What the illegal content risk assessment duty means in practice
Under the Online Safety Act, user-to-user services and search services in scope must assess the risks of illegal content on their services and use that assessment to decide what proportionate measures to take. For user-to-user services, section 9 covers illegal content risk assessment duties; for search services, section 26 does the same.
A visitor should first confirm whether the service is a regulated user-to-user service or search service, then check whether it is exempt, and then map the service features and user flows that could expose users to illegal content. The practical outcome should be a recorded decision, an owner, and a review date.
If the service is in scope, the assessment should happen before or when the service becomes subject to the regime, and it should be kept up to date as the service changes. Schedule 3 sets out timing rules for illegal content risk assessments.
- Confirm whether the service is a regulated user-to-user service or a search service, and whether any schedule 1 exemption applies.
- Identify the parts of the service where illegal content could be encountered, disseminated, or amplified.
- Record the assessment owner, evidence, and next review point so the decision can be revisited when the service changes.
Primary legal source for the illegal content risk assessment duty, scope, exemptions, and timing.
Primary legal source for search service duties.
Primary legal source for the timing of assessments.