Legislation – Online Safety Act 2023

New Search

Introduction

PART 1
Introduction

1 Introduction

2 Overview of Act

PART 2
Key definitions

3 “User-to-user service” and “search service”

4 “Regulated service”, “Part 3 service” etc

5 Disapplication of Act to certain parts of services

PART 3
Providers of regulated user-to-user services and regulated search services: duties of care

CHAPTER 1 Introduction

6 Overview of Part 3

CHAPTER 2 Providers of user-to-user services: duties of care

User-to-user services: which duties apply, and scope of duties

7 Providers of user-to-user services: duties of care

8 Scope of duties of care

Illegal content duties for user-to-user services

9 Illegal content risk assessment duties

10 Safety duties about illegal content

User-to-user services likely to be accessed by children

11 Children’s risk assessment duties

12 Safety duties protecting children

13 Safety duties protecting children: interpretation

Category 1 services

14 Assessment duties: user empowerment

15 User empowerment duties

16 User empowerment duties: interpretation

17 Duties to protect content of democratic importance

18 Duties to protect news publisher content

19 Duties to protect journalistic content

Duties about content reporting and complaints procedures

20 Duty about content reporting

21 Duties about complaints procedures

Cross-cutting duties

22 Duties about freedom of expression and privacy

23 Record-keeping and review duties

CHAPTER 3 Providers of search services: duties of care

Search services: which duties apply, and scope of duties

24 Providers of search services: duties of care

25 Scope of duties of care

Illegal content duties for search services

26 Illegal content risk assessment duties

27 Safety duties about illegal content

Search services likely to be accessed by children

28 Children’s risk assessment duties

29 Safety duties protecting children

30 Safety duties protecting children: interpretation

Duties about content reporting and complaints procedures

31 Duty about content reporting

32 Duties about complaints procedures

Cross-cutting duties

33 Duties about freedom of expression and privacy

34 Record-keeping and review duties

CHAPTER 4 Children’s access assessments

35 Children’s access assessments

36 Duties about children’s access assessments

37 Meaning of “likely to be accessed by children”

CHAPTER 5 Duties about fraudulent advertising

38 Duties about fraudulent advertising: Category 1 services

39 Duties about fraudulent advertising: Category 2A services

40 Fraud etc offences

CHAPTER 6 Codes of practice and guidance

Codes of practice

41 Codes of practice about duties

42 Codes of practice: principles, objectives, content

43 Procedure for issuing codes of practice

44 Secretary of State’s powers of direction

45 Procedure for issuing codes of practice following direction under section 44

46 Publication of codes of practice

47 Review of codes of practice

48 Minor amendments of codes of practice

49 Relationship between duties and codes of practice

50 Effects of codes of practice

51 Duties and the first codes of practice

Guidance

52 OFCOM’s guidance about certain duties in Part 3

53 OFCOM’s guidance: content that is harmful to children and user empowerment

54 OFCOM’s guidance about protecting women and girls

CHAPTER 7 Interpretation of Part 3

55 “Regulated user-generated content”, “user-generated content”, “news publisher content”

56 “Recognised news publisher”

57 “Search content”, “search results” etc

58 Restricting users’ access to content

59 “Illegal content” etc

60 “Content that is harmful to children”

61 “Primary priority content that is harmful to children”

62 “Priority content that is harmful to children”

63 Content harmful to children: OFCOM’s review and report

PART 4
Other duties of providers of regulated user-to-user services and regulated search services

CHAPTER 1 User identity verification

64 User identity verification

65 OFCOM’s guidance about user identity verification

CHAPTER 2 Reporting child sexual exploitation and abuse content

66 Requirement to report CSEA content to the NCA

67 Regulations about reports to the NCA

68 NCA: information sharing

69 Offence in relation to CSEA reporting

70 Interpretation of this Chapter

CHAPTER 3 Terms of service: transparency, accountability and freedom of expression

71 Duty not to act against users except in accordance with terms of service

72 Further duties about terms of service

73 OFCOM’s guidance about duties set out in sections 71 and 72

74 Interpretation of this Chapter

CHAPTER 4 Deceased Child Users

75 Disclosure of information about use of service by deceased child users

76 OFCOM’s guidance about duties set out in section 75

CHAPTER 5 Transparency reporting

77 Transparency reports about certain Part 3 services

78 OFCOM’s guidance about transparency reports

PART 5
Duties of providers of regulated services: certain pornographic content

79 “Provider pornographic content” and “regulated provider pornographic content”

80 Scope of duties about regulated provider pornographic content

81 Duties about regulated provider pornographic content

82 OFCOM’s guidance about duties set out in section 81

PART 6
Duties of providers of regulated services: fees

83 Duty to notify OFCOM

84 Duty to pay fees

85 Regulations by OFCOM about qualifying worldwide revenue etc

86 Threshold figure

87 Secretary of State’s guidance about fees

88 OFCOM’s fees statements

89 Recovery of OFCOM’s initial costs

90 Meaning of “charging year” and “initial charging year”

PART 7
OFCOM’s powers and duties in relation to regulated services

CHAPTER 1 General duties

91 General duties of OFCOM under section 3 of the Communications Act

92 Duties in relation to strategic priorities

93 Duty to carry out impact assessments

CHAPTER 2 Register of categories of regulated user-to-user services and regulated search services

94 Meaning of threshold conditions etc

95 Register of categories of certain Part 3 services

96 Duty to maintain register

97 List of emerging Category 1 services

CHAPTER 3 Risk assessments of regulated user-to-user services and regulated search services

98 OFCOM’s register of risks, and risk profiles, of Part 3 services

99 OFCOM’s guidance about risk assessments

CHAPTER 4 Information

Information powers and information notices

100 Power to require information

101 Information in connection with an investigation into the death of a child

102 Information notices

103 Requirement to name a senior manager

Skilled persons’ reports

104 Reports by skilled persons

Investigations and interviews

105 Investigations

106 Power to require interviews

Powers of entry, inspection and audit

107 Powers of entry, inspection and audit

108 Amendment of Criminal Justice and Police Act 2001

Information offences and penalties

109 Offences in connection with information notices

110 Senior managers’ liability: information offences

111 Offences in connection with notices under Schedule 12

112 Other information offences

113 Penalties for information offences

Disclosure of information

114 Co-operation and disclosure of information: overseas regulators

115 Disclosure of information

116 Intelligence service information

117 Provision of information to the Secretary of State

118 Amendment of Enterprise Act 2002

119 Information for users of regulated services

120 Admissibility of statements

CHAPTER 5 Regulated user-to-user services and regulated search services: notices to deal with terrorism content and CSEA content

121 Notices to deal with terrorism content or CSEA content (or both)

122 Requirement to obtain skilled person’s report

123 Warning notices

124 Matters relevant to a decision to give a notice under section 121(1)

125 Notices under section 121(1): supplementary

126 Review and further notice under section 121(1)

127 OFCOM’s guidance about functions under this Chapter

128 OFCOM’s annual report

129 Interpretation of this Chapter

CHAPTER 6 Enforcement powers

Provisional notices and confirmation decisions

130 Provisional notice of contravention

131 Requirements enforceable by OFCOM against providers of regulated services

132 Confirmation decisions

133 Confirmation decisions: requirements to take steps

134 Confirmation decisions: risk assessments

135 Confirmation decisions: children’s access assessments

136 Confirmation decisions: proactive technology

137 Confirmation decisions: penalties

138 Confirmation decisions: offences

Penalty notices etc

139 Penalty for failure to comply with confirmation decision

140 Penalty for failure to comply with notice under section 121(1)

141 Non-payment of fee

142 Information to be included in notices under sections 140 and 141

Amount of penalties etc

143 Amount of penalties etc

Business disruption measures

144 Service restriction orders

145 Interim service restriction orders

146 Access restriction orders

147 Interim access restriction orders

148 Interaction with other action by OFCOM

Publication of enforcement action

149 Publication by OFCOM of details of enforcement action

150 Publication by providers of details of enforcement action

Guidance

151 OFCOM’s guidance about enforcement action

CHAPTER 7 Committees, research and reports

152 Advisory committee on disinformation and misinformation

153 Functions of the Content Board

154 Research about users’ experiences of regulated services

155 Consumer consultation

156 OFCOM’s statement about freedom of expression and privacy

157 OFCOM’s reports about use of age assurance

158 OFCOM’s reports about news publisher content and journalistic content

159 OFCOM’s transparency reports

160 OFCOM’s report about reporting and complaints procedures

161 OFCOM’s report about use of app stores by children

162 OFCOM’s report about researchers’ access to information

163 OFCOM’s report in connection with investigation into a death

164 OFCOM’s reports

CHAPTER 8 Media literacy

165 Media literacy

166 Media literacy strategy and media literacy statement

PART 8
Appeals and super-complaints

CHAPTER 1 Appeals

167 Appeals against OFCOM decisions relating to the register under section 95

168 Appeals against OFCOM notices

CHAPTER 2 Super-complaints

169 Power to make super-complaints

170 Procedure for super-complaints

171 OFCOM’s guidance about super-complaints

PART 9
Secretary of State’s functions in relation to regulated services

172 Statement of strategic priorities

173 Consultation and parliamentary procedure

174 Directions about advisory committees

175 Directions in special circumstances

176 Secretary of State’s guidance

177 Annual report on the Secretary of State’s functions

178 Review

PART 10
Communications offences

179 False communications offence

180 Exemptions from offence under section 179

181 Threatening communications offence

182 Interpretation of sections 179 to 181

183 Offences of sending or showing flashing images electronically

184 Offence of encouraging or assisting serious self-harm

185 Extra-territorial application and jurisdiction

186 Liability of corporate officers

187 Sending etc photograph or film of genitals

188 Sharing or threatening to share intimate photograph or film

189 Repeals in connection with offences under sections 179 and 181

190 Repeals in connection with offences under section 188

191 Consequential amendments

PART 11
Supplementary and general

192 Providers’ judgements about the status of content

193 OFCOM’s guidance about illegal content judgements

194 Time for publishing first guidance under certain provisions of this Act

195 Providers that are not legal persons

196 Individuals providing regulated services: liability

197 Liability of parent entities etc

198 Former providers of regulated services

199 Information offences: supplementary

200 Offence of failure to comply with confirmation decision: supplementary

201 Defences

202 Liability of corporate officers for offences

203 Application of offences to providers that are not legal persons

204 Extra-territorial application

205 Offences: extra-territorial application and jurisdiction

206 Payment of sums into the Consolidated Fund

207 Publication by OFCOM

208 Service of notices

209 Amendments of Part 4B of the Communications Act

210 Repeal of Part 4B of the Communications Act

211 Repeal of Part 4B of the Communications Act: transitional provision etc

212 Repeals: Digital Economy Act 2017

213 Offence under the Obscene Publications Act 1959: OFCOM defence

214 Offences regarding indecent photographs of children: OFCOM defence

215 Power to regulate app stores

216 Power to regulate app stores: supplementary

217 Power to impose duty about alternative dispute resolution procedure

218 Power to amend section 40

219 Powers to amend sections 61 and 62

220 Powers to amend or repeal provisions relating to exempt content or services

221 Powers to amend Part 2 of Schedule 1

222 Powers to amend Schedules 5, 6 and 7

223 Power to make consequential provision

224 Regulations: general

225 Parliamentary procedure for regulations

PART 12
Interpretation and final provisions

226 “Provider” of internet service

227 “User”, “United Kingdom user” and “interested person”

228 “Internet service”

229 “Search engine”

230 “Age verification” and “age estimation”

231 “Proactive technology”

232 Content communicated “publicly” or “privately”

233 “Functionality”

234 “Harm” etc

235 “Online safety functions” and “online safety matters”

236 Interpretation: general

237 Index of defined terms

238 Financial provisions

239 Extent

240 Commencement and transitional provision

241 Short title

SCHEDULES

SCHEDULE 1 Exempt user-to-user and search services

SCHEDULE 2 User-to-user services and search services that include regulated provider pornographic content

SCHEDULE 3 Timing of providers’ assessments

SCHEDULE 4 Codes of practice under section 41: principles, objectives, content

SCHEDULE 5 Terrorism offences

SCHEDULE 6 Child sexual exploitation and abuse offences

SCHEDULE 7 Priority offences

SCHEDULE 8 Transparency reports by providers of Category 1 services, Category 2A services and Category 2B services

SCHEDULE 9 Certain internet services not subject to duties relating to regulated provider pornographic content

SCHEDULE 10 Recovery of OFCOM’s initial costs

SCHEDULE 11 Categories of regulated user-to-user services and regulated search services: regulations

SCHEDULE 12 OFCOM’s powers of entry, inspection and audit

SCHEDULE 13 Penalties imposed by OFCOM under Chapter 6 of Part 7

SCHEDULE 14 Amendments consequential on offences in Part 10 of this Act

SCHEDULE 15 Liability of parent entities etc

SCHEDULE 16 Amendments of Part 4B of the Communications Act

SCHEDULE 17 Video-sharing platform services: transitional provision etc

SCHEDULES

SCHEDULE 8Transparency reports by providers of Category 1 services, Category 2A services and Category 2B services

Section 77

PART 1Matters about which information may be required: user-to-user part of service

1

The incidence of illegal content, content that is harmful to children, relevant content and content to which section 15(2) applies on a service.

2

The dissemination of illegal content, content that is harmful to children, relevant content and content to which section 15(2) applies by means of a service.

3

The number of users who are assumed to have encountered illegal content, content that is harmful to children, relevant content or content to which section 15(2) applies by means of the service.

4

The formulation, development, scope and application of the terms of service.

5

The systems and processes for users to report content which they consider to be illegal content, content that is harmful to children or relevant content.

6

The systems and processes that a provider operates to deal with illegal content, content that is harmful to children and relevant content, including systems and processes for identifying such content and taking it down.

7

Functionalities designed to help users manage risks relating to content that is harmful to children and relevant content.

8

Features, including functionalities, that a provider considers may contribute to risks of harm to individuals using the service, and measures taken or in use by the provider to mitigate and manage those risks.

9

The design and operation of algorithms which affect the display, promotion, restriction or recommendation of illegal content, content that is harmful to children, relevant content or content to which section 15(2) applies.

10

Measures taken or in use by a provider to comply with any duty set out in Chapter 2 or 4 of Part 3 or section 38 (including in particular measures that are described in a code of practice under section 41).

11

Measures taken or in use by a provider to comply with the duty set out in section 64(1) (user identity verification).

12

Arrangements that a provider has in place for the reporting (in the United Kingdom or elsewhere) of content relating to child sexual exploitation and abuse, and measures taken or in use by a provider to comply with a requirement under section 66.

13

Measures taken or in use by a provider to comply with any duty set out in section 71 or 72 (terms of service).

14

Measures taken or in use by a provider to comply with any duty set out in section 75 (deceased child users).

15

The systems and processes by which a provider assesses the risk of harm to individuals from the presence of illegal content or content that is harmful to children—

(a)

when the service is initially being designed or developed,

(b)

when any further development or update to the service is being considered, and

(c)

while the service is in operation.

16

The systems and processes that a provider operates—

(a)

to direct users of the service to information about how they can protect themselves from harm in relation to illegal content and content that is harmful to children, and

(b)

to counteract or provide support to users of the service in relation to illegal content and content that is harmful to children present on the service.

17

Co-operation by a provider with government, regulatory or other public sector bodies in the United Kingdom, in particular those involved in the enforcement of the criminal law.

18

Measures taken or in use by a provider to provide for a higher standard of protection for children than for adults.

19

Measures taken or in use by a provider to improve the media literacy of users, and an evaluation of the effectiveness of such measures.

20

Any other measures taken or in use by a provider which relate to online safety matters.

PART 2Matters about which information may be required: search engine

21

The incidence of illegal search content and search content that is harmful to children on a service.

22

The number of users who are assumed to have encountered illegal search content or search content that is harmful to children.

23

The formulation, development, scope and application of the statements of policies and procedures mentioned in sections 27(5) and 29(5).

24

The systems and processes for users to report search content which they consider to be illegal content or content that is harmful to children, or other content which they consider breaches any statements of policies and procedures which have been made publicly available by the provider of a service.

25

The systems and processes that a provider operates to deal with illegal search content and search content that is harmful to children, including systems and processes for identifying such content and minimising the risk of those kinds of content being encountered by means of the service.

26

Functionalities designed to help users manage risks relating to search content that is harmful to children.

27

The design and operation of algorithms which affect the display, promotion, restriction or recommendation of illegal search content or search content that is harmful to children.

28

Measures taken or in use by a provider to comply with any duty set out in Chapter 3 or 4 of Part 3 or section 39 (including in particular measures that are described in a code of practice under section 41).

29

Arrangements that a provider has in place for the reporting (in the United Kingdom or elsewhere) of content relating to child sexual exploitation and abuse, and measures taken or in use by a provider to comply with a requirement under section 66.

30

Measures taken or in use by a provider to comply with any duty set out in section 75 (deceased child users).

31

The systems and processes by which a provider assesses the risk of harm to individuals from illegal search content or search content that is harmful to children—

(a)

when the service is initially being designed or developed,

(b)

when any further development or update to the service is being considered, and

(c)

while the service is in operation.

32

The systems and processes that a provider operates—

(a)

to direct users of the service to information about how they can protect themselves from harm in relation to illegal content and content that is harmful to children, and

(b)

to counteract or provide support to users of the service in relation to illegal search content and search content that is harmful to children.

33

Co-operation by a provider with government, regulatory or other public sector bodies in the United Kingdom, in particular those involved in the enforcement of the criminal law.

34

Measures taken or in use by a provider to provide a higher standard of protection for children than for adults.

35

Measures taken or in use by a provider to improve the media literacy of users, and an evaluation of the effectiveness of such measures.

36

Any other measures taken or in use by a provider which relate to online safety matters.

PART 3Further provision and interpretation

37

When determining which information to require in a notice under section 77(1) in relation to a particular service, OFCOM must take into account—

(a)

the kind of service it is;

(b)

the functionalities of the service;

(c)

the number of users of the service;

(d)

the capacity of the provider;

(e)

the duties set out in Chapter 2 or 3 of Part 3 or Chapters 1 to 4 of Part 4 that apply in relation to the service;

(f)

the proportion of users of the service who are children.

38

The Secretary of State may by regulations—

(a)

amend Part 1 or Part 2 of this Schedule so as to add further matters about which information may be required, or to vary or omit matters about which information may be required, and

(b)

amend paragraph 37 in connection with any such amendment.

39

The Secretary of State must consult OFCOM before making regulations under paragraph 38.

40

In the application of Part 2 of this Schedule to a combined service, references to statements of policies and procedures include references to provisions of the terms of service which relate to the search engine.

41

(1)

For the purposes of this Schedule, content of a particular kind is “relevant content” if—

(a)

a term of service, other than a term of service within sub-paragraph (2), indicates (in whatever words) that the presence of content of that kind is prohibited on the service or that users’ access to content of that kind is restricted, and

(b)

it is regulated user-generated content.

(2)

The terms of service within this sub-paragraph are as follows—

(a)

terms of service which make provision of the kind mentioned in section 10(5) (protecting individuals from illegal content) or 12(9) (protecting children from content that is harmful to children);

(b)

terms of service which deal with the treatment of consumer content.

(3)

References in this Schedule to relevant content are to content that is relevant content in relation to the service in question.

(4)

The reference in sub-paragraph (1) to users’ access to content being restricted is to be construed in accordance with sections 58 and 236(6).

42

In this Schedule—

consumer content” has the same meaning as in Chapter 3 of Part 4 (see section 74(3));

content that is harmful to children” has the same meaning as in Part 3 (see section 60);

illegal content” has the same meaning as in Part 3 (see section 59);

illegal search content” means search content that is illegal content;

regulated user-generated content” has the same meaning as in Part 3 (see section 55), and references to such content are to content that is regulated user-generated content in relation to the service in question;

search content” has the same meaning as in Part 3 (see section 57);

users” means United Kingdom users (see section 227), except in paragraphs 16(a) and 32(a) where “users” means individuals in the United Kingdom who are users of a service.