New rules for online services: what you need to know

27 February 2024

The Online Safety Act makes businesses, and anyone else who operates a wide range of online services, legally responsible for keeping people (especially children) in the UK safe online.

This page explains:

  1. who the rules apply to;
  2. what they mean;
  3. if they apply to you, what you can do now; and
  4. other important things you should know about the rules.

You can also read our quick guides to:

Who the rules apply to

The rules apply to services that are made available over the internet (or ‘online services’). This might be a website, app or another type of platform. If you or your business provides an online service, then the rules might apply to you.

Specifically, the rules cover services where:

  • people can create and share content, or interact with each other (the Act calls these ‘user-to-user services’);
  • people can search other websites or databases (‘search services’); or
  • you or your business publish or display pornographic content.

To give only a few examples, a 'user-to-user' service could be:

  • a social media site or app;
  • a photo- or video-sharing service;
  • a chat or instant messaging service, like a dating app; or
  • an online or mobile gaming service.

The rules apply to organisations big and small, from large and well-resourced companies to very small ‘micro-businesses’. They also apply to individuals who run an online service.

It doesn’t matter where you or your business is based. The new rules will apply to you (or your business) if the service you provide has a significant number of users in the UK, or if the UK is a target market.

Unsure if the rules apply to you? We can help you check

Our online tool will help you decide whether or not the new rules are likely to apply to you. Answer six short questions about your business and the service(s) you provide, then get a result.

We are still developing this tool and we welcome your feedback. We will not change the possible results, so feel free to try it now.

You need to assess and manage risks to people's online safety

If the rules apply to your service, then we'll expect you to make sure that the steps you take to keep people in the UK safe are good enough.

Most of the rules haven’t come into force yet – we’re taking a phased approach and we expect the first new duties to take effect at the end of 2024. But you can start to get ready now.

While the precise duties vary from service to service, most businesses will need to:

  • assess the risk of harm from illegal content;
  • assess the particular risk of harm to children from harmful content (if children are likely to use your service);
  • take effective steps to manage and mitigate the risks you identify in these assessments – we will publish codes of practice you can follow to do this;
  • in your terms of service, clearly explain how you will protect users;
  • make it easy for your users to report illegal content, and content harmful to children;
  • make it easy for your users to complain, including when they think their post has been unfairly removed or account blocked; and
  • consider the importance of protecting freedom of expression and the right to privacy when implementing safety measures.

A few businesses will have other duties to meet, so that:

  • people have more choice and control over what they see online; and
  • companies are more transparent and can be held to account for their activities.

It's up to you to assess the risks on your service, then decide which safety measures you need to take.

To help you, we'll publish a range of resources – including information about risk and harm online, guidance and codes of practice.

Find out more about how to carry out an online safety risk assessment

Find out more about our codes of practice

If you think the rules apply to you, you can start getting ready now

Most of the new rules will only come into force in late 2024. But if you think they'll apply to you, here are some things you can start doing now:

Subscribe to updates from us

If you subscribe to email updates, we'll send you the latest information about how we regulate. This includes any important changes to what you need to do. You'll also be the first to know about our new publications and research.

Read more about how we propose to regulate illegal harms

We have consulted on how businesses need to protect their users from illegal harms online. We expect these requirements to come into force in late 2024.

Read a summary of our proposals (PDF, 463.4 KB) to find out how they affect you.

Read more about our approach to implementing the Act

Ofcom will implement the new rules in three phases (check the timings below). We explain each phase fully in our approach document.

We will implement online safety regulation (and the fees regime) in three phases. First, duties on illegal harms will become enforceable from around the end of 2024. Second, duties on the protection of children will become enforceable by Summer 2025. Finally, additional duties on categorised services will become enforceable in early 2026.

Think about updating your terms of service

If you provide a user-to-user service and the rules apply to you, you should consider whether you need to make changes to your terms of service now.

In clear and accessible language, your terms of service must inform users of their right to bring a claim for breach of contract if:

  • content that they generate, upload or share is taken down, or access to it is restricted, in breach of your terms of service; or
  • they are suspended or banned from using the service in breach of the terms of service.

This is set out in section 72(1) of the Act. You might need to think about making further changes to your terms of service, when more of the new rules to protect users from illegal harms online come into force in late 2024.

If you receive an information request from us, respond to it

We'll send you a request for information (or 'information notice') if we need it from you as the regulator. If you get a request, you are legally required to respond to it – and we could take enforcement action against you if you don't. Find out more.

Other important things you should know

Rate this page

Was this page helpful?