UK Online Safety Act 2023: what platforms must do now
Our new resource explains the Act, Ofcom’s early enforcement, and how to prepare.
Summary. The Online Safety Act 2023 imposes duties of care on UK-facing platforms, search services and online publishers. Ofcom has begun active monitoring and investigations, with penalties available up to the higher of £18 million or 10% of global turnover. We have launched a practical hub for in-house counsel covering scope, risk assessments, children’s protections, governance, enforcement process, transparency, and the interface with UK data protection law.
Visit the Online Safety Act Hub
What’s inside the hub
Illegal-content duties
How to run and evidence suitable and sufficient illegal-content risk assessments and implement proportionate mitigations.
Children’s protection and age-assurance
Determining children’s access, selecting “highly effective” age-assurance, and aligning with privacy requirements.
Risk assessments and governance
Ownership, review cycles, KPIs, and record-keeping that withstand Ofcom information notices.
Ofcom investigations and enforcement
What an investigation looks like, response timelines, and penalty mechanics.
Transparency and reporting
When categorised services must publish transparency reports and how to prepare auditable metrics.
Interplay with data protection
Reconciling OSA measures with UK GDPR and the DPA 2018, including DPIAs and data minimisation.
Why now
Ofcom’s implementation is phased, but enforcement activity has started. The most common early risks are weak documentation of assessments, incomplete children’s access analysis, and slow responses to information requests. The hub provides checklists, structure and links to primary materials so legal, product and safety teams can execute with confidence.
Next steps
- Confirm your service classification and update your risk assessments.
- Prepare an Ofcom-ready evidence pack and response playbook.
- Align OSA work with privacy, security and incident-response programmes.