UK Online Safety Act Applicability Test

Start with the legal trigger: the Act applies to services that let users post content online or interact with each other, and to search services. If the provider is outside the UK, the Act can still apply where the service has relevant links with the UK, including a significant number of UK users, the UK as a target market, or access by UK users with a material risk of significant harm to those users.

Then check for exclusions before you map duties. The test should say whether the service is a regulated user-to-user service or regulated search service, whether any part of the service is disapplied, and which duties are then triggered, such as illegal content, children safety, age assurance, transparency, complaints, or record-keeping.

Ownership should sit with the team that can change service design, moderation, recommender systems, age assurance, reporting, complaints, terms, or transparency data, with legal and trust-safety review.

Evidence should show service categorisation, illegal-content risk assessment, children access assessment, children risk assessment, mitigation controls, age-assurance decisions, terms/complaints records, and Ofcom reporting readiness.

Most Online Safety Act mistakes happen at the boundary between user-to-user, search, pornography, category, child-access, illegal-content, and transparency duties.

Use this section before launching a user feature, recommender change, moderation change, age-assurance flow, complaint process, or transparency-reporting process.

Use an Online Safety Act workflow that starts with three questions: is the service a user-to-user service or search service, does it have relevant UK links, and is any part exempt or disapplied. If the answer is yes, map the relevant duties and the source text that triggers them.

The output should be a service-scope memo, risk assessment, children access assessment, mitigation plan, age-assurance decision, complaint workflow, or transparency-report evidence pack.