Check if the Online Safety Act applies to you

09 November 2023

If you or your business provides an online service, like a website or app, then the Online Safety Act might apply to you.

The Act introduces new rules for providers of online services to help keep people in the UK – especially children – safe from illegal and harmful content online.

When deciding if the rules apply to you, there are three important questions to consider:

  1. Does your service have links with the UK?
  2. Do you provide a relevant service?
  3. Do any exemptions apply to your service?

If your answer to the first two questions is yes, and no exemptions apply, then it's likely that the new rules apply to your service.

Your online service has links with the UK if:

  • UK users are a target market for your service; or
  • it has a significant number of UK users.

A 'UK user' is anyone based in the UK who visits or interacts with your service. You might call them a customer, client, subscriber, visitor or something else.

A user could be an individual or an entity (like an organisation). It doesn't matter if they've registered with you (i.e. created an account) or not.

Do you provide a relevant service?

The rules apply to services where:

  • users can create and share content, or interact with each other (the Act calls these ‘user-to-user services’);
  • users can search other websites or databases (‘search services’); or
  • you or your business publish or display pornographic content.

The rules only apply to relevant parts of these services: the parts where users can encounter content generated, uploaded or shared by other users; search multiple websites and databases; and encounter relevant pornographic content. All other parts of a service are not covered by the rules.

Imagine you run a retail website where users can buy your products. This isn't relevant, because there's no way for users to interact with each other.

But what if the same website has a chat forum, where users can write messages to each other? This is relevant, because you're allowing users to interact with each other. So, you should only consider the forum bit when referring to the 'service'.

User-to-user services

A user-to-user service is an online service that allows its users to interact with each other. This includes the ability to generate, upload or share content, such as images, videos, messages or comments, with other users of that online service.

User-to-user services include online services that allow private messaging between users.

To give only a few examples, a 'user-to-user' service could be:

  • a social media site or app;
  • a photo- or video-sharing service;
  • a chat or instant messaging service, like a dating app; or
  • an online or mobile gaming service.

Search services

A search service is an online service that is (or includes) a search engine. A search engine is something that allows a user to search more than one website and/or database.

However, if your online service only searches one website or database, then it does not count as a search service. For example, having a search bar on your website, to help users find content on that website, wouldn't count.

Some online services use or embed a search engine provided by a third party (this is known as a plug-in). If your service has embedded a search engine that a third party controls, not you, then the rules on search services are likely to apply to the third party instead.

Publishing or displaying pornographic content

The Act defines 'pornographic content' as content that was produced solely or principally for the purpose of sexual arousal. This only includes audio, image and video content. It does not include text or written content.

Different parts of the Act will apply depending on whether the pornographic content is published or displayed by the provider of the service, or generated by a user.

Do any exemptions apply to your service?

Some types of user-to-user service are exempt from the Act. Generally, this is either because:

  • there are limits to the ways users can communicate on your online service; or
  • there are limits to the type of content users can generate or share on your online service.

Other services are exempt because they are internal business services, or services provided by a public body, education or childcare provider.

Exemptions based on the type of content

Your online service will be exempt if the only way users can communicate on your online service is by email, SMS, MMS and/or one-to-one live aural communications.

It will also be exempt if users can only interact with content that you (the provider of the service) publish. This interaction could be comments, likes or dislikes, ratings and reviews (including with emojis and symbols).

For example, if you only allow users to comment on blog posts you put on your website, or review the goods or services you sell, then the exemption would apply. But it wouldn't apply if a user can interact with content that another user generates.

Exemptions based on the type of service

Your service will be exempt if:

  • it is an internal business service, including services such as business intranet, content management systems, or customer relationship management systems;
  • it is provided by a public body, such as Parliament, a UK public authority, or foreign government; or
  • it is provided by an UK education or childcare provider.

I think the rules will apply to me – what next?

Most of the new rules will only come into force in late 2024. But if you think they'll apply to you, here are some things you can start doing now:

Subscribe to updates from us

If you subscribe to email updates, we'll send you the latest information about how we regulate. This includes any important changes to what you need to do. You'll also be the first to know about our new publications and research.

Give your views on how we regulate illegal harms

We're consulting on how businesses need to protect their users from illegal harms online. We expect these requirements to come into force in late 2024. Respond to the consultation before it closes on 23 February 2024, to share your views and evidence. Your input will shape our decisions.

Read more about our approach to implementing the Act

Ofcom will implement the new rules in three phases. We explain each phase fully in our approach document.

If you receive an information request from us, respond to it

We'll send you a request for information (or 'information notice') if we need it from you as the regulator. If you get a request, you are legally required to respond to it – and we could take enforcement action against you if you don't. Find out more.

Rate this page

Was this page helpful?