Balancing digital growth with harm prevention is a constant struggle. A recent attempt to mitigate such harm has emerged through the Online Safety Act (OSA) 2023. OSA became law in October 2023 and has since been brought into effect in stages, with key aspects implemented in March and July 2025. It is expected that OSA will be fully implemented in 2026. Many organisations and individuals are unfamiliar with their new obligations under OSA, but ignorance is not bliss and failure to comply can result in heavy penalties. 

Does it apply to you? 

The OSA applies to regulated “usertouser” and “search” services as well as services that publish or display pornographic content. You’re likely in scope if:

1. a user can encounter content (for example, messages or images) that has been generated, uploaded or shared by another user on your platform. This is known as a user-to-user service and could take the form of a dating app or social media site
2. a user can search other websites or data bases via your platform (search)
3. your business publishes or displays pornographic content. 

You can still be caught by OSA even if your business is not based in the UK, provided it has links to the UK (for example, you have UK users or target the UK market).

Here’s what you should do

If you’re in scope, you should immediately assess the risk of harm to users from illegal content (such as child sex abuse material), and the risk of harm to children from harmful content (such as self-harm material) if children are likely to use your service. This should take the form of structured risk assessments. 

You’ll then need to take effective, proportional steps to manage and mitigate the risks you identify. This could take the form of removing illegal content, having clear reporting mechanisms for your users to voice their concerns about content, and amending your terms of use to clearly address your approach to online safety.

Penalties you could face

If you fail to comply with OSA, you can face large fines. Ofcom can impose financial penalties up to £18 million or 10% of qualifying worldwide revenue, whichever is higher. 

How you stay compliant in practice

To stay compliant, you should treat online safety as an ongoing project and regularly review and improve your risk assessments and safety measures. 

If you operate a social media platform, messaging app, online marketplace, online gaming service or any platform where users can post and search content, OSA may well apply to you. If you’re unsure, don’t risk it. Get in touch with our commercial and technology team for guidance and support.