Search Sign in Try for free
14/03/2025

Online Safety Act Update: Spring 2025 deadlines for websites hosting user-generated content

Back in September 2024, we provided an overview of the Online Safety Act (the Act) - a major piece of legislation designed to make the internet safer, especially for children. Since then, businesses covered by the Act have had to assess the risks of illegal content on their platforms. With key deadlines approaching in March and April 2025, we’re here to break down the latest updates and key requirements for businesses affected by the Act.

The Online Safety Act introduces significant changes for businesses, particularly those with websites and platforms hosting user-generated content. With critical deadlines approaching in spring 2025, it’s essential for businesses that are affected to understand what’s required to comply and how to avoid penalties.

In this blog, we’ll clarify who is needs to comply with the Act, outline the upcoming deadlines, and offer practical steps businesses can take to comply.

Who needs to comply?

The Online Safety Act primarily applies to businesses that host user-generated content - meaning content that users create, upload, or interact with on an online platform. This includes major platforms like Facebook, X (formerly Twitter), and TikTok, but it also applies to smaller businesses that allow users to post comments, reviews, or other types of content.

For example, if your website features customer reviews, blog comments, or user-uploaded content—even small features like review sections or forums—you’re likely covered by the Act. Even businesses that don’t consider themselves “social media platforms” could still fall within its scope if they enable user-to-user interactions.

Not sure if this applies to you? You can check by completing Ofcom’s online assessment tool.

Upcoming deadlines and key dates for spring 2025

The Online Safety Act sets out multiple compliance deadlines, with several coming up in the next few months. Here are some of the key dates in the near future:

  1. 16 March 2025: Deadline for completing the Illegal Content Risk Assessment (ICRA).

  2. 17 March 2025: Enforcement of the illegal content safety duties, including measures to remove and mitigate illegal content.

  3. 16 April 2025: Deadline for completing the Children’s Access Assessment (CAA), determining if your service is likely to be accessed by children.

  4. July 2025: Full application of child safety duties for services identified as accessible by children.

More deadlines and requirements will follow later in 2025 and beyond. To stay up to date with all key dates and compliance obligations, you can check Ofcom’s official timeline for Online Safety Act implementation here.

Ofcom enforcement: What's changing in March 2025?

The first phase of enforcement under the Online Safety Act will come into effect on 17 March 2025, with a particular focus on illegal content duties. This means that online platforms must proactively assess risks and take steps to prevent users from encountering illegal content.

Key updates include:

Illegal content risk assessments: Businesses must assess the risks of illegal content appearing on their platforms, such as hate speech, abuse, or other illegal material. You’ll need to identify these risks and take steps to reduce the likelihood of them occurring.

Mitigation and safety measures: Businesses will be required to implement measures that reduce the risk of illegal content. This could include automated tools, human moderation, or a mix of both to monitor and remove harmful content. You'll also need clear reporting systems so users can flag illegal content.

Enforcement by Ofcom: Ofcom, the UK’s online safety regulator, will enforce these obligations. Non-compliance can result in hefty fines of up to £18 million or 10% of your global turnover, so it’s important to act now. Ofcom also has the power to hold companies and, in some cases, senior managers criminally liable if they fail to comply with enforcement notices related to specific child safety duties or child sexual abuse and exploitation on their service.

Children’s Access Assessment: Deadline for Completion by 16 April 2025

If your platform is likely to be accessed by children, you must complete a Children’s Access Assessment by 16 April 2025. This is a separate assessment that helps determine whether your service is likely to be used by children, and if so, what additional measures are necessary to protect them.

If your assessment confirms that your platform is child-accessible, or if you fail to complete the assessment, you will need to comply with child safety duties, including:

  • Children’s risk assessment: You must evaluate the risks of harmful content for children and ensure appropriate safety measures are in place.

  • Protection measures: Implement measures to prevent children from encountering harmful content, based on your risk assessment findings.

Ofcom will publish its Children’s Safety Codes of Practice in April 2025, and businesses must comply with these codes starting in July 2025.

Preparing for compliance: practical steps for businesses

If your business operates an online platform or service within the scope of the Act, it’s essential to take proactive steps to comply and reduce the risk of enforcement action. Here’s how to get started:

  1. Conduct an Illegal Content Risk Assessment

    • Evaluate user-generated content on your platform. What type of content do users post? Is there a risk of illegal material being shared or uploaded?

    • Assess the likelihood of illegal content appearing and document the actions you are taking to prevent it.

    • Review your current policies and tools for detecting illegal content, and plan improvements where necessary.

  2. Implement Effective Content Moderation and Reporting

    • Set up or improve your content moderation processes, whether through human moderators, automated tools, or both.

    • Ensure users have a clear and simple way to report illegal content, and have a process in place for reviewing and removing flagged content quickly.

  3. Review and Update Policies

    • Ensure your policies outline how you’ll respond to reports of illegal content, how you will moderate content, and how users can appeal decisions.

  4. Provide Training for Your Team

    • Make sure your team understands their role in compliance by providing training on identifying and handling illegal content.

    • For example, content moderators will need in-depth training, while customer service teams should be aware of the reporting process and the importance of content safety.

    • Keep records of all training sessions and internal audits to demonstrate compliance.

  5. Stay Up to Date with Ofcom’s Guidance:

    • Ofcom will issue detailed guidelines and codes of practice for compliance with the OSA. It’s important to stay updated with these documents to ensure your business meets its legal obligations.

    • Engage with Ofcom’s resources and update your processes in response to any changes in their guidance.

Conclusion

The Online Safety Act brings important deadlines for businesses in spring 2025. Businesses that host user-generated content, including those with reviews, comments, or forums, must prepare for new requirements to prevent illegal content and protect children.

By conducting risk assessments, implementing moderation measures, updating policies, ensuring your team is trained and staying up to date with Ofcom's guidance, you can avoid fines and stay compliant with the the Act. The clock is ticking, so start preparing now to meet the upcoming spring 2025 deadlines.

Stay informed, assess your risks, and make the necessary changes to ensure a safer online environment for your business and users. For a more detailed breakdown of the Online Safety Act and its requirements, visit the UK government's Online Safety Act explainer.

Tags: online safety act spring deadlines

Ashleigh Evans

14/03/2025
Latest articles

We use cookies

Docue and our partners (e.g. Google — see full list in our Privacy policy ) use cookies and your personal data for:

  • functionality
  • analytics
  • personalised advertising

By clicking "Accept cookies", you consent to the use of cookies and personal data (such as your IP address, browsing behaviour or unique IDs) for these purposes.

You can change your cookie preferences at any time via the Cookies link in the footer.

Privacy policy Terms of use How Google uses your personal data.
Functionality

We use cookies to store information about the logged-in user and the selected language. You cannot disable these cookies.

Security

We use cookies to make the service more secure and to prevent misuse. You cannot disable these cookies.

Advertising

We and our partners (e.g. Google — see the full list in our Privacy policy ) use cookies and your personal data to measure how ads perform and to personalise ads based on your interests and activity across the web. Cookies may also be used for non-personalised ads.

Learn how Google uses your data.
Analytics

We use cookies to understand how users interact with our website.

Personalization

We use cookies to tailor content, such as images or layout, based on your preferences.