Online Safety Act Update: Spring 2025 deadlines for websites hosting user-generated content
Back in September 2024, we provided an overview of the Online Safety Act (the Act) - a major piece of legislation designed to make the internet safer, especially for children. Since then, businesses covered by the Act have had to assess the risks of illegal content on their platforms. With key deadlines approaching in March and April 2025, we’re here to break down the latest updates and key requirements for businesses affected by the Act.
The Online Safety Act introduces significant changes for businesses, particularly those with websites and platforms hosting user-generated content. With critical deadlines approaching in spring 2025, it’s essential for businesses that are affected to understand what’s required to comply and how to avoid penalties.
In this blog, we’ll clarify who is needs to comply with the Act, outline the upcoming deadlines, and offer practical steps businesses can take to comply.
Who needs to comply?
The Online Safety Act primarily applies to businesses that host user-generated content - meaning content that users create, upload, or interact with on an online platform. This includes major platforms like Facebook, X (formerly Twitter), and TikTok, but it also applies to smaller businesses that allow users to post comments, reviews, or other types of content.
For example, if your website features customer reviews, blog comments, or user-uploaded content—even small features like review sections or forums—you’re likely covered by the Act. Even businesses that don’t consider themselves “social media platforms” could still fall within its scope if they enable user-to-user interactions.
Not sure if this applies to you? You can check by completing Ofcom’s online assessment tool.
Upcoming deadlines and key dates for spring 2025
The Online Safety Act sets out multiple compliance deadlines, with several coming up in the next few months. Here are some of the key dates in the near future:
16 March 2025: Deadline for completing the Illegal Content Risk Assessment (ICRA).
17 March 2025: Enforcement of the illegal content safety duties, including measures to remove and mitigate illegal content.
16 April 2025: Deadline for completing the Children’s Access Assessment (CAA), determining if your service is likely to be accessed by children.
July 2025: Full application of child safety duties for services identified as accessible by children.
More deadlines and requirements will follow later in 2025 and beyond. To stay up to date with all key dates and compliance obligations, you can check Ofcom’s official timeline for Online Safety Act implementation here.
Ofcom enforcement: What's changing in March 2025?
The first phase of enforcement under the Online Safety Act will come into effect on 17 March 2025, with a particular focus on illegal content duties. This means that online platforms must proactively assess risks and take steps to prevent users from encountering illegal content.
Key updates include:
• Illegal content risk assessments: Businesses must assess the risks of illegal content appearing on their platforms, such as hate speech, abuse, or other illegal material. You’ll need to identify these risks and take steps to reduce the likelihood of them occurring.
• Mitigation and safety measures: Businesses will be required to implement measures that reduce the risk of illegal content. This could include automated tools, human moderation, or a mix of both to monitor and remove harmful content. You'll also need clear reporting systems so users can flag illegal content.
• Enforcement by Ofcom: Ofcom, the UK’s online safety regulator, will enforce these obligations. Non-compliance can result in hefty fines of up to £18 million or 10% of your global turnover, so it’s important to act now. Ofcom also has the power to hold companies and, in some cases, senior managers criminally liable if they fail to comply with enforcement notices related to specific child safety duties or child sexual abuse and exploitation on their service.
Children’s Access Assessment: Deadline for Completion by 16 April 2025
If your platform is likely to be accessed by children, you must complete a Children’s Access Assessment by 16 April 2025. This is a separate assessment that helps determine whether your service is likely to be used by children, and if so, what additional measures are necessary to protect them.
If your assessment confirms that your platform is child-accessible, or if you fail to complete the assessment, you will need to comply with child safety duties, including:
Children’s risk assessment: You must evaluate the risks of harmful content for children and ensure appropriate safety measures are in place.
Protection measures: Implement measures to prevent children from encountering harmful content, based on your risk assessment findings.
Ofcom will publish its Children’s Safety Codes of Practice in April 2025, and businesses must comply with these codes starting in July 2025.
Preparing for compliance: practical steps for businesses
If your business operates an online platform or service within the scope of the Act, it’s essential to take proactive steps to comply and reduce the risk of enforcement action. Here’s how to get started:
Conduct an Illegal Content Risk Assessment
Evaluate user-generated content on your platform. What type of content do users post? Is there a risk of illegal material being shared or uploaded?
Assess the likelihood of illegal content appearing and document the actions you are taking to prevent it.
Review your current policies and tools for detecting illegal content, and plan improvements where necessary.
Implement Effective Content Moderation and Reporting
Set up or improve your content moderation processes, whether through human moderators, automated tools, or both.
Ensure users have a clear and simple way to report illegal content, and have a process in place for reviewing and removing flagged content quickly.
Review and Update Policies
Ensure your policies outline how you’ll respond to reports of illegal content, how you will moderate content, and how users can appeal decisions.
Provide Training for Your Team
Make sure your team understands their role in compliance by providing training on identifying and handling illegal content.
For example, content moderators will need in-depth training, while customer service teams should be aware of the reporting process and the importance of content safety.
Keep records of all training sessions and internal audits to demonstrate compliance.
Stay Up to Date with Ofcom’s Guidance:
Ofcom will issue detailed guidelines and codes of practice for compliance with the OSA. It’s important to stay updated with these documents to ensure your business meets its legal obligations.
Engage with Ofcom’s resources and update your processes in response to any changes in their guidance.
Conclusion
The Online Safety Act brings important deadlines for businesses in spring 2025. Businesses that host user-generated content, including those with reviews, comments, or forums, must prepare for new requirements to prevent illegal content and protect children.
By conducting risk assessments, implementing moderation measures, updating policies, ensuring your team is trained and staying up to date with Ofcom's guidance, you can avoid fines and stay compliant with the the Act. The clock is ticking, so start preparing now to meet the upcoming spring 2025 deadlines.
Stay informed, assess your risks, and make the necessary changes to ensure a safer online environment for your business and users. For a more detailed breakdown of the Online Safety Act and its requirements, visit the UK government's Online Safety Act explainer.
Tags: online safety act spring deadlines
Ashleigh Evans