---
title: "UK Online Safety Act Requirements"
canonical_url: "https://www.sorena.io/artifacts/uk/online-safety-act/requirements"
source_url: "https://www.sorena.io/artifacts/uk/online-safety-act/requirements"
author: "Sorena AI"
description: "Detailed UK Online Safety Act requirements guide mapping scope, illegal content duties, child safety duties, terms enforcement, complaints, categorisation."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "UK Online Safety Act requirements"
  - "Ofcom compliance controls"
  - "online safety act evidence"
  - "category 1 requirements"
  - "children safety requirements"
  - "UK OSA requirements"
  - "controls mapping"
  - "Ofcom readiness"
  - "compliance evidence"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# UK Online Safety Act Requirements

Detailed UK Online Safety Act requirements guide mapping scope, illegal content duties, child safety duties, terms enforcement, complaints, categorisation.

*Requirements Guide* *Control Mapping*

## UK Online Safety Act Requirements

Translate the Act into control obligations, not generic compliance themes.

This page maps the live duty set into owners, evidence, and review points so the work can be executed.

The UK OSA requirements set is layered. Every program should map baseline scope and illegal harms duties first, then child-access and child-safety duties where relevant, then category-specific duties if the service is categorised, and finally the enforcement and information notice response capabilities that sit across the whole program.

## Base requirements for all in-scope services

Base requirements include service scoping, illegal content risk assessment, systems and processes to mitigate illegal activity, takedown and moderation design, and usable reporting and complaints procedures. Search and user-to-user services share the same general structure but not identical section numbering.

These controls should exist even if the service is not large.

- Scope register and service classification memo
- Illegal content risk assessment and updates
- Moderation, reporting, and complaints procedures
- Evidence retention for decisions, metrics, and control testing

*Recommended next step*

*Placement: after the requirement breakdown*

## Turn UK Online Safety Act Requirements into an operational assessment

Assessment Autopilot can take UK Online Safety Act Requirements from turning the requirements into assigned actions to a reusable workflow inside Sorena. Teams working on UK Online Safety Act can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for UK Online Safety Act Requirements](/solutions/assessment.md): Start from UK Online Safety Act Requirements and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through UK Online Safety Act](/contact.md): Review your current process, evidence gaps, and next steps for UK Online Safety Act Requirements.

## Additional requirements where children are likely to access the service

Where children are likely to access the service, the program must add child access analysis, children risk assessment, age assurance or age gating decisions where used, and product controls that actually prevent exposure to harmful content.

This work should also account for ICO child-data expectations, especially around privacy defaults, profiling, and geolocation.

- Child access assessment and rationale
- Children risk assessment and age-banded harm analysis
- Age assurance design, testing, and privacy review
- Child-safe product defaults and high-risk feature controls

## Additional requirements for categorised services and enforcement readiness

Category 1, 2A, and 2B services have additional transparency and accountability exposure once categorised. Across the program, providers also need to be ready for information notices, senior manager naming, transparency reporting, and financial penalty exposure.

This means the controls map should include both duty controls and regulator-response controls.

- Transparency reporting data definitions and ownership
- Category 1 terms enforcement and user empowerment tooling where relevant
- Information notice response workflow and named accountable senior manager
- Penalty exposure register and enforcement communication plan

## Primary sources

- [Online Safety Act 2023](https://www.legislation.gov.uk/ukpga/2023/50/contents?ref=sorena.io) - Primary legislation for scope, duties, risk assessment, enforcement, transparency, and complaints provisions.
- [Online Safety Act explainer](https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer?ref=sorena.io) - Current government implementation status, deadlines, and plain language explanation of the regime.
- [Statement of Strategic Priorities for Online Safety](https://www.gov.uk/government/publications/statement-of-strategic-priorities-for-online-safety?ref=sorena.io) - July 2025 strategic priorities for Ofcom, including safety by design, age assurance, and small but risky services.
- [ICO introduction to the Children's Code](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/introduction-to-the-childrens-code/?ref=sorena.io) - ICO explanation of scope for information society services likely to be accessed by children and the 15 standards.

## Related Topic Guides

- [UK Online Safety Act Age Assurance Options | Age Estimation, Verification, and Child Access Controls](/artifacts/uk/online-safety-act/age-assurance-options.md): Grounded age assurance guide for the UK Online Safety Act covering January 2025 pornography guidance, highly effective age assurance.
- [UK Online Safety Act Applicability Test | Regulated Service, Exemptions, and UK Scope](/artifacts/uk/online-safety-act/applicability-test.md): Grounded UK Online Safety Act applicability test covering regulated user-to-user and search services, Schedule 1 exemptions, provider pornography scope.
- [UK Online Safety Act Checklist | Scope, Risk, Child Safety, Moderation, and Evidence](/artifacts/uk/online-safety-act/checklist.md): Audit-ready UK Online Safety Act checklist covering service scope, illegal risk assessment, child access and child risk assessment, moderation, complaints.
- [UK Online Safety Act Children Safety Duties | Child Access, Child Risk, and Age Assurance](/artifacts/uk/online-safety-act/children-safety-duties.md): Grounded guide to UK Online Safety Act children safety duties covering section 81 timing, children access assessments, children risk assessments.
- [UK Online Safety Act Compliance Program | Governance, Controls, and Ofcom Readiness](/artifacts/uk/online-safety-act/compliance.md): Program design guide for UK Online Safety Act compliance covering governance, scope, assessments, moderation, age assurance, complaints, metrics.
- [UK Online Safety Act Content Moderation and Appeals | Complaints, Terms Enforcement, and Redress](/artifacts/uk/online-safety-act/content-moderation-and-appeals.md): Grounded guide to UK Online Safety Act moderation and appeals requirements covering sections 21, 32, 71, and 72, complaints design, terms enforcement.
- [UK Online Safety Act Deadlines and Compliance Calendar | 2023 to 2026 Milestones](/artifacts/uk/online-safety-act/deadlines-and-compliance-calendar.md): Grounded UK Online Safety Act calendar covering 26 October 2023 enactment, 31 January 2024 offences, 16 December 2024 illegal harms codes.
- [UK Online Safety Act Enforcement and Penalties | Ofcom Notices, Penalties, and Escalation](/artifacts/uk/online-safety-act/enforcement-and-penalties.md): Grounded UK Online Safety Act enforcement guide covering Ofcom information notices, senior manager naming, confirmation decisions.
- [UK Online Safety Act FAQ | Scope, Child Duties, Categories, and Ofcom Enforcement](/artifacts/uk/online-safety-act/faq.md): Practical FAQ on the UK Online Safety Act covering who is in scope, what changed in 2025, child access and risk assessments, age assurance, category duties.
- [UK Online Safety Act Illegal Content Duties | Illegal Harms, Priority Offences, and Risk Assessments](/artifacts/uk/online-safety-act/illegal-content-duties-explained.md): Grounded guide to UK Online Safety Act illegal content duties covering user-to-user and search services, illegal content risk assessments.
- [UK Online Safety Act Penalties and Fines | GBP 18 Million, 10 Percent Revenue, and Liability](/artifacts/uk/online-safety-act/penalties-and-fines.md): Grounded penalty guide for the UK Online Safety Act covering the GBP 18 million or 10 percent worldwide revenue cap.
- [UK Online Safety Act Risk Assessment Template | Illegal Content and Child Safety Template](/artifacts/uk/online-safety-act/online-safety-risk-assessment-template.md): Practical UK Online Safety Act risk assessment template covering service profile, harms inventory, controls, residual risk, child access, child safety.
- [UK Online Safety Act Risk Assessments Playbook | How to Run Illegal and Children Risk Reviews](/artifacts/uk/online-safety-act/risk-assessments-playbook.md): Operational playbook for UK Online Safety Act risk assessments covering sequencing, ownership, evidence collection, control design.
- [UK Online Safety Act Service Scope and Categorization | Category 1, 2A, 2B, and Part 3 Logic](/artifacts/uk/online-safety-act/service-scope-and-categorization.md): Grounded service scope and categorisation guide for the UK Online Safety Act covering Part 3 logic, likely to be accessed by children, Category 1, 2A.
- [UK Online Safety Act vs EU Digital Services Act | Scope, Child Safety, and Enforcement Differences](/artifacts/uk/online-safety-act/online-safety-act-vs-dsa.md): Practical comparison of the UK Online Safety Act and the EU Digital Services Act covering regulated service models, illegal content frameworks.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/uk/online-safety-act/requirements