Ofcom has launched an enforcement programme to monitor if services are meeting their Children’s Risk Assessment duties under the Online Safety Act 2023.

As we previously discussed here, all user-to-user and search services were required to carry out a Children’s Access Assessment by 16 April 2025 in order to establish whether they were likely to be accessed by children.

Those services that determined that they were likely to be accessed by children are also required to carry out a Children’s Risk Assessment by 24 July 2025. As we previously discussed here, this entails a four-step process of: (1) understanding content that is harmful to children that needs to be addressed; (2) assessing the risk of harm to children; (3) deciding and recording measures to implement to address these risks; and (4) reporting, reviewing, and updating the assessment.

Ofcom has already written to a number of services to determine if they are complying with their obligations, informing them that they must provide written records of their Children’s Risk Assessments by 7 August 2025. Simultaneously, it has launched an enforcement programme that will monitor more widely whether services are complying with their duties, as well as the extent to which Ofcom’s guidance is being applied by services.

The enforcement programme is expected to continue for at least 12 months, during which time Ofcom may choose to open separate investigations (as it has done in relation to its similar enforcement programme on illegal harms risk assessments, which we discussed here).

To read more, click here.