--- title: "UK Online Safety Act FAQ" canonical_url: "https://www.sorena.io/artifacts/uk/online-safety-act/faq" source_url: "https://www.sorena.io/artifacts/uk/online-safety-act/faq/items" author: "Sorena AI" description: "Practical guidance for the UK Online Safety Act FAQ, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "UK Online Safety Act" - "FAQ" - "UK Online Safety Act FAQ" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # UK Online Safety Act FAQ Practical guidance for the UK Online Safety Act FAQ, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *UK* *FAQ* ## UK Online Safety Act FAQ Use this FAQ to answer recurring UK Online Safety Act implementation questions with source-linked operational guidance, clear owners, and reusable evidence. Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation. This page explains the most common UK Online Safety Act questions in plain English. Use it to decide whether a service is in scope, what duties matter first, and when Ofcom can enforce the regime. ## Browse sub-FAQ modules ### [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md) UK Online Safety Act guidance for Regulated Service Scope, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [UK Online Safety Act Ofcom enforcement: penalty tiers, investigations, and senior manager liability](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md) UK Online Safety Act guidance for Ofcom Enforcement, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md) UK Online Safety Act guidance for Age Assurance, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md) UK Online Safety Act guidance for Categorisation, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md) UK Online Safety Act guidance for Children's Access Assessment, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md) UK Online Safety Act guidance for Ico Overlap, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Illegal Content Risk Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md) UK Online Safety Act guidance for Illegal Content Risk Assessment, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Moderation And Appeals under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/moderation-and-appeals.md) UK Online Safety Act guidance for Moderation And Appeals, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about Senior Manager Liability under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/senior-manager-liability.md) UK Online Safety Act guidance for Senior Manager Liability, with practical decisions, evidence, edge cases, and external source citations. - 4 items ### [What should teams do about Transparency Reporting under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/transparency-reporting.md) UK Online Safety Act guidance for Transparency Reporting, with practical decisions, evidence, edge cases, and external source citations. - 3 items ### [What should teams do about User-to-user And Search Services under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/user-to-user-and-search-services.md) UK Online Safety Act guidance for User-to-user And Search Services, with practical decisions, evidence, edge cases, and external source citations. - 3 items Browse all indexed questions: [/artifacts/uk/online-safety-act/faq/items](/artifacts/uk/online-safety-act/faq/items.md) ## All FAQ items *Page 1 of 2. Showing 20 of 34 items.* ### [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md#how-should-teams-decide-whether-uk-online-safety-act-applies) *Module: [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md)* Teams should treat Regulated Service Scope under the UK Online Safety Act as a source-linked operating decision: first decide whether the service is in scope or exempt, then confirm which duties are triggered, assign the team that can change the process, and keep evidence showing the decision and review trigger. - Write the Regulated Service Scope decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Explains the Act's service-scope purpose and supports the first regulated-service scoping decision. - [Online Safety Act 2023](https://www.legislation.gov.uk/ukpga/2023/50/contents?ref=sorena.io) - Primary legislation for exempt services in Schedule 1. ### [What evidence should teams keep for Regulated Service Scope under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md#what-evidence-should-teams-keep-for-regulated-service-scope-under-the-uk-online-safety-act) *Module: [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - Evidence support for the FAQ answer. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Evidence support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Evidence support for the FAQ answer. ### [Which mistakes create risk when handling Regulated Service Scope under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md#which-mistakes-create-risk-when-handling-regulated-service-scope-under-the-uk-online-safety-act) *Module: [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, exemptions, child access, illegal content duties, code measures, age assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Risk and boundary support for the FAQ answer. ### [What does Ofcom enforce under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md#what-does-ofcom-enforce-under-the-uk-online-safety-act) *Module: [UK Online Safety Act Ofcom enforcement: penalty tiers, investigations, and senior manager liability](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md)* Teams should treat Ofcom Enforcement under the UK Online Safety Act as a source-linked operating decision: confirm whether the service is in scope and which illegal-content, children-safety, age-assurance, user-empowerment, transparency, complaints, risk-assessment, or Ofcom Enforcement duty is triggered, assign the team that can change the process, and keep evidence showing the action and review trigger. - Write the Ofcom Enforcement decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - GOV.UK collection source used to identify official Online Safety Act materials relevant to Ofcom enforcement planning. - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - GOV.UK strategic priorities source used to support Ofcom enforcement readiness through risk- and evidence-based compliance expectations. - [UK Government - Online Safety Act implementation and enforcement letter](https://www.gov.uk/government/publications/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom?ref=sorena.io) - GOV.UK ministerial letter source used to support implementation and enforcement context between DSIT and Ofcom. ### [What evidence should teams keep for Ofcom Enforcement under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md#what-evidence-should-teams-keep-for-ofcom-enforcement-under-the-uk-online-safety-act) *Module: [UK Online Safety Act Ofcom enforcement: penalty tiers, investigations, and senior manager liability](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - GOV.UK strategic priorities source used to support Ofcom enforcement readiness through risk- and evidence-based compliance expectations. - [UK Government - Online Safety Act implementation and enforcement letter](https://www.gov.uk/government/publications/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom?ref=sorena.io) - GOV.UK ministerial letter source used to support implementation and enforcement context between DSIT and Ofcom. - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK explanatory memorandum source used to connect Ofcom codes of practice with illegal-content duties and enforcement evidence. ### [Which mistakes create risk when handling Ofcom Enforcement under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md#which-mistakes-create-risk-when-handling-ofcom-enforcement-under-the-uk-online-safety-act) *Module: [UK Online Safety Act Ofcom enforcement: penalty tiers, investigations, and senior manager liability](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, child access, illegal content duties, code measures, age assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - GOV.UK collection source used to identify official Online Safety Act materials relevant to Ofcom enforcement planning. - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - GOV.UK strategic priorities source used to support Ofcom enforcement readiness through risk- and evidence-based compliance expectations. - [UK Government - Online Safety Act implementation and enforcement letter](https://www.gov.uk/government/publications/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom/implementation-and-enforcement-of-the-online-safety-act-letter-from-dsit-secretary-of-state-to-ofcom?ref=sorena.io) - GOV.UK ministerial letter source used to support implementation and enforcement context between DSIT and Ofcom. - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK explanatory memorandum source used to connect Ofcom codes of practice with illegal-content duties and enforcement evidence. ### [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md#what-should-teams-do-about-age-assurance-under-the-uk-online-safety-act) *Module: [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md)* Teams should treat Age Assurance under the UK Online Safety Act as a source-linked operating decision: confirm whether the service is in scope and which provider duty is triggered for illegal content, children safety, age assurance, user empowerment, transparency, complaints, or risk assessment, assign the team that can change the process, and keep evidence showing the action and review trigger. - Write the Age Assurance decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - GOV.UK policy source for risk- and evidence-based online safety priorities that support age-assurance operating decisions. - [Age Assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - Direct support for the FAQ answer on Age Assurance. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Direct support for the FAQ answer on Age Assurance. ### [What evidence should teams keep for Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md#what-evidence-should-teams-keep-for-age-assurance-under-the-uk-online-safety-act) *Module: [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [Age Assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - Evidence support for the FAQ answer. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Evidence support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Evidence support for the FAQ answer. ### [Which mistakes create risk when handling Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md#which-mistakes-create-risk-when-handling-age-assurance-under-the-uk-online-safety-act) *Module: [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, child access, illegal content duties, code measures, Age Assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Age Assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Risk and boundary support for the FAQ answer. ### [How to scope, assign, and document Online Safety Act categorisation](/artifacts/uk/online-safety-act/faq/categorisation.md#how-to-scope-assign-and-document-online-safety-act-categorisation) *Module: [What should teams do about Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md)* Teams should treat Categorisation under the UK Online Safety Act as a source-linked operating decision: confirm whether the service is in scope and which illegal-content, children-safety, age-assurance, user-empowerment, transparency, complaints, risk-assessment, or Ofcom enforcement duty is triggered, assign the team that can change the process, and keep evidence showing the action and review trigger. - Write the Categorisation decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - UK Government explainer source for Online Safety Act scope, regulated services, and the categorised-service framework behind this FAQ. - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - Direct support for the FAQ answer on Categorisation. - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Direct support for the FAQ answer on Categorisation. ### [What evidence should teams keep for Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md#what-evidence-should-teams-keep-for-categorisation-under-the-uk-online-safety-act) *Module: [What should teams do about Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - Evidence support for the FAQ answer. - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Evidence support for the FAQ answer. - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - Evidence support for the FAQ answer. ### [Which mistakes create risk when handling Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md#which-mistakes-create-risk-when-handling-categorisation-under-the-uk-online-safety-act) *Module: [What should teams do about Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, child access, illegal content duties, code measures, age assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - UK Government explainer source for Online Safety Act scope, regulated services, and the categorised-service framework behind this FAQ. - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [UK Government - Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety/final-statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - Risk and boundary support for the FAQ answer. ### [How Children's Access Assessment works under the UK Online Safety Act](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md#how-childrens-access-assessment-works-under-the-uk-online-safety-act) *Module: [What should teams do about Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md)* Teams should treat Children's Access Assessment under the UK Online Safety Act as a source-linked operating decision: confirm whether the service is in scope and which illegal-content, children-safety, age-assurance, user-empowerment, transparency, complaints, risk-assessment, or Ofcom enforcement duty is triggered, assign the team that can change the process, and keep evidence showing the action and review trigger. - Write the UK Online Safety Act Children's Access Assessment decision in one sentence before drafting controls. - Attach the UK Online Safety Act or ICO source URL and short quote to the Children's Access Assessment evidence record. - Route unclear Children's Access Assessment cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Official GOV.UK source for Children's Access Assessment duties, child-safety codes, and related Ofcom guidance under the Online Safety Act. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and privacy considerations when Children's Access Assessment decisions affect child access or age checks. ### [What evidence should teams keep for Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md#what-evidence-should-teams-keep-for-childrens-access-assessment-under-the-uk-online-safety-act) *Module: [What should teams do about Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Children's Access Assessment source URL and quote used for the UK Online Safety Act decision. - Children's Access Assessment scope notes, screenshots, data-flow or system references, and role mapping. - UK Online Safety Act implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and privacy considerations when Children's Access Assessment decisions affect child access or age checks. - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - GOV.UK explainer used for broad Online Safety Act context behind Children's Access Assessment evidence and controls. ### [Which mistakes create risk when handling Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md#which-mistakes-create-risk-when-handling-childrens-access-assessment-under-the-uk-online-safety-act) *Module: [What should teams do about Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, child access, illegal content duties, code measures, age assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Official GOV.UK source for Children's Access Assessment duties, child-safety codes, and related Ofcom guidance under the Online Safety Act. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and privacy considerations when Children's Access Assessment decisions affect child access or age checks. - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - GOV.UK explainer used for broad Online Safety Act context behind Children's Access Assessment evidence and controls. ### [How the ICO and Online Safety Act overlap in practice](/artifacts/uk/online-safety-act/faq/ico-overlap.md#how-the-ico-and-online-safety-act-overlap-in-practice) *Module: [What should teams do about Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md)* The overlap means a service can have to follow both online safety and data protection rules at the same time. Ofcom and the ICO say online services should design safety measures with privacy in mind, and the ICO says services likely to be accessed by children may also need to follow the Children's code. - Write the Ico Overlap decision in one sentence before drafting controls. - Attach the external source URL and a short source quote to the evidence record. - Route unclear cases to legal, privacy, security, or compliance review before launch. Sources for this answer: - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-childrens-code/4-legislative-framework/?ref=sorena.io) - ICO legislative-framework guidance supports the overlap answer by connecting age assurance, the Children's code, UK GDPR, the DPA 2018, and online safety duties. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Direct support for the FAQ answer on Ico Overlap. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Direct support for the FAQ answer on Ico Overlap. ### [What evidence should teams keep for Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md#what-evidence-should-teams-keep-for-ico-overlap-under-the-uk-online-safety-act) *Module: [What should teams do about Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Evidence support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Evidence support for the FAQ answer. - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Evidence support for the FAQ answer. ### [Which mistakes create risk when handling Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md#which-mistakes-create-risk-when-handling-ico-overlap-under-the-uk-online-safety-act) *Module: [What should teams do about Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md)* The common failure pattern is treating online safety as generic moderation without checking service scope, child access, illegal content duties, code measures, age assurance, complaints, and transparency reporting. - Using an old threshold, deadline, source page, or contract template without checking current source text. - Treating a source-linked exception as a general exemption for every product or data flow. - Publishing notices, controls, or answers that do not match the actual product behavior. Sources for this answer: - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-childrens-code/4-legislative-framework/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [Online safety and data protection](https://ico.org.uk/media2/0k5kvl5u/online-safety-and-data-protection-a-joint-statement-by-ofcom-and-the-ICO.pdf?ref=sorena.io) - Risk and boundary support for the FAQ answer. - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Risk and boundary support for the FAQ answer. ### [What the illegal content risk assessment duty means in practice](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md#what-the-illegal-content-risk-assessment-duty-means-in-practice) *Module: [What should teams do about Illegal Content Risk Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md)* Under the Online Safety Act, user-to-user services and search services in scope must assess the risks of illegal content on their services and use that assessment to decide what proportionate measures to take. For user-to-user services, section 9 covers illegal content risk assessment duties; for search services, section 26 does the same. - Confirm whether the service is a regulated user-to-user service or a search service, and whether any schedule 1 exemption applies. - Identify the parts of the service where illegal content could be encountered, disseminated, or amplified. - Record the assessment owner, evidence, and next review point so the decision can be revisited when the service changes. Sources for this answer: - [Online Safety Act 2023](https://www.legislation.gov.uk/ukpga/2023/50/contents?ref=sorena.io) - Primary legal source for the timing of assessments. ### [What evidence should teams keep for Illegal Content Risk Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md#what-evidence-should-teams-keep-for-illegal-content-risk-assessment-under-the-uk-online-safety-act) *Module: [What should teams do about Illegal Content Risk Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md)* Useful evidence is not just a safety policy. Keep the source, service map, risk assessment, mitigation evidence, age-assurance rationale, terms/complaints records, and Ofcom-readiness trail together. - Source URL and quote used for the decision. - Scope notes, screenshots, data-flow or system references, and role mapping. - Implementation ticket, approval record, exception notes, and review date. Sources for this answer: - [UK Government - Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Evidence support for the FAQ answer. - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - Evidence support for the FAQ answer. - [UK Government - Online Safety Act collection](https://www.gov.uk/government/collections/online-safety-act?ref=sorena.io) - Evidence support for the FAQ answer. ## FAQ Pagination - Canonical index (page 1): [/artifacts/uk/online-safety-act/faq/items](/artifacts/uk/online-safety-act/faq/items.md) - Page 1 rule: `/page/1` is intentionally not generated; use the canonical index markdown URL. - Current page: 1 of 2 Pages: [1](/artifacts/uk/online-safety-act/faq/items.md) | [2](/artifacts/uk/online-safety-act/faq/items/page/2.md) [Next page](/artifacts/uk/online-safety-act/faq/items/page/2.md) *Recommended next step* *Placement: after the practical guidance* ## Turn UK Online Safety Act FAQ into assigned work Use this UK Online Safety Act guide to turn FAQ into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena. - [Open Assessment Autopilot for UK Online Safety Act](/solutions/assessment.md): Turn FAQ into scoped questions, evidence fields, and review tasks. - [Review UK Online Safety Act source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through UK Online Safety Act implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/uk/online-safety-act/faq/items