LONDON – OfCom, the regulatory agency responsible for enforcing the UK’s “Online Safety Act,” published yesterday its first major policy statement for the agency’s new online safety regime. Saying it is “time for tech firms to act,” OfCom called its publication of the first codes of practice and guidance the firing of the “starting gun on new duties for tech firms.”

“For too long, sites and apps have been unregulated, unaccountable and unwilling to prioritize people’s safety over profits,” said Dame Melanie Dawes, OfCom’s chief executive. “That changes from today.”

Dawes added that the “safety spotlight is now firmly on tech firms and it’s time for them to act.”

“We’ll be watching the industry closely to ensure firms match up to the strict safety standards set for them under our first codes and guidance, with further requirements to follow swiftly in the first half of next year,” Dawes said. “Those that come up short can expect Ofcom to use the full extent of our enforcement powers against them.”

In an overview statement also published yesterday, OfCom said online providers “now have a duty to assess the risk of illegal harms on their services,” with a deadline of March 16, 2025.

“Subject to the Codes completing the Parliamentary process, from 17 March 2025, providers will need to take the safety measures set out in the Codes or use other effective measures to protect users from illegal content and activity,” OfCom added in the overview statement. “We are ready to take enforcement action if providers do not act promptly to address the risks on their services.”

OfCom noted the agency “can take enforcement action as soon as the duties come into effect,” adding that while the agency “will support providers to comply with their duties, we won’t hesitate to take early action against deliberate or flagrant breaches.”

“We have the powers to impose penalties of up to £18m or 10% of the provider’s qualifying worldwide revenue (whichever is greater), as well as seeking – in very serious cases – the blocking of services to UK users through a court order,” OfCom added.

The Online Safety Act lists over 130 “priority offences,” split into a variety of categories, including “harassment, stalking, threats and abuse offences, coercive and controlling behavior, intimate image abuse (often referred to as “revenge porn”), extreme pornography, child sexual exploitation and abuse and sexual exploitation of adults.

Information on the types of platforms included within the scope of the Online Safety Act can be found here.

Tim Henning, the executive director of the Association of Sites Advocating Child Protection (ASACP), who has been consulting with OfCom on behalf of industry stakeholders, said in a statement issued yesterday that OfCom’s regulatory initiative represents “a reasonable and thoughtful approach to online child protection.” (By contrast, the Free Speech Coalition has said the prior iterations of the OfCom guidance lacked specificity and clarity.)

“Unlike some ‘child protection’ proposals in the U.S. and elsewhere that are thinly veiled attempts at the outright prohibition of pornography, the UK is leaving the door open for responsible platforms and providers to serve the needs of consenting adults,” Henning said. “By taking an active role in the process, the association can offer guidance on the protocols and technologies that are most suited to this noble task and clarify their limitations and opportunities for improvement.

“We hope that implementing an economically feasible and successful approach to online child protection by the UK will inspire other jurisdictions to find more balanced ways of meeting this universal need,” Henning added. “Enabled by the support of our sponsors, ASACP will advocate for the industry to produce a workable outcome.”

You can read OfCom’s statement in full here.