Ofcom has warned online platforms that they must put “safety by design front and centre of their operating models” as they prepare their Year Two Risk Assessments under the Online Safety Act 2023 (OSA).

Under the OSA, regulated services are required to conduct illegal content risk assessments and, if applicable, children’s risk assessments. This is the second year that services have been required to conduct such assessments, and Ofcom has reminded providers that they should “review their risk assessments at least once a year, and must update them before making any significant change to their service’s design or operation, or if Ofcom makes any significant change to its assessment of risks”. For example, we have discussed here the introduction of new priority offences and what that will mean for services in terms of assessing and monitoring certain risks.

According to Ofcom, some of the risk assessments that it reviewed last year raised “serious concerns” and prompted revised versions to be submitted. Similarly, fines were issued and action taken against firms that failed to respond to information requests in an “accurate, complete, and timely way”.

This year, Ofcom expects matters to improve. To that end, and in order to “keep up the pressure”, it has issued formal information requests to more than 70 of the “largest and riskiest sites”, asking for their risk assessments by 31 July 2026.

While Ofcom says that the responses it receives will help it to “identify gaps in risk assessments and drive improvements”, the issuing of formal notices sends a clear message: that services are being closely monitored to ensure that they comply with their regulatory requirements in relation to risk assessments and face the possibility of enforcement action if they fall short.

To read more, click here.