Government guidance states that any website, app or gaming lobby where one user’s post can reach another now carries a legal safety duty. That duty applies once a service has many UK users or targets the UK market, even if the company sits on another continent. Micro startups face the same core rules as global networks, size only alters the extra paperwork, not the basic obligation to keep harmful material off the screen.
The Act splits services into “user-to-user” and “search” groups. User-to-user covers everything from dating apps to home-baking forums. Search applies when the tool scans more than one database. Both groups must run constant risk reviews, publish clear rules and act fast when danger appears, the guidance says.
The Open Rights Group’s May 2025 handbook adds another tier. Ofcom plans 3 categories and they are:
- the biggest social sites (Category 1)
- the largest search engines (2A)
- mid-sized social services (2B)
Each tier brings added transparency demands such as public risk summaries and yearly reports on algorithms. Charities are lobbying for lower user thresholds so that smaller websites move into the tougher tiers, the handbook notes.
How Should Companies Deal With Illegal Content?
Ofcom’s roadmap released last year sets out a clear timeline. By 16 March 2025, platforms had to finish an illegal content risk assessment. From 17 March onward, they had been expected to run “appropriate safety measures”, for example, filters for terrorist imagery or fraud schemes, and to show proof on request.
The Act asks each platform to study how its feed, ranking tools and business model might let criminal posts spread. After that study, firms must redesign features that raise the risk. Government guidance stresses that this redesign must happen before a new layout or tool goes live, not after a scandal.
David Sant, a senior commercial technology solicitor, points out that Ofcom has already launched its first investigation using these powers. He warns boards that fines can reach £18 million or 10% of global turnover, whichever is greater, and that early enforcement makes the risk real rather than theoretical.
Why Do Child Safety Rules Tighten This Summer?
Ofcom’s final note on children’s risk assessments gives services that children might visit until 24 July 2025 to file a full review of bullying, violent clips, self-harm posts and more. If Parliament approves Ofcom’s child-safety codes a day later, platforms must match them, or prove an equally strong alternative, without delay.
Adult sites face even stricter timing. Section 81 already forces them to run “highly effective” age checks. The Ofcom note confirms that these checks need to block under-18s at the front gate, not halfway through a video.
More from Business
- 5 Compliance Risks Every Company Should Know
- How Technology Is Shaping the Future Of Compliance
- The Role of Compliance in Preventing Corporate Fraud
- Is It Possible To Automate Your Customer Service?
- Top Industries for Investment in Syria
- UK Sees Spike In Solar Power: Who Are The Startups Leading The Charge?
- Top Industries for Investment in Thailand
- 7 Industries That Benefit Most From VoIP Phone Systems
What Are The Stakes For Business Leaders?
Financial exposure– A single breach can trigger a penalty of up to 10% of worldwide turnover. That figure eclipses headline fines under earlier UK tech laws and can wipe out annual profit for many firms.
Criminal liability– Directors who stonewall an Ofcom request risk prosecution. The watchdog may also seek court orders that stop payment processors and advertisers working with a rogue site, cutting off income overnight.
Product delays– Every new feature that lets users interact needs a fresh risk assessment. Development teams must build safety reviews into release cycles or watch launch dates slip.
Brand damage– Sant argues that parents, teachers and investors now track safety records as closely as data-breach history. A public Ofcom probe can chill user growth faster than any fine.
Operational costs– The Open Rights Group estimates that sustained compliance will bring new hires in trust and safety, policy and engineering. While the biggest platforms already fund such teams, mid-tier firms may need to raise budgets quickly.
The government guidance frames the Act as a child protection measure, yet the rules touch every corner of online business. Legal duty, financial risk and public pressure now travel together. Companies that map their risks, document every decision and adjust their designs early stand the best chance of keeping both Ofcom and their users on side.
