Insights Online Safety Act 2023: new criminal offences come into force


On 31 January 2024, the Government published a Circular summarising the criminal offences under the Online Safety Act (“OSA”).  These include offences by individuals as well as by corporate bodies.

The “communications offences” came into force on 31 January 2024 and include:

  • Sending a message with information the sender knows to be false with the intention of causing non-trivial psychological or physical harm to a likely audience without reasonable excuse.
  • Sending a message with a threat of death, serious injury, rape or serious financial loss where the sender intends the recipient to fear that threat will be carried out (or is reckless as to whether the recipient has such fear).
  • Sending or showing an electronic communication with flashing images with the intention to cause harm to a person with epilepsy.
  • Communicating, publishing or showing material capable (and with the intention) of encouraging or assisting the serious self-harm of another, even if the sender cannot identify the recipients and even if the self-harm does not occur.
  • Intentionally sending or giving images of any person’s genitals to another person with the intention to cause the recipient alarm, distress or humiliation, or for the purposes of sexual gratification whilst reckless as to whether the recipient will be caused alarm, distress or humiliation.
  • Four offences in relation to intentional sharing or threatening to share intimate images without consent, which do not necessarily require proof that the sender intended to cause alarm, distress or humiliation.

Providers of internet services by which any such messages are sent are not liable under these offences and certain exemptions apply to news publishers, broadcasters, and providers of on-demand programme services. These offences can be committed outside the UK but only if committed by an individual who habitually resides in the UK. The offence can be committed by a body incorporated under UK law and, in certain cases, directors and managers can be held criminally liable.

The Circular also summarises the offences that relate to service providers that fall within the scope of the OSA which, apart from the offence set out in the first bullet below, came into force on 10 January 2024:

  • Knowingly or recklessly providing materially false information concerning detected and unreported child sexual exploitation and abuse to the National Crime Agency as required under s.69 OSA.
  • Failure to comply with an information request from Ofcom or, when in receipt of an information request, providing materially false information to Ofcom, providing encrypted information to Ofcom such that Ofcom cannot understand it, or suppressing, destroying or altering of any information required to be provided. Senior managers can be criminally liable if they fail to take all reasonable measures to prevent the offence being committed.
  • In response to an audit notice from Ofcom, providing false information knowing or being reckless as to whether it is false, and intentionally suppressing, destroying or altering information required to be provided.
  • Preventing someone copying a document or, in respect of an interview by Ofcom, failing (without reasonable excuse) to attend or participate and knowingly or recklessly providing false information.
  • Failure to comply with the requirements of a confirmation decision that relate to the duties to protect children under the OSA without reasonable excuse.

All the above offences carry potential penalties in the form of fines, imprisonment or both.

For more information, click here and here.