verified_user
Standardful
Homechevron_rightStandardschevron_rightUK Online Safety Act 2023
ActiveInternational Standardupdate Standard Updated: July 2025fact_check Fact checked: Jun 28, 2026

UK Online Safety Act 2023

Online Safety Act 2023 (c. 50) — Duties of Care for User-to-User and Search Services

apartmentPublishing Organization:Office of Communications (Ofcom)

Standard Introduction

UK Online Safety Act 2023 is an active standard published by Office of Communications (Ofcom). It is commonly used across Technology, Services, Telecommunications and applies in United Kingdom.

Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with UK Online Safety Act 2023.

Implementation Roadmap

1
Phase 1schedule Duration: 2-6 weeks

Define UK Online Safety Act 2023 scope

Identify the regulated user-to-user and search services in scope, the legal or customer obligations that apply, accountable owners, affected products or services, jurisdictions, suppliers and evidence expectations. Confirm coverage for service scope, UK user exposure, illegal-content duties, child-safety duties, risk assessments, codes of practice, complaint and appeal routes, age-assurance controls, reporting and Ofcom notices.

2
Phase 2schedule Duration: 4-10 weeks

Assess obligations and gaps

Compare current design, operations and documentation against UK Online Safety Act 2023. Review service scope, UK user exposure, illegal-content duties, child-safety duties, risk assessments, codes of practice, complaint and appeal routes, age-assurance controls, reporting and Ofcom notices, then prioritise gaps by safety, legal exposure, market-access impact, customer commitments, reporting deadlines and assurance readiness.

3
Phase 3schedule Duration: 8-24 weeks

Implement controls and evidence

Deploy the procedures, technical controls, testing, training, supplier controls, review gates and operating records needed for UK Online Safety Act 2023. Maintain service inventories, risk assessments, safety-control decisions, age-assurance records, moderation and recommender-system records, complaints logs, transparency data, governance minutes and Ofcom correspondence as traceable evidence.

4
Phase 4schedule Duration: Ongoing

Review, verify and maintain

Run management review, internal checks, retesting or independent assessment where appropriate. Refresh the program when products, services, suppliers, standards, regulations, incidents, customer commitments or market-surveillance expectations change.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and records

checklist Monitoring and assurance

Frequently Asked Questions

Who needs UK Online Safety Act 2023?

expand_more

UK Online Safety Act 2023 is relevant to organizations that design, manufacture, import, distribute, operate, certify, test or procure regulated user-to-user and search services. Exact applicability depends on the product or service scope, jurisdiction, role in the supply chain, customer commitments and the specific obligations triggered by the standard or regulation.

Is UK Online Safety Act 2023 certifiable?

expand_more

It is a statutory UK regime supervised by Ofcom, not a voluntary certification. Some controls can be independently assessed, but compliance is demonstrated through risk assessments, records, safety systems and responses to Ofcom information requests.

What should a UK Online Safety Act 2023 implementation start with?

expand_more

Start by defining scope and accountable owners, then map the applicable requirements to existing products, services, systems, suppliers and evidence. A focused gap assessment should identify missing tests, records, procedures, labels, declarations, risk assessments or assurance steps before detailed remediation begins.

What evidence is useful for UK Online Safety Act 2023?

expand_more

Useful evidence includes service inventories, risk assessments, safety-control decisions, age-assurance records, moderation and recommender-system records, complaints logs, transparency data, governance minutes and Ofcom correspondence. Evidence should be version-controlled, traceable to requirements and owners, retained for the required period and ready for customers, auditors, certification bodies, regulators or market-surveillance authorities.

How often should UK Online Safety Act 2023 compliance be reviewed?

expand_more

Review it on a planned cycle and whenever products, services, suppliers, manufacturing sites, legal requirements, harmonised standards, test methods, incidents, customer commitments or market access assumptions change. High-risk products and regulated services should also be reviewed after complaints, field failures or regulator guidance.

Official Documentation

View All

Related Categories