Statement: Protecting people from illegal harms online

Today we are publishing our first major policy Statement for the Online Safety regime. 

This decision on the Illegal Harms Codes and guidance marks a major milestone, with online providers now being legally required to protect their users from illegal harm.  

Ofcom published proposals about the steps providers should take to address illegal harms on their services shortly after passage of the Online Safety Act in October 2023. Since then, we have been consulting carefully and widely, listening to industry, charities and campaigners, parents and children, as well as expert bodies and law enforcement agencies. With today’s publication¹, online providers must take action to start to comply with these new rules. The result will be a safer life online for people in the UK, especially children. 

Providers now have a duty to assess the risk of illegal harms on their services, with a deadline of 16 March 2025. Subject to the Codes completing the Parliamentary process, from 17 March 2025, providers will need to take the safety measures set out in the Codes or use other effective measures to protect users from illegal content and activity. We are ready to take enforcement action if providers do not act promptly to address the risks on their services. 

This is further outlined in our Overview document.

Making our documents accessible

We want to thank the large number of stakeholders - from civil society, services of all sizes, experts, and other public sector bodies - who have taken the time to engage with our proposals. 

We are an evidence-based regulator, and we have thoroughly interrogated relevant research and stakeholder responses before setting out the rationale for our decisions. This has been a big task to undertake, with over 130 priority offences and 100K+ services in scope of our regulation.  

The breadth and complexity of this new regime means the document we are publishing today covers many areas. We have therefore taken steps to make it as accessible as possible, including:  

• A summary of our decisions and the user-to-user and search services to which they apply.
• A summary of each chapter, setting out what it is about, stakeholder feedback received, and the decisions we have taken. 

We are also suggesting particular documents different stakeholder might be interested in:

1. Small/medium sized service providers: may want to start with our digital tool when available and review our summary documents where appropriate, before turning to our risk assessment guidance, followed by our Codes (supplemented by our other guidance documents).
2. Civil society organisations: may be particularly interested in the reasoning for our decisions, starting with the Overview, and chapter summaries. They may identify areas of specific interest to read in more detail, for example research on specific harms or information on particular measures.
3. Large service providers: will most likely want to use a combination of all our materials, including the digital tool, but we expect their initial focus to be on the risk assessment guidance, Codes and other guidance documents themselves.
4. Individuals within service providers:
   1. Compliance lawyers may well want to focus on our Codes and guidance documents, particularly our risk assessment guidance.
   2. Trust and safety workers may want to focus on the Register of Risks, Codes on content moderation and search moderation, and the ICJG.
5. Individuals who have a broader interest in online safety: Might wish to begin with the Overview and summary of our decisions.