New rules for online services: what you need to know

21 November 2023

The Online Safety Act makes businesses, and anyone else who operates a wide range of online services, legally responsible for keeping people (especially children) in the UK safe online.

This page explains:

  1. who the rules apply to;
  2. what they mean;
  3. if they apply to you, what you can do now; and
  4. other important things you should know about the rules.

You can also read:

Who the rules apply to

The rules apply to services that are made available over the internet (or ‘online services’). This might be a website, app or another type of platform. If you or your business provides an online service, then the rules might apply to you.

Specifically, the rules cover services where:

  • people can create and share content, or interact with each other (the Act calls these ‘user-to-user services’);
  • people can search other websites or databases (‘search services’); or
  • you or your business publish or display pornographic content.

To give only a few examples, a 'user-to-user' service could be:

  • a social media site or app;
  • a photo- or video-sharing service;
  • a chat or instant messaging service, like a dating app; or
  • an online or mobile gaming service.

The rules apply to organisations big and small, from large and well-resourced companies to very small ‘micro-businesses’. They also apply to individuals who run an online service.

It doesn’t matter where you or your business is based. The new rules will apply to you (or your business) if the service you provide has a significant number of users in the UK, or if the UK is a target market.

Unsure if the rules apply to you? Our guide will help you check

We've published a short guide that could help you decide if you (or your business) needs to follow the new rules.

You need to assess and manage risks to people's online safety

If the rules apply to your service, then we'll expect you to make sure that the steps you take to keep people in the UK safe are good enough.

Most of the rules haven’t come into force yet – we’re taking a phased approach and we expect the first new duties to take effect at the end of 2024. But you can start to get ready now.

While the precise duties vary from service to service, most businesses will need to:

  • assess the risk of harm from illegal content;
  • assess the particular risk of harm to children from harmful content (if children are likely to use your service);
  • take effective steps to manage and mitigate the risks you identify in these assessments – we will publish codes of practice you can follow to do this;
  • in your terms of service, clearly explain how you will protect users;
  • make it easy for your users to report illegal content, and content harmful to children;
  • make it easy for your users to complain, including when they think their post has been unfairly removed or account blocked; and
  • consider the importance of protecting freedom of expression and the right to privacy when implementing safety measures.

A few businesses will have other duties to meet, so that:

  • people have more choice and control over what they see online; and
  • companies are more transparent and can be held to account for their activities.

It's up to you to assess the risks on your service, then decide which safety measures you need to take.

To help you, we'll publish a range of resources – including information about risk and harm online, guidance and codes of practice.

Find out more about how to carry out an online safety risk assessment

Find out more about our codes of practice

If you think the rules apply to you, you can start getting ready now

Most of the new rules will only come into force in late 2024. But if you think they'll apply to you, here are some things you can start doing now:

Subscribe to updates from us

If you subscribe to email updates, we'll send you the latest information about how we regulate. This includes any important changes to what you need to do. You'll also be the first to know about our new publications and research.

Have your say on how we regulate illegal harms

We're consulting on how businesses need to protect their users from illegal harms online. We expect these requirements to come into force in late 2024.

Read a summary of our proposals (PDF, 367.5 KB) to find out how they affect you. You can also respond to our consultation before it closes on 23 February 2024. Your views will shape our decisions.

Read more about our approach to implementing the Act

Ofcom will implement the new rules in three phases (check the timings below). We explain each phase fully in our approach document.

We will implement online safety regulation (and the fees regime) in three phases. First, duties on illegal harms will become enforceable from around the end of 2024. Second, duties on the protection of children will become enforceable by Summer 2025. Finally, additional duties on categorised services will become enforceable in early 2026.

If you receive an information request from us, respond to it

We'll send you a request for information (or 'information notice') if we need it from you as the regulator. If you get a request, you are legally required to respond to it – and we could take enforcement action against you if you don't. Find out more.

Other important things you should know

Rate this page

Was this page helpful?