Applicability GuideScope and Exemptions

UK Online Safety Act Applicability Test

Start with the statutory service test before you build a controls program.

Most wasted compliance work comes from treating a product family as one service when the Act is applied service by service and feature by feature.

Back to main artifactReview sources
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Feb 21, 2026
Updated Feb 21, 2026
Overview

The right order is simple. First test whether you have a regulated user-to-user service, a regulated search service, or provider pornography duties. Then check the exemptions and mixed-service boundaries. Then run the child-access test and only after that move into risk assessment, age assurance, or categorisation work.

Section 1

Start with sections 3 to 5 and the service architecture

The Act applies to search services and services that allow users to generate, upload, or share content or interact with one another. That analysis must be done at the actual service or relevant part of a service, not only at brand level.

Where a product contains several surfaces, document which parts are user-to-user, which parts are search, and which parts are outside scope.

  • Map every product surface to user-to-user, search, provider content, or out of scope
  • Separate the core service from embedded community, chat, or content-sharing features
  • Record whether the duty falls on one service or on distinct service parts
Section 2

Check exclusions before you assume Part 3 duties

Schedule 1 excludes certain services, including internal business services. The legislation also treats some provider pornography scenarios separately, so the right question is not only whether a service is social or searchable, but which chapter and schedule apply.

This is where many teams over-scope the program or miss a narrow but important duty set.

  • Review Schedule 1 exemptions such as internal business services
  • Check whether provider pornography duties under sections 79 to 81 apply
  • Document why each exclusion or special regime does or does not apply
Section 3

Run the child-access test and note future category triggers

If the service is likely to be accessed by children, the child access and child safety regime comes into play. The Act points to section 37 for the meaning of likely to be accessed by children, and the implementation sequence required services to complete children's access assessments before children's risk assessments.

Separately, some services will later be categorised as Category 1, 2A, or 2B. The threshold regulations were laid on 16 December 2024, the register was expected in summer 2025, and further category specific codes were expected from early 2026.

  • Complete a child access assessment where the service could realistically attract children
  • Track category logic separately from base Part 3 duties
  • Reassess scope after product launches, mergers, market expansion, or major UX changes
Recommended next step

Turn UK Online Safety Act Applicability Test into an operational assessment

Assessment Autopilot can take UK Online Safety Act Applicability Test from deciding whether these obligations apply in practice to a reusable workflow inside Sorena. Teams working on UK Online Safety Act can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Assessment workflow
Open Assessment Autopilot for UK Online Safety Act Applicability Test

Start from UK Online Safety Act Applicability Test and turn the guidance into owned tasks, evidence requests, and review checkpoints.

Explore next step
Talk to Sorena
Talk through UK Online Safety Act

Review your current process, evidence gaps, and next steps for UK Online Safety Act Applicability Test.

Explore next step
Primary sources

References and citations

Online Safety Act 2023
legislation.gov.uk
Referenced sections
  • Primary legislation for scope, duties, risk assessment, enforcement, transparency, and complaints provisions.
Online Safety Act explainer
gov.uk
Referenced sections
  • Current government implementation status, deadlines, and plain language explanation of the regime.
Related guides

Explore more topics

UK Online Safety Act Age Assurance Options | Age Estimation, Verification, and Child Access Controls
Grounded age assurance guide for the UK Online Safety Act covering January 2025 pornography guidance, highly effective age assurance.
UK Online Safety Act Checklist | Scope, Risk, Child Safety, Moderation, and Evidence
Audit-ready UK Online Safety Act checklist covering service scope, illegal risk assessment, child access and child risk assessment, moderation, complaints.
UK Online Safety Act Children Safety Duties | Child Access, Child Risk, and Age Assurance
Grounded guide to UK Online Safety Act children safety duties covering section 81 timing, children access assessments, children risk assessments.
UK Online Safety Act Compliance Program | Governance, Controls, and Ofcom Readiness
Program design guide for UK Online Safety Act compliance covering governance, scope, assessments, moderation, age assurance, complaints, metrics.
UK Online Safety Act Content Moderation and Appeals | Complaints, Terms Enforcement, and Redress
Grounded guide to UK Online Safety Act moderation and appeals requirements covering sections 21, 32, 71, and 72, complaints design, terms enforcement.
UK Online Safety Act Deadlines and Compliance Calendar | 2023 to 2026 Milestones
Grounded UK Online Safety Act calendar covering 26 October 2023 enactment, 31 January 2024 offences, 16 December 2024 illegal harms codes.
UK Online Safety Act Enforcement and Penalties | Ofcom Notices, Penalties, and Escalation
Grounded UK Online Safety Act enforcement guide covering Ofcom information notices, senior manager naming, confirmation decisions.
UK Online Safety Act FAQ | Scope, Child Duties, Categories, and Ofcom Enforcement
Practical FAQ on the UK Online Safety Act covering who is in scope, what changed in 2025, child access and risk assessments, age assurance, category duties.
UK Online Safety Act Illegal Content Duties | Illegal Harms, Priority Offences, and Risk Assessments
Grounded guide to UK Online Safety Act illegal content duties covering user-to-user and search services, illegal content risk assessments.
UK Online Safety Act Penalties and Fines | GBP 18 Million, 10 Percent Revenue, and Liability
Grounded penalty guide for the UK Online Safety Act covering the GBP 18 million or 10 percent worldwide revenue cap.
UK Online Safety Act Requirements | Sections, Deadlines, Controls, and Evidence
Detailed UK Online Safety Act requirements guide mapping scope, illegal content duties, child safety duties, terms enforcement, complaints, categorisation.
UK Online Safety Act Risk Assessment Template | Illegal Content and Child Safety Template
Practical UK Online Safety Act risk assessment template covering service profile, harms inventory, controls, residual risk, child access, child safety.
UK Online Safety Act Risk Assessments Playbook | How to Run Illegal and Children Risk Reviews
Operational playbook for UK Online Safety Act risk assessments covering sequencing, ownership, evidence collection, control design.
UK Online Safety Act Service Scope and Categorization | Category 1, 2A, 2B, and Part 3 Logic
Grounded service scope and categorisation guide for the UK Online Safety Act covering Part 3 logic, likely to be accessed by children, Category 1, 2A.
UK Online Safety Act vs EU Digital Services Act | Scope, Child Safety, and Enforcement Differences
Practical comparison of the UK Online Safety Act and the EU Digital Services Act covering regulated service models, illegal content frameworks.