Information about the UK's Online Safety Act 2023

A place to collate my thoughts and notes about the UK's Online Safety Act 2023, in case they are of use to anyone else.

Everything here is a work in progress, and I update pages, even completely change my mind on things, as my thinking develops.

Nothing on this site is legal advice. Use it at your own risk.

Unless otherwise stated, everything on this site created by Neil Brown is licensed under Creative Commons CC BY-SA 4.0.

This site is not run by, or affiliated with, Ofcom.

---

What is the Online Safety Act?

The Online Safety Act 2023 is a piece of UK legislation.

It covers a lot of things, but the things I'm most interested in here are:

• new rules relating to the operation of "user-to-user" services. In a nutshell, these are services by which one user can see/hear/view content uploaded to the service by another user.
• new rules relating to people posting pornography online.

This is a UK law, but it purports to impose obligations on providers of services outside the UK. We don't know how that will work out in practice.

---

Template / sample terms, and policies and processes

The Online Safety Act requires providers to have in place detailed, specific terms of service, as well as policies and processes.

Here are some template/sample terms, and policies and processes, which might be helpful to small, low risk providers, in preparing their own terms and policies.

• Template/sample Online Safety Act terms
• Template/sample Online Safety Act policies and processes

Children's access assessments

• When to do a children's access assessment for user-to-user services

Sample/template children's access assessments

• My business's self-hosted Jitsi (video conferencing) instance

(I have yet to look at a children's risk assessment.)

---

Illegal content risk assessments

• When to do an illegal content risk assessment for user-to-user services

• Checking if your service meets the entry criteria for user-to-user services

  • Here's an interesting blogpost from irc provider libera.chat, containing excerpts of the legal advice it received in respect of the scope of the OSA.

Sample/template illegal content risk assessments

• My own, self-hosted, single-user, Mastodon instance
• My business's self-hosted Jitsi (video conferencing) instance
• My business's self-hosted email server (which we also use for personal use)
• A blog or website (e.g. WordPress) with comments
• An IRC (Internet Relay Chat) service used to provide customer support
• A mailing list (e.g. the kind of thing that a Linux user group might use, for communications to, and between, members)

---

Part 5: the pornographic content rules

• Who is in scope, and what constitutes "pornographic content"

---

Enforcement, penalties etc.

• Investigations, enforcement, and penalties for Part 3 (user-to-user) services

---

Other resources

A list of resources, including links to the legislation and Ofcom's documents, and other people's notes and guidance.

---

In memoriam

Here's a list of sites and services which have stated that the Online Safety Act 2023 is the reason for their closing, or for geo-blocking UK users.

---

Who runs this?

Neil (web / fedi).

---

This is nothing to do with Ofcom

Ofcom is the UK's telecoms regulator. The UK Parliament gave Ofcom responsibility for aspects of the Online Safety Act (so much of this mess is not the fault of Ofcom (the institution), or the people working at Ofcom).

This site is not run by Ofcom, or affiliated with Ofcom in any way.

Ofcom has plenty of information about online safety on its website.