Online Safety Act: Ofcom consults on draft codes to protect children online

The question

What must businesses do to ensure online safety for children under the latest codes of practice published by Ofcom?

The key takeaway

Technology firms must: (i) design their platforms to be safer for children; (ii) ensure strong governance and accountability for children’s safety within their business; and (ii) provide more choice and support for children and their carers. The new codes include over 40 practical steps to keep children safer.

The background

Under the Online Safety Act 2023, Ofcom was tasked with producing comprehensive codes of practice to provide guidance on how businesses can ensure compliance with their statutory obligations. Ofcom’s first consultation focused on measures to generally improve safety in online services. We reported on this development in our Winter 2023 Snapshots. 

The development

On 8 May 2024, Ofcom launched its second consultation which is focused on online safety for children. As part of this consultation, it has released the draft Children’s Safety Codes of Practice, divided into multiple addenda. 

The draft Children’s Safety Codes of Practice set out more than 40 practical steps services must take to keep children safer. To determine the extent of the obligations placed on them, businesses should carry out a Children’s Access Assessment (to determine whether their service is likely to be accessed by children) as well as a Children’s Risk Assessment (to determine the risk of children coming across harmful content on their service).

Based on such assessments, businesses must then implement the practical steps required of them which may include:

• using “highly-effective” age-assurance checks to determine which users are children. Services which contain content harmful to children must prevent children from seeing such content, and this could include preventing children from accessing the entire site or app
• configuring recommender algorithms to filter out harmful content from children’s feeds and allow children to feedback into these systems so they can control what they see
• implementing robust content moderation systems and processes for user-to-user services that children are likely to access.

Tech firms must also implement strong governance frameworks including having a named person accountable for compliance with these codes of practice. Other safety measures include having clear and accessible terms to children and their carers, and making sure children can report harmful content.

Ofcom expects to publish the final version of the Children’s Safety Codes of Practice within a year of the consultation closing. Services can choose to adopt different measures to those suggested in the codes, but they must be able to show that they have appropriate safety barriers in place. 

Ofcom expects to launch a separate consultation later this year on how tools such as AI may be used by online services to assist with their compliance. 

Why is this important?

Ofcom is becoming increasingly militant on the issue of online safety. Ofcom’s CEO Dame Melanie Dawes has said that Ofcom would be publishing league tables “so that the public knows which companies are implementing the changes and which ones are not”. Ofcom has also warned US Big Tech platforms that if they continue failing to acknowledge and address the impact they have on children in the UK who use their services, they may be required to increase the minimum user age to 18. Non-compliance with the Online Safety Act can incur criminal liability in some cases, and Ofcom has powers to fine firms up to 10% of global turnover.

Any practical tips?

In-scope businesses should review the draft codes of practice published here and raise any concerns with the proposed obligations within the consultation period. Ongoing engagement with Ofcom is important as, once finalised, these codes of practice are binding and businesses will then have three months to complete their first Children’s Access Assessment.

In the meantime, businesses should consider how they would start implementing the practices set out in the drafts and any additional resources that may be necessary to do so.

Summer 2024