Is your charity ready for the Online Safety Act?

Posted on 27 February 2025

Natasha Davies

Solicitor

Louise Sivey

Senior Associate

Emily Wilson

Trainee Solicitor

The Online Safety Act (the “OSA”) imposes a range of duties on in-scope online services, aiming in particular to protect children from harmful content and to protect all users from illegal online content and activity. While the OSA received Royal Assent in 2023, the majority of its provisions will come into force in 2025 with a number of key deadlines (for example, to complete risk assessments) in the coming weeks and months.

In this blog, we discuss how charities can assess whether they are in the scope of the OSA, and if so, what they need to do now to comply with duties under the OSA. Please get in touch if we can assist you – our teams have unrivalled expertise supporting charities and advising them on new regulation.

Who is in scope?

The OSA is far-reaching and imposes obligations on a very wide range of services – not only those services you would expect to be in scope (for example, social media services and video sharing platforms). Ofcom anticipates that over 100,000 online services are likely to be in scope of the OSA, ranging from social media giants to small community forums.[1] While many charities may assume that the OSA does not apply to them, they may in fact be caught by it.

The online services caught by the OSA include (among others) “search services” (i.e. a service that is or includes a search engine) and “user-to-user services”. Broadly, user-to-user services mean platforms or websites that allow a user to post content which can be encountered by other users. This may include, for example, online forums or online instant messaging services. The OSA duties that apply to services within scope vary depending on the type and size of the service. There are also a number of exemptions that may apply.

Ofcom has published an online tool ‘Does the Online Safety Act apply to your service?’ to help online services check if they are caught by the OSA (although the results are indicative only and do not constitute legal advice).

Many charities host online forums or communities on their websites where users can interact and share experiences, support and information directly with each other. Those services are likely to be caught by the definition of user-to-user services and therefore may be subject to new duties under the OSA.

What do in-scope services have to do now?

The duties under the OSA are being introduced in phases, following publication of guidance by Ofcom. We have outlined some of the key duties and deadlines that are likely to apply to some charities below. As we have focused on what will be most relevant to charities, we have not included, for example, additional duties on pornography services or very large user-to-user services.

Phase one – Illegal harms duties

By 16 March 2025, in-scope online services are required to complete an illegal content risk assessment and put in place measures to combat risks identified (see discussion below on some of the measures that should be introduced). The assessment must consider the risk of users encountering illegal harm (including illegal content) and potentially using the service to facilitate or commission illegal content.

The illegal harms safety duties will become enforceable in around mid-March.

As part of these duties, online services are expected to take appropriate and proportionate steps to mitigate the risks that they identified in their illegal content risk assessments. What steps might be taken will depend on the type, severity and probability of any risks identified. Ofcom has published its illegal harms codes, guidance and guidance on enforcement, record keeping and reviews.

Ofcom has sought to reassure small and low risk services that its regulation under the OSA will be proportionate with the most onerous requirements falling upon the largest services with the highest reach and / or those services that are particularly high risk.

However, Ofcom have made clear that even small and low risk services are expected to comply with certain minimum standards. Charities that host online communities should consider implementing several measures to remove illegal content when they become aware of it (but the position will differ depending on the nature of the online service, how many users it has, etc). These include ensuring that:

their forums have easy-to-find, understandable terms and conditions;
they have a complaints tool which allows users to report illegal or harmful material, and an appropriate complaints process to investigate such complaints;
they have the ability to review content and take it down quickly if they have reason to believe it is illegal; and
they have a specific individual responsible for compliance.[2]

In-scope services also need to keep their illegal harm risk assessments up to date (for example, reviewing the risk assessment after substantive changes to the online service).

Phase two – Child safety, pornography and protection of women and girls

The strongest protections in the OSA have been designed for children, so children’s charities and particularly those facilitating online peer to peer support services will need to pay particular attention to the duties in the OSA that relate to children.

By 16 April 2025, in-scope online services that do not have highly effective age assurance already in place, must complete a children’s access assessment which considers whether it is possible for children to access their service and, if so, whether a significant number of children may use or are likely to be attracted to the service.

If an in-scope online service is likely to be accessed by children, then the service must also complete a children’s risk assessment. Ofcom is currently preparing its final guidance on children’s risk assessments which will likely be published later in spring 2025. The relevant services will then have three months to complete the children’s risk assessments and implement measures to combat those risks. Child protection safety duties will become enforceable in around July 2025.

If your organisation requires support to assess whether it is within the scope of the OSA, what duties apply to it, or how to comply with those duties, then please contact Louise Sivey or Natasha Davies.

The material in this article is provided for guidance and general information only and is not intended to constitute legal or other professional advice upon which you should rely. In particular, the information should not be used as a substitute for a full and proper consultation with a suitably qualified professional. Please do contact the Bates Wells team if you require further information.

[1] Helping small services navigate the Online Safety Act – Ofcom

[2] Helping small services navigate the Online Safety Act – Ofcom

Natasha Davies

Solicitor

Louise Sivey

Senior Associate

Emily Wilson

Trainee Solicitor

How to prepare for new changes to consumer law – drip pricing

[The DMCCA came into force on 1 January 2025. It has replaced the Consumer Protection from Unfair Trading Regulations 2008 …

Briefing for Charities & Social Enterprises | 18 March

Our weekly round up of news and updates from across the sector. To help you navigate this week’s content, the …

When the professional becomes personal: balancing expectations for the incoming workplace generation

March 2025 marks the annual “B Corp Month” campaign, which aims to celebrate the 10,000 certified “B Corporations” around the …

The top ten things charities get wrong in whistleblowing cases

Employees in the UK are entitled to certain legal protections in the event that they make a disclosure about wrongdoing …

Employment Rights Bill update

On 4 March 2025, the Government published its responses to five consultations, relating to provisions contained its landmark Employment Rights …

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others