With Ofcom’s publication this week (16 December 2024) of the Regulatory documents & guidance (Statement: Protecting people from illegal harms online), online providers must take action to start to comply with the new Online Safety Act (OSA) rules. In particular those institutions providing “user-to-user services” will need to assess whether or not they need to act now.
Check if the regulations apply
A practical starting point is the Ofcom online tool “Check if the regulations apply to your service”. (Online Safety Regulation Checker).
Many universities and colleges provide “user-to-user” services. These are defined as online services that allow users to interact with each other by generating, uploading or sharing content, such as images, videos, messages or comments, with other users. This will include online services that allow private messaging between users.
Exemptions
Some limited functionality services are exempt from the Act, for example, where there are restrictions on the ways users can communicate or there are controls on the type of content users can generate or share. If the only way users can communicate is by email, SMS or MMS this is considered exempt from the Act.
If after using this tool it is decided that your activities are “in-scope” the next logical step is to review the “Draft Illegal content Codes of Practice for user-to-user services” – Illegal content Codes of Practice for user to user services.
Specifically the guidance in “Section 3. Index of recommended measures” distinguishes and clarifies what measures need to be taken by “All service providers” from those that need to be taken by “Large or multi-risk services”.
Further education institutions are exempt from the provisions of the OSA although remain bound by their duties to safeguard and promote the welfare of children. Many FE institutions offering higher education courses whether directly caught by the Act or not will see advantages in aligning their online safety policies and practices with the requirements of the OSA (particularly the Guidance on Risk Assessments and Risk Profiles).
What next
From 17 March 2025, those “in scope” services need to start implementing safety measures to mitigate the identified risks. The Ofcom codes of practice set out more than 40 measures that can be taken.
Online Safety Conference
Ofcom are arranging a hybrid/virtual Online Safety Conference between 3-5 February 2025. This conference will include a mix of short practical information sessions and deep dive sessions into topics to support providers on their path to compliance. You can register your interest using this link (The Online safety act explained: How to comply).
Further information
Ofcom Statement: Protecting people from illegal harms online
Unpacking the Online Safety Act 2023: What does it mean for universities?
