Artifact GuideUKpenalties and fines

UK Online Safety Act penalties and fines

The Online Safety Act lets Ofcom impose penalties on regulated service providers, with a maximum penalty of GBP18 million or 10% of qualifying worldwide revenue, whichever is greater.

Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation.

Back to main artifact Review sources

Author

Sorena AI

Published

May 9, 2026

Updated

May 9, 2026

Sections

Structured answer sets in this page tree.

Primary sources

Cited legal and guidance references.

Publication metadata

Sorena AI

Published May 9, 2026

Updated May 9, 2026

Overview

This page explains the penalties and fines under the UK Online Safety Act: Ofcom can impose penalties on regulated service providers, with a maximum penalty of the greater of GBP18 million and 10% of qualifying worldwide revenue.

Section 1

What should teams understand about UK Online Safety Act penalties and fines?

Ofcom is responsible for enforcing the Online Safety Act, and its maximum penalty for regulated service providers is the greater of GBP18 million and 10% of qualifying worldwide revenue. Start by deciding whether the service is in scope and which illegal-content, children-safety, age-assurance, user-empowerment, transparency, complaints, risk-assessment, or Ofcom enforcement duty is triggered.

Keep the Online Safety Act source, service-scope decision, user-to-user/search feature map, risk assessment, code-of-practice mapping, age-assurance evidence, and Ofcom-facing record together.

Define the exact penalties and fines trigger and the business process it affects.
Record which role, product, system, customer group, or data flow is in scope.
Attach the source-linked rule, the owner, and the evidence field before approving the control.
Escalate uncertainty when the facts depend on thresholds, exemptions, cross-border activity, vulnerable users, or enforcement-sensitive wording.

Sources for this answer

UK Government - Online Safety Act collection

Official collection page for UK Online Safety Act materials used to orient the penalties and fines guide.

Online Safety Act 2023 explanatory notes - Schedule 13 penalties

Explains Schedule 13 maximum penalties for regulated services under the UK Online Safety Act.

Online Safety Act 2023 explanatory notes - policy background

Official explanatory note summarising Ofcom enforcement powers and financial penalty exposure under the Act.

Section 2

Who should own penalties and fines, and what evidence should prove the decision?

Ownership should sit with the team that can change service design, moderation, recommender systems, age assurance, reporting, complaints, terms, or transparency data, with legal and trust-safety review.

Evidence should show service categorisation, illegal-content risk assessment, children access assessment, children risk assessment, mitigation controls, age-assurance decisions, terms/complaints records, and Ofcom reporting readiness.

Name one accountable owner and one reviewer for the penalties and fines workflow.
Keep source screenshots or source links, decision notes, implementation tickets, and approval records together.
Use dated evidence for deadlines, notices, risk assessments, contracts, user journeys, and regulator-facing records.
Review the evidence after product changes, new markets, new vendors, enforcement updates, or material changes in the source text.

Sources for this answer

Online Safety Act 2023 explanatory notes - Schedule 13 penalties

Explains Schedule 13 maximum penalties for regulated services under the UK Online Safety Act.

Online Safety Act 2023 explanatory notes - policy background

Official explanatory note summarising Ofcom enforcement powers and financial penalty exposure under the Act.

UK Government - Online Safety Act explainer

GOV.UK explainer used for general Online Safety Act context before applying the penalty-specific source.

Section 3

Which edge cases should teams check before relying on a penalties and fines decision?

Most Online Safety Act mistakes happen at the boundary between user-to-user, search, pornography, category, child-access, illegal-content, and transparency duties.

Use this section before launching a user feature, recommender change, moderation change, age-assurance flow, complaint process, or transparency-reporting process.

Check whether the rule changes for minors, consumers, business users, public-sector bodies, regulated sectors, high-risk services, or cross-border transfers.
Separate binding law, regulator guidance, consultation material, standards, and enforcement commentary in the evidence record.
Do not rely on a previous answer if the data categories, user interface, vendor role, or contractual flow changed.
Track unresolved assumptions in an open-questions section and route legal interpretation points for review.

Sources for this answer

UK Government - Online Safety Act collection

Official collection page for UK Online Safety Act materials used to orient the penalties and fines guide.

Online Safety Act 2023 explanatory notes - Schedule 13 penalties

Explains Schedule 13 maximum penalties for regulated services under the UK Online Safety Act.

Online Safety Act 2023 explanatory notes - policy background

Official explanatory note summarising Ofcom enforcement powers and financial penalty exposure under the Act.

UK Government - Online Safety Act explainer

GOV.UK explainer used for general Online Safety Act context before applying the penalty-specific source.

Section 4

How should teams operationalize penalties and fines with proportionate controls?

Use an Online Safety Act workflow that captures service scope, user groups, risk assessment, code mapping, child-access status, mitigation owner, evidence, and Ofcom escalation path.

The output should be a service-scope memo, risk assessment, children access assessment, mitigation plan, age-assurance decision, complaint workflow, or transparency-report evidence pack.

Create a short intake question that identifies the penalties and fines scenario.
Map the answer to a required action, evidence field, owner, reviewer, and review date.
Link related artifact pages with descriptive anchors so users can move from scope to deadlines, controls, penalties, and templates.
Update the workflow when official source material changes or when internal evidence shows recurring exceptions.

Sources for this answer

UK Government - Online Safety Act collection

Official collection page for UK Online Safety Act materials used to orient the penalties and fines guide.

Online Safety Act 2023 explanatory notes - Schedule 13 penalties

Explains Schedule 13 maximum penalties for regulated services under the UK Online Safety Act.

Online Safety Act 2023 explanatory notes - policy background

Official explanatory note summarising Ofcom enforcement powers and financial penalty exposure under the Act.

Recommended next step

Turn UK Online Safety Act penalties and fines into assigned work

Use this UK Online Safety Act guide to turn penalties and fines into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.

Assessment workflow

Open Assessment Autopilot for UK Online Safety Act

Turn penalties and fines into scoped questions, evidence fields, and review tasks.

Explore next step

Research workflow

Review UK Online Safety Act source evidence

Use Research Copilot to answer follow-up questions with cited source material.

Explore next step

Talk to Sorena

Talk through UK Online Safety Act penalties and fines implementation

Review scope, evidence, owners, and the next compliance actions with Sorena.

Explore next step