Ofcom's approach to implementing the Online Safety Act

An update on online safety implementation plans 

The Act makes companies that operate a wide range of online services legally responsible for keeping people, especially children, safe online. These companies have new duties to protect UK users by assessing risks of harm, and taking steps to address them. All in-scope services with a significant number of UK users, or targeting the UK market, are covered by the new rules, regardless of where they are based.

We have completed our initial Illegal Harms and Protection of Children Codes, and begun enforcing these key pillars of the Online Safety Act. We have now published proposals for a set of additional safety measures to strengthen these initial Codes.

We continue to gather input from civil society, strategic partners including law enforcement, other regulators in the UK and overseas, and expert bodies to support our implementation of the new rules. The voice and perspective of online users is critical to what we do and we will continue to engage and listen to children, families and those with lived experience of online harm to help shape and inform our work.

Services need to act to comply with their duties

We have published Codes of Practice and guidance on how in scope companies can comply with their duties. If you provide an online service, there are actions you must take when duties come into force. The ‘important dates for online safety compliance’ page explains the important milestones.

Over the remainder of this year, our key milestones include:

• Industry fees. On Thursday 26^th June, we published our Online Safety fees and penalties statement.  
• Report on Researcher Access. The Act requires us to publish a report, considering how independent researchers can access information from regulated online services to conduct research into online safety matters. We will publish this in July 2025, following our consultation published at the end of 2024. Our report will assess the current status of researcher access, issues constraining access and the extent to which greater access might be achieved for independent researchers studying online safety issues.
• Categorisation and additional duties on categorised services. We have been working towards publication of the register of categorised services in summer 2025. The secondary legislation laid by the Government which sets the thresholds that will determine which services are categorised is currently subject to legal challenge. We will monitor this closely, provide an update when we know more about any potential impact of this challenge on our work, and publish the register as soon as possible thereafter. In the meantime, we will publish the final version of our transparency reporting guidance in July 2025, having consulted on this guidance in 2024.
• The Online Information Advisory Committee will publish its first report no later than November 2026.
• Guidance on a safer life online for women and girls. In February 2025, we published draft guidance, setting out nine areas where technology firms should do more to improve women and girls’ online safety by taking responsibility, designing their services to prevent harm and supporting their users. We received over 100 responses from civil society groups, academics, industry and other experts. We expect to publish the final guidance by the end of 2025. We will publish an assessment of how providers are keeping women and girls safe on their services around 18 months after we finalise the Guidance. In parallel with driving change through our Guidance, we’ll also continue to engage with service providers to ensure they are meeting their legal responsibilities. They need to protect users from illegal harms like intimate image abuse and stalking, and protect children from abusive, hateful and violent content. We are also continuing to work with front line organisations and other experts in online gender-based harm to inform our work.  
• Launch of the super-complaints regime, in line with the Act and recent Government regulations. This will enable eligible entities to raise systemic issues that arise across services or, in exceptional circumstances, on one service, to our attention. We expect to consult on draft guidance for potential super-complainants in September 2025 and publish our final guidance in early 2026.
• Technology Notices. We have consulted on policy proposals for minimum standards of accuracy for accredited technology that deals with CSEA and/or terrorism content. We have also consulted on draft guidance to providers on how we propose to exercise our Technology Notice function. We plan to submit final advice on minimum standards of accuracy to the Secretary of State and publish final guidance by Spring 2026. We will also publish our second annual report on the exercise of the Technology Notice functions by January 2026. After the Secretary of State has published the minimum standards of accuracy, Ofcom will start a process to accredit technologies as having met them.
• Statutory reports. The Act requires us to produce a number of reports with statutory deadlines:
  • We will publish our report on Highly Effective Age Assurance by July 2026,
  • We will publish our report on content harmful to children by October 2026,
  • We will publish our report on App stores by January 2027.

Progress update on implementing the Online Safety Act  

Update on online safety implementation plans 30 June 2025 (PDF, 164 KB)

Ofcom's approach to implementing the Online Safety Act (PDF, 565 KB)

Dull Ofcom o roi’r Ddeddf Diogelwch Ar-lein ar waith (PDF, 540 KB)