UPDATE (20/11/23):
The Online Safety Act is now law.
However, much of its detail is still being agreed. Ofcom, the regulator in charge of enforcing the Act, will be defining and publishing detailed Codes of Practice and guidelines in 3 phases.
We've put together a quick guide to the key dates you need to know. Download a copy here.
The UK Online Safety Bill (OSB) has taken significant steps towards becoming law, having now passed through the House of Commons and the House of Lords. As it awaits Royal Assent, which is expected before the end of the year, we'll explore the key elements of this ground-breaking legislation, its implications for various businesses, and how to ensure compliance with its requirements.
What is the Online Safety Bill and its goals?
While the Internet was never really designed with children in mind, today 1 in 3 internet users is a child under 18. For many years regulation has been struggling to keep pace with the rapid evolution of online services and the increasing engagement of minors, which has led to the proliferation of a number of online harms. The OSB is designed to regulate online platforms and search services, imposing a "duty of care" on these businesses to take measures to address potential risks to users. It aims to create a safer digital environment, with a primary focus on protecting children and adults from harmful or illegal content. The Bill is a significant step towards making the UK "the safest place in the world to be online." The legislation is also a template for a number of other similar legislations currently being discussed worldwide including the Kids Online Safety Act (KOSA), expected in the USA in 2024.
Who does it apply to?
The OSB's reach is broad, encompassing various types of businesses from big tech giants to smaller independent platforms:
User to User Content Platforms: Social media, dating sites, gaming companies, and other tech companies and platforms that allow users to generate, upload, or share content.
Search Providers: Services that offer online search functionality.
Pornography Sites: Websites featuring adult content.
It's important to note that the Bill applies to platforms with users in the UK, irrespective of where the business is based. It's estimated it will directly impact over 100,000 organisations, and its implications cannot be underestimated.
Tiers of regulation
The OSB introduces different tiers of regulation for user-to-user platforms and a single tier for search providers. Very large user-to-user services fall into "Category 1" and have additional duties. The precise criteria for Category 1 services are yet to be defined by UK regulator Ofcom, but it's expected to take into account a number of factors including business functionality and size of user base.
Smaller businesses will be impacted too
It’s clear from recent Ofcom action that they intend to also hold the smaller companies accountable for keeping minors safe. It is therefore imperative that impacted businesses prepare for age verification requirements and ensure they offer age appropriate experiences, irrespective of their size.
Key requirements for businesses
Businesses will need to prepare for compliance by addressing the following key requirements:
Risk Assessment: All businesses in scope will need to conduct a comprehensive risk assessment and demonstrate that they’ve considered and taken steps to address potential risks, including the risk of users accessing forms of illegal content and the risk the platform could facilitate certain offences being committed.
If the platform is likely to be accessed by children (as defined by the Age Appropriate Design Code), the business will also need to carry out a Children’s Risk Assessment. These assessments will need to determine the number of their users in different age ranges, the level of risk of exposure to content or features that could be harmful to children and the risk of harm resulting from these.
Content Moderation: Implement systems to identify and remove harmful content, prevent its re-upload, and protect users from accessing it. Platforms will also be required to implement a clear content reporting and complaints procedure.
Age Verification and Assurance: Platforms and services will be required to enforce strict age limits and detail how they implement them. They will need to ensure that age verification and age assurance measures are in place to prevent children from accessing inappropriate content.
Data Minimization and Privacy: Businesses must follow data minimization principles and pay special attention to handling personal data of users, especially minors, while implementing age verification and moderation.
How can Privately help?
Privately offers a range of certified and GDPR-compliant privacy-preserving age assurance and online safety solutions that can help businesses large and small comply with the OSB.
Our age assurance solutions provide a simple and accurate way to determine user age online while maintaining data privacy compliance using on-device biometrics like facial structure and voice analysis. No data is collected and the technology can be used for both children and adults.
Privately’s range of online safety technologies can provide proactive protection for minors by identifying unsafe imagery, bullying or grooming, entirely on the user device, and before such content might be shared on networks with e2e encryption.
Our Solutions can be integrated into apps, games and platforms via very light SDKs.
Visit our Developer site for more technical information https://developer.privately.eu/home
A comparative note: EU Digital Services Act and the Online Safety Bill
It's worth mentioning that businesses falling under the OSB's scope may also need to comply with the EU's Digital Services Act (DSA). The DSA, which takes effect in February 2024, introduces similar requirements for online services. This dual compliance challenge necessitates a thorough understanding of both legislations. You can read more about the Digital Services Act regulation here
Conclusion
The Online Safety Bill is set to reshape the digital landscape in the UK, with a focus on user safety and content regulation. Detailed codes still need to be developed following Royal Assent but it’s likely the requirements of the bill will start to come into force in 2024. To prepare for compliance, businesses need to conduct risk assessments, adopt content moderation measures, and ensure age verification and assurance methods are in place. Privately's age assurance solutions offer a reliable way to meet these requirements, safeguarding user privacy while complying with the law. As the Bill nears Royal Assent, businesses should be proactive in understanding and meeting their obligations to create a safer online environment for all users. To find out how we can help you comply with this new regulation, contact Privately today.