How Ofcom is approaching online safety risk assessments

Mar 14th '23

At the time of writing, the Online Safety Bill has reached the Committee Stage in the House of Lords. Many details of the legislation – including proposed amendments – are still being debated. But it’s clear that the regime will require services in scope of the regulation to better understand the risk of users encountering illegal content, or content harmful to children online. Office of Communications (Ofcom) has published a discussion document on their planned approach to risk assessments (PDF, 355.0 KB).


As currently drafted, the Bill will require all regulated firms to do a risk assessment of illegal content that may appear on their service, ranging from online fraud to terrorism. Services that are likely to be accessed by children will also have to do a risk assessment concerning content which is harmful to children. This is likely to include material such as pornography and content which promotes eating disorders.


While it’ll be up to online services to do their own assessments, our role as the future regulator is to provide them with guidance. Ofcom expect this to explain what content they’re required to focus on, how harmful content might appear on their services, and good risk management practice as a fundamental part of service design and organisational culture. This links to strong governance, and will advocate for risk assessments and risk management to be owned at the most senior levels.


  • Guidance that works for online services big and small

A huge range of services will be in scope of the regime, from one-person microbusinesses to global tech giants. It’s important that our approach to risk assessment guidance accounts for that and does not place an unnecessary burden on smaller or less-resourced businesses.


While there is no one-size-fits-all approach, based on Ofcom research and analysis consider that the following four-step process to risk assessment can be applied by services of all types and sizes:


  • Step one: Establish the context

Establish the risks of harm that need to be assessed. Consult the risk profiles produced by Ofcom, which set out their assessment of key risk factors, and identify any gaps in your understanding and evidence.


  • Step two: Assess the risks

Review evidence about your platform and your risks. Assess the likelihood of harmful content appearing and the severity/impact of harm. In addition, evaluate existing mitigating measures.


  • Step three: Decide measures and implement

Decide how you will comply with the safety duties, including through Ofcom’s Codes of Practice. Identify and measures you need to implement. Record the outcomes of the risk assessment. Implement any new measures.


  • Step four: Report, review and update

Report via relevant governance structures. Monitor the effectiveness of your mitigation measures. Put in place regular review periods for your assessments, recognising any triggers to revisit assessments between these periods.


Ofcom guidance will also cover the kind of evidence they think services should consider in their risk assessments. An important duty is that these assessments are suitable and sufficient. For some, that will mean focusing on materials that Ofcom provides and any relevant data they hold. Others – especially larger services – are likely to have more mature measures and metrics in place for assessing risks of harm to users and the effectiveness of their protections. Ofcom expect these services to do more to ensure their assessments are robust and accurate.


  • International co-operation and next steps

Ofcom is conscious that services will also need to comply with risk-related obligations in different legal jurisdictions – for example, under the EU’s Digital Services Act. So they are working with services and regulatory counterparts abroad to improve international coherence around risk assessments for online safety.


They’ll launch the first consultation on Ofcom’s approach to illegal content risk assessments as soon as they can after their powers commence. A separate consultation on children’s risk assessments will follow.


Ofcom will then issue a statement to finalise their first set of risk assessment guidance on illegal content, and services will be required to carry out their first illegal content risk assessments within three months of its publication.


For more detail on the planned approach to risk assessments and what that means for regulated services, head to the full discussion document (PDF, 355.0 KB).


Source: Ofcom


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Need A Regulatory Marketing Compliance Consultant? A Bit More About Us


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…


You can see our Google reviews here.



Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.


Facebook  Instagram  LinkedIn  Twitter YouTube


Contact us