--- title: "UK Online Safety Act Risk Assessment Workflow Guide" canonical_url: "https://www.sorena.io/artifacts/uk/online-safety-act/risk-assessment-workflow" source_url: "https://www.sorena.io/artifacts/uk/online-safety-act/risk-assessment-workflow" author: "Sorena AI" description: "UK Online Safety Act guidance for Risk Assessment Workflow, with practical decisions, evidence, edge cases, and external source citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "UK Online Safety Act" - "Risk Assessment Workflow" - "UK Online Safety Act Risk Assessment Workflow" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # UK Online Safety Act Risk Assessment Workflow Guide UK Online Safety Act guidance for Risk Assessment Workflow, with practical decisions, evidence, edge cases, and external source citations. *Artifact Guide* *UK* *Risk Assessment Workflow* ## UK Online Safety Act Risk Assessment Workflow Risk Assessment Workflow decisions under the UK Online Safety Act should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed. Use this guide to turn official requirements into scope, evidence, owner, and review decisions. This guidance is practical, source-linked, and should be validated against current legal and policy requirements before implementation. This page helps you determine when UK Online Safety Act obligations apply, who owns each action, the required evidence, and the review path before escalation. ## How should a Risk Assessment Workflow run under the UK Online Safety Act? Run the workflow as online-safety triage: first confirm whether the service is in scope, then check whether children are likely to access it, identify the relevant duty or risk type, decide the mitigation or control, record evidence, assign an owner, and set the next review date. If the service is not in scope, close the item; if it is in scope and the risk is unresolved, escalate before implementation. - Check whether the service is a user-to-user service or search service and whether the issue relates to child safety or illegal content. - Confirm the source-linked rule that applies, then choose the required action: close, mitigate, escalate, or send for review. - Record the decision, the owner, the reviewer, the evidence location, and the next review date. - Keep the outcome plain and practical so support, product, legal, security, and compliance teams can use it. Sources for this answer: - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - GOV.UK source for children-code context that informs child-risk steps in the UK Online Safety Act risk-assessment workflow. - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK source for illegal-content code context that informs risk-type, mitigation, evidence, and review fields in the workflow. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and children-code privacy context that can affect user-group and child-access fields. ## What fields should the Risk Assessment Workflow template capture? A useful template captures service type, user group, risk type, child-access result, code measure, mitigation owner, evidence, review date, and unresolved assumptions. Each field should support a decision, not just store a label. - Link to the source URL and include the source quote that supports the decision. - Identify the entity, product, service, system, data category, and user group involved. - Capture the decision result, control action, owner, reviewer, due date, and escalation reason. - Attach the evidence, approval note, exception note, and review cadence used to reach the decision. Sources for this answer: - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK source for illegal-content code context that informs risk-type, mitigation, evidence, and review fields in the workflow. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and children-code privacy context that can affect user-group and child-access fields. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - ICO source for practical review observations that support improving risk-assessment fields after service or evidence reviews. ## How should teams review and improve the Risk Assessment Workflow? Review the workflow after Ofcom code updates, feature changes, algorithm changes, user-base changes, incident trends, complaints, enforcement notices, or transparency-report cycles. Use each review to decide whether the current controls still reduce the identified risk, whether the evidence is sufficient, and whether the item should stay open, be escalated, or be closed. - Track recurring exception categories and update intake questions. - Remove fields that never affect the decision. - Add fields when reviews show missing source evidence or unclear ownership. - Confirm the public page and working template include the same visible source-linked guidance. Sources for this answer: - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - GOV.UK source for children-code context that informs child-risk steps in the UK Online Safety Act risk-assessment workflow. - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK source for illegal-content code context that informs risk-type, mitigation, evidence, and review fields in the workflow. - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and children-code privacy context that can affect user-group and child-access fields. - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - ICO source for practical review observations that support improving risk-assessment fields after service or evidence reviews. *Recommended next step* *Placement: after the practical guidance* ## Turn UK Online Safety Act Risk Assessment Workflow into assigned work Use this UK Online Safety Act guide to turn Risk Assessment Workflow into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena. - [Open Assessment Autopilot for UK Online Safety Act](/solutions/assessment.md): Turn Risk Assessment Workflow into scoped questions, evidence fields, and review tasks. - [Review UK Online Safety Act source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena. ## Primary sources - [Online Safety Act: Protection of Children Codes of Practice - explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum/online-safety-act-protection-of-children-codes-of-practice-explanatory-memorandum?ref=sorena.io) - GOV.UK source for children-code context that informs child-risk steps in the UK Online Safety Act risk-assessment workflow. - Quote: "This document section concerns the Protection of children codes of practice under the Online Safety Act (OSA)" - [Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum](https://www.gov.uk/government/publications/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum/online-safety-act-illegal-content-codes-of-practice-2024-explanatory-memorandum?ref=sorena.io) - GOV.UK source for illegal-content code context that informs risk-type, mitigation, evidence, and review fields in the workflow. - Quote: "Notice Online Safety Act - Illegal Content Codes of Practice 2024: explanatory memorandum Published 17 December 2024 Contents" - [Age assurance for the Children's code](https://ico.org.uk/about-the-ICO/what-we-do/information-commissioners-opinions/age-assurance-for-the-children-s-code/4-legislative-framework/?ref=sorena.io) - ICO source for age-assurance and children-code privacy context that can affect user-group and child-access fields. - Quote: "It explains how UK GDPR and the DPA 2018 apply, and how the Children's code and the Online" - [Children's code strategy: interim impact review](https://ico.org.uk/for-organisations/uk-GDPR-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/protecting-childrens-privacy-online-our-childrens-code-strategy/children-s-code-strategy-progress-update-march-2025/annex-table-of-observations-from-our-review-of-a-sample-of-social-media-and-video-sharing-platforms/?ref=sorena.io) - ICO source for practical review observations that support improving risk-assessment fields after service or evidence reviews. - Quote: "- - review interim - This document is described as an interim impact review of the Children's code" ## Related Topic Guides - [How should teams decide whether UK Online Safety Act applies?](/artifacts/uk/online-safety-act/faq/regulated-service-scope.md): UK Online Safety Act guidance for Regulated Service Scope, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Age Assurance Guide](/artifacts/uk/online-safety-act/age-assurance.md): UK Online Safety Act guidance for Age Assurance, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Age Assurance Options Guide](/artifacts/uk/online-safety-act/age-assurance-options.md): UK Online Safety Act guidance for Age Assurance Options, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Age Assurance Selection Workflow Guide](/artifacts/uk/online-safety-act/age-assurance-selection-workflow.md): UK Online Safety Act guidance for Age Assurance Selection Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Applicability Test Guide](/artifacts/uk/online-safety-act/applicability-test.md): Practical guidance for the UK Online Safety Act applicability test, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Categorisation Guide](/artifacts/uk/online-safety-act/categorisation.md): UK Online Safety Act guidance for Categorisation, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Checklist](/artifacts/uk/online-safety-act/checklist.md): Practical guidance for the UK Online Safety Act checklist, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Children's Access Assessment Guide](/artifacts/uk/online-safety-act/children-s-access-assessment.md): UK Online Safety Act guidance for Children's Access Assessment, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Children's Safety Duties Guide](/artifacts/uk/online-safety-act/children-safety-duties.md): UK Online Safety Act guidance for Children's Safety Duties, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Complaint And Appeal Handling Workflow Guide](/artifacts/uk/online-safety-act/complaint-and-appeal-handling-workflow.md): UK Online Safety Act guidance for Complaint And Appeal Handling Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Compliance Guide](/artifacts/uk/online-safety-act/compliance.md): Practical guidance for the UK Online Safety Act compliance, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Content Moderation And Appeals Guide](/artifacts/uk/online-safety-act/content-moderation-and-appeals.md): UK Online Safety Act guidance for Content Moderation And Appeals, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Deadlines and Compliance Calendar Guide](/artifacts/uk/online-safety-act/deadlines-and-compliance-calendar.md): UK Online Safety Act guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Enforcement And Penalties Guide](/artifacts/uk/online-safety-act/enforcement-and-penalties.md): UK Online Safety Act guidance for Enforcement And Penalties, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act FAQ](/artifacts/uk/online-safety-act/faq.md): Practical guidance for the UK Online Safety Act FAQ, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act ICO Overlap Guide](/artifacts/uk/online-safety-act/ico-overlap.md): UK Online Safety Act guidance for ICO Overlap, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Illegal Content Duties Explained Guide](/artifacts/uk/online-safety-act/illegal-content-duties-explained.md): UK Online Safety Act guidance for Illegal Content Duties Explained, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Illegal Content Risk Assessment Guide](/artifacts/uk/online-safety-act/illegal-content-risk-assessment.md): UK Online Safety Act guidance for Illegal Content Risk Assessment, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Moderation And Appeals Guide](/artifacts/uk/online-safety-act/moderation-and-appeals.md): UK Online Safety Act guidance for Moderation And Appeals, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Ofcom Enforcement Guide](/artifacts/uk/online-safety-act/ofcom-enforcement.md): UK Online Safety Act guidance for Ofcom Enforcement, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Ofcom enforcement: penalty tiers, investigations, and senior manager liability](/artifacts/uk/online-safety-act/faq/ofcom-enforcement.md): UK Online Safety Act guidance for Ofcom Enforcement, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Online Safety Risk Assessment Template Guide](/artifacts/uk/online-safety-act/online-safety-risk-assessment-template.md): UK Online Safety Act guidance for Online Safety Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act penalties and fines Guide](/artifacts/uk/online-safety-act/penalties-and-fines.md): UK Online Safety Act guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Regulated Service Scope Guide](/artifacts/uk/online-safety-act/regulated-service-scope.md): UK Online Safety Act guidance for Regulated Service Scope, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Requirements Guide](/artifacts/uk/online-safety-act/requirements.md): Practical guidance for the UK Online Safety Act requirements, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Risk Assessments Playbook Guide](/artifacts/uk/online-safety-act/risk-assessments-playbook.md): UK Online Safety Act guidance for Risk Assessments Playbook, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Senior Manager Liability Guide](/artifacts/uk/online-safety-act/senior-manager-liability.md): UK Online Safety Act guidance for Senior Manager Liability, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Service Classification Workflow Guide](/artifacts/uk/online-safety-act/service-classification-workflow.md): UK Online Safety Act guidance for Service Classification Workflow, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Service Scope and Categorization Guide](/artifacts/uk/online-safety-act/service-scope-and-categorization.md): UK Online Safety Act guidance for Service Scope and Categorization, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act Transparency Reporting Guide](/artifacts/uk/online-safety-act/transparency-reporting.md): UK Online Safety Act guidance for Transparency Reporting, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act User-to-user And Search Services Guide](/artifacts/uk/online-safety-act/user-to-user-and-search-services.md): UK Online Safety Act guidance for User-to-user And Search Services, with practical decisions, evidence, edge cases, and external source citations. - [UK Online Safety Act vs Dsa Guide](/artifacts/uk/online-safety-act/online-safety-act-vs-dsa.md): UK Online Safety Act guidance for Online Safety Act vs Dsa, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Age Assurance under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/age-assurance.md): UK Online Safety Act guidance for Age Assurance, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Categorisation under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/categorisation.md): UK Online Safety Act guidance for Categorisation, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Children's Access Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/children-s-access-assessment.md): UK Online Safety Act guidance for Children's Access Assessment, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Ico Overlap under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/ico-overlap.md): UK Online Safety Act guidance for Ico Overlap, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Illegal Content Risk Assessment under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/illegal-content-risk-assessment.md): UK Online Safety Act guidance for Illegal Content Risk Assessment, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Moderation And Appeals under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/moderation-and-appeals.md): UK Online Safety Act guidance for Moderation And Appeals, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Senior Manager Liability under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/senior-manager-liability.md): UK Online Safety Act guidance for Senior Manager Liability, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Transparency Reporting under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/transparency-reporting.md): UK Online Safety Act guidance for Transparency Reporting, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about User-to-user And Search Services under the UK Online Safety Act?](/artifacts/uk/online-safety-act/faq/user-to-user-and-search-services.md): UK Online Safety Act guidance for User-to-user And Search Services, with practical decisions, evidence, edge cases, and external source citations. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/uk/online-safety-act/risk-assessment-workflow