

229 “Search engine”

230 “Age verification” and “age estimation”

231 “Proactive technology”

232 Content communicated “publicly” or “privately”

233 “Functionality”

234 “Harm” etc

235 “Online safety functions” and “online safety matters”

236 Interpretation: general

237 Index of defined terms

238 Financial provisions

239 Extent

240 Commencement and transitional provision

241 Short title

SCHEDULES

SCHEDULE 1 Exempt user-to-user and search services

SCHEDULE 2 User-to-user services and search services that include regulated provider pornographic content

SCHEDULE 3 Timing of providers’ assessments

SCHEDULE 4 Codes of practice under section 41: principles, objectives, content

SCHEDULE 5 Terrorism offences

SCHEDULE 6 Child sexual exploitation and abuse offences

SCHEDULE 7 Priority offences

SCHEDULE 8 Transparency reports by providers of Category 1 services, Category 2A services and Category 2B services

SCHEDULE 9 Certain internet services not subject to duties relating to regulated provider pornographic content

SCHEDULE 10 Recovery of OFCOM’s initial costs

SCHEDULE 11 Categories of regulated user-to-user services and regulated search services: regulations

SCHEDULE 12 OFCOM’s powers of entry, inspection and audit

SCHEDULE 13 Penalties imposed by OFCOM under Chapter 6 of Part 7

SCHEDULE 14 Amendments consequential on offences in Part 10 of this Act

SCHEDULE 15 Liability of parent entities etc

SCHEDULE 16 Amendments of Part 4B of the Communications Act

SCHEDULE 17 Video-sharing platform services: transitional provision etc

Changes to legislation:

There are currently no known outstanding effects for the Online Safety Act 2023, CHAPTER 2. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.

PART 4Other duties of providers of regulated user-to-user services and regulated search services

CHAPTER 2Reporting child sexual exploitation and abuse content

66Requirement to report CSEA content to the NCA

(1)

A UK provider of a regulated user-to-user service must operate the service using systems and processes which secure (so far as possible) that the provider reports all detected and unreported CSEA content present on the service to the NCA.

(2)

A non-UK provider of a regulated user-to-user service must operate the service using systems and processes which secure (so far as possible) that the provider reports all detected and unreported UK-linked CSEA content present on the service to the NCA (and does not report to the NCA CSEA content which is not UK-linked).

(3)

A UK provider of a regulated search service must operate the service using systems and processes which secure (so far as possible) that the provider reports all detected and unreported CSEA content present on websites or databases capable of being searched by the search engine to the NCA.

(4)

A non-UK provider of a regulated search service must operate the service using systems and processes which secure (so far as possible) that the provider reports all detected and unreported UK-linked CSEA content present on websites or databases capable of being searched by the search engine to the NCA (and does not report to the NCA CSEA content which is not UK-linked).

(5)

A UK provider of a combined service must comply with the requirement under subsection (3) in relation to the search engine of the service.

(6)

A non-UK provider of a combined service must comply with the requirement under subsection (4) in relation to the search engine of the service.

(7)

Providers’ reports under this section—

(a)

must meet the requirements set out in regulations under section 67, and

(b)

must be sent to the NCA in the manner, and within the time frames, set out in those regulations.

(8)

If a person is the provider of more than one regulated user-to-user service or regulated search service, requirements under this section apply in relation to each such service.

(9)

Terms used in this section are defined in section 70.

(10)

This section applies only in relation to CSEA content detected on or after the date on which this section comes into force.

Annotations:
Commencement Information

I1S. 66 not in force at Royal Assent, see s. 240(1)

67Regulations about reports to the NCA

(1)

The Secretary of State must make regulations in connection with the reports that are to be made to the NCA (including by non-UK providers) as required by section 66.

(2)

The regulations may make provision about—

(a)

the information to be included in the reports,

(b)

the format of the reports,

(c)

the manner in which the reports must be sent to the NCA,

(d)

the time frames for sending the reports to the NCA (including provision about cases of particular urgency),

(e)

the records that providers must keep in relation to the reports, or the details that providers must retain as evidence that they have made the reports, and

(f)

such other matters relating to the reports as the Secretary of State considers appropriate.

(3)

The regulations may also—

(a)

require providers to retain, for a specified period, data of a specified description associated with a report, and

(b)

impose restrictions or requirements in relation to the retention of such data (including how the data is to be secured or stored or who may access the data).

(4)

The power to require the retention of data associated with a report includes power to require the retention of—

(a)

content generated, uploaded or shared by any user mentioned in the report (or metadata relating to such content), and

(b)

user data relating to any such person (or metadata relating to such data).

“User data” here has the meaning given by section 231.

(5)

Before making regulations under this section, the Secretary of State must consult—

(a)

the NCA,

(b)

OFCOM, and

(c)

such other persons as the Secretary of State considers appropriate.

68NCA: information sharing

In section 16 of the Crime and Courts Act 2013 (interpretation of Part 1), in subsection (1), in the definition of “permitted purpose”, after paragraph (o) insert—

“(oa)

the exercise of any function of OFCOM (the Office of Communications) under the Online Safety Act 2023;”.

69Offence in relation to CSEA reporting

(1)

A person commits an offence if, in purported compliance with a requirement under section 66—

(a)

the person provides information that is false in a material respect, and

(b)

at the time the person provides it, the person knows that it is false in a material respect or is reckless as to whether it is false in a material respect.

(2)

A person who commits an offence under this section is liable—

(a)

on summary conviction in England and Wales, to imprisonment for a term not exceeding the general limit in a magistrates’ court or a fine (or both);

(b)

on summary conviction in Scotland, to imprisonment for a term not exceeding 12 months or a fine not exceeding the statutory maximum (or both);

(c)

on summary conviction in Northern Ireland, to imprisonment for a term not exceeding 6 months or a fine not exceeding the statutory maximum (or both);

(d)

on conviction on indictment, to imprisonment for a term not exceeding 2 years or a fine (or both).

Annotations:
Commencement Information

I6S. 69 not in force at Royal Assent, see s. 240(1)

70Interpretation of this Chapter

(1)

This section applies for the purposes of this Chapter.

(2)

A provider of a regulated user-to-user service or a regulated search service is a “UK provider” of the service if the provider is—

(a)

an individual or individuals who are habitually resident in the United Kingdom, or

(b)

an entity incorporated or formed under the law of any part of the United Kingdom.

(3)

Otherwise, a provider of a regulated user-to-user service or a regulated search service is a “non-UK provider” of the service.

(4)

CSEA content is “detected” by a provider when the provider becomes aware of the content, whether by means of the provider’s systems or processes or as a result of another person alerting the provider.

(5)

CSEA content is “unreported”, in relation to a provider, if the reporting of that content is not covered by arrangements (mandatory or voluntary)—

(a)

by which the provider reports content relating to child sexual exploitation or abuse to a foreign agency, or

(b)

by which an entity that is a group undertaking in relation to the provider reports content relating to child sexual exploitation or abuse to—

(i)

the NCA, or

(ii)

a foreign agency.

(6)

CSEA content is “UK-linked” if a provider has evidence of a link between the content and the United Kingdom, based on any of the following—

(a)

the place where the content was published, generated, uploaded or shared;

(b)

the nationality of a person suspected of committing the related offence;

(c)

the location of a person suspected of committing the related offence;

(d)

the location of a child who is a suspected victim of the related offence.

For the purposes of paragraphs (b), (c) and (d) an offence is “related” to CSEA content if the content amounts to that offence (construed in accordance with section 59: see subsections (3), (11) and (12) of that section).

(7)

In this Chapter—

CSEA content” has the same meaning as in Part 3 (see section 59);

foreign agency” means a person exercising functions in a country outside the United Kingdom which correspond to the NCA’s functions insofar as they relate to receiving and disseminating reports about CSEA content;

group undertaking” has the meaning given by section 1161(5) of the Companies Act 2006;

NCA” means the National Crime Agency.

(8)

Sections 1161(5) and 1162 of, and Schedule 7 to, the Companies Act 2006—

(a)

are to apply in relation to an entity which is not an undertaking (as defined in section 1161(1) of that Act) as they apply in relation to an undertaking, and

(b)

are to be read with any necessary modifications if applied to an entity formed under the law of a country outside the United Kingdom.

Annotations:
Commencement Information

I7S. 70 in force at Royal Assent, see s. 240(4)(i)