The illegal content duties under the Online Safety Act 2023 (“OSA”) are now in force. With effect from 17 March 2025, online platforms must now, amongst other things, implement appropriate measures to remove illegal content quickly when they become aware of it and reduce the risk of ‘priority’ criminal content from appearing on their platforms.
Ofcom has said: “In the coming weeks and months, we will be assessing platforms’ compliance with their new illegal harms obligations under the [OSA], and launching targeted enforcement action where we uncover concerns.”
Ofcom has identified assessing compliance with safety duties in connection with child sexual abuse material (“CSAM”) as one of its early priorities for enforcement and, on the same day the illegal content duties came into effect, it launched an enforcement programme focused on tackling CSAM on file-sharing services.
File-sharing and file-storage services are particularly vulnerable to CSAM distribution. Among the 40 safety measures outlined in Ofcom’s illegal harms codes of practice, it is recommended that high risk file-sharing services use automated moderation technology, such as ‘perceptual hash-matching’. This technology helps platforms detect and remove harmful content by comparing image hashes (unique digital fingerprints) to known CSAM databases.
As part of its enforcement programme, Ofcom will be reviewing the safety measures adopted by file-sharing and file-storage providers. Several services have been notified that they will soon receive formal information requests regarding their measures to tackle CSAM, requiring them to submit their illegal harms risk assessments. These requests will assess if they are in scope of the OSA, evaluate their current and planned measures to identify, assess and remove known image-based CSAM, and require them to provide a record of their illegal content risk assessments. Additionally, Ofcom sent advisory letters to other providers of file-sharing and file-storage services to inform them of their duties under the OSA. This marks the beginning of further engagement with these services.
In its press release, Ofcom warns: “If any platform does not engage with us or come into compliance, we will not hesitate to open investigations into individual services. We have strong enforcement powers at our disposal, including being able to issue fines of up to 10% of turnover or £18m – whichever is greater – or to apply to a court to block a site in the UK in the most serious cases.”
Ofcom has been working closely with law enforcement agencies and organisations such as the Internet Watch Foundation (IWF), the Canadian Centre for Child Protection (C3P), and the National Centre for Missing and Exploited Children (NCMEC) to identify the file-sharing and file-storage services at highest risk of hosting image-based CSAM and assess their safety measures.
This marks Ofcom’s third enforcement programme of the year. Following its January crackdown on age assurance measures in the adult sector, Ofcom launched its second enforcement programme in March, requiring certain services to submit their illegal harms risk assessments (for more details on this, read our Law-Now article). Further enforcement programmes are expected in the coming weeks.
Suzanne Cater, Enforcement Director at Ofcom said: “Platforms must now act quickly to come into compliance with their legal duties, and our codes are designed to help them do that. But, make no mistake, any provider who fails to introduce the necessary protections can expect to face the full force of our enforcement action.”
Comment
Ofcom has clearly signalled that it is ready and willing to use its new enforcement powers under the OSA. It will no doubt want to be seen to be taking a tough stance on non-compliance in the wake of public criticism of its implementation of the OSA, such as that from the parents of Molly Russell, the 14 year old girl who took her own life after viewing images promoting self-harm and suicide on social media, who has claimed the implementation has been “a disaster” and the regulator has “fundamentally failed to grasp the urgency and scale of its mission”.
On the other hand, it will be interesting to see the impact, if any, the Trump/Musk effect will have on enforcement. The Trump administration has been very outspoken on its views of UK and EU regulation in recent weeks, which it sees as impinging on free speech and penalising US tech companies. There have been fears expressed that the OSA could become a bargaining chip in negotiations about tariffs being imposed on British exports to the US. The UK Government has so far appeared to stand behind its online safety standards. However, time will tell if Ofcom’s enforcement ambitions are tempered in the face of taking on the US big tech companies which have been emboldened by their relationship with Trump.
If you are keen to find out more about the OSA and how it applies to your business, please contact one of the CMS team.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our Privacy Notice.