HomeInsightsOnline Safety Act: Ofcom amends regulatory guidance to reflect new priority offences

Ofcom has published a statement confirming changes to its Illegal Harms regulatory documents and guidance to reflect the introduction of new priority offences under the Online Safety Act 2023 (OSA). While the changes do not create new duties under the OSA, they update Ofcom’s regulatory framework so that providers’ risk assessments and mitigation measures reflect the newly designated priority offences.

Under the OSA, priority offences relate to the most serious forms of illegal online content, in relation to which regulated services must take specific proactive measures to prevent such content appearing on their platforms in the first place, and for which they should have proportionate systems in place to minimise the length of time during which it is present.

As we have commented upon previously, the Government created two new priority offences at the end of last year: (1) encouraging or assisting serious self-harm; and (2) cyberflashing. In response, Ofcom consulted on proposed changes to its regulatory framework, including proposals to merge the existing priority offence of encouraging or assisting suicide with that of encouraging or assisting self-harm, and updates to its Risk Assessment Guidance and Codes.

Ofcom has now confirmed these changes, publishing updates to its Risk Assessment Guidance and Risk Profiles, the Illegal Harms Register of Risks, the Illegal Content Judgements Guidance, and the Record Keeping and Review Guidance. It has also set out what these updates mean in practice for regulated services, stating that:

 

  • Regulated services must review and update their illegal content risk assessments to assess the risks of content relating to the new priority offences appearing on their service. Suicide and self-harm must both be assessed and assigned one overall risk level;

 

  • Providers also need to separately assess risks of cyberflashing and assign a risk level for this harm;

 

  • Risk assessments need to be updated to take into account the revised Risk Profiles when assessing the risks of suicide, self-harm, and cyberflashing content on their service; and

 

  • Providers with the relevant risks and characteristics should apply the measures recommended in the Codes to mitigate the risks of suicide and self-harm and cyberflashing, or take alternative effective measures to manage these risks.

 

To read the Statement in full, click here.