(1)This section sets out the duties about risk assessments which apply in relation to regulated search services that are likely to be accessed by children (in addition to the duties about risk assessments set out in section 26).
(2)A duty to carry out a suitable and sufficient children’s risk assessment at a time set out in, or as provided by, Schedule 3.
(3)A duty to take appropriate steps to keep a children’s risk assessment up to date, including when OFCOM make any significant change to a risk profile that relates to services of the kind in question.
(4)Before making any significant change to any aspect of a service’s design or operation, a duty to carry out a further suitable and sufficient children’s risk assessment relating to the impacts of that proposed change.
(5)A “children’s risk assessment” of a service of a particular kind means an assessment of the following matters, taking into account the risk profile that relates to services of that kind—
(a)the level of risk of children who are users of the service encountering search content of the following kinds—
(i)each kind of primary priority content that is harmful to children (with each kind separately assessed),
(ii)each kind of priority content that is harmful to children (with each kind separately assessed), and
(iii)non-designated content that is harmful to children,
giving separate consideration to children in different age groups, and taking into account (in particular) risks presented by algorithms used by the service and the way that the service indexes, organises and presents search results;
(b)the level of risk of children who are users of the service encountering search content that is harmful to children which particularly affects individuals with a certain characteristic or members of a certain group;
(c)the extent to which the design of the service, in particular its functionalities, affects the level of risk of harm that might be suffered by children, identifying and assessing those functionalities that present higher levels of risk, including a functionality that makes suggestions relating to users’ search requests (predictive search functionality);
(d)the different ways in which the service is used, including functionalities or other features of the service that affect how much children use the service, and the impact of such use on the level of risk of harm that might be suffered by children;
(e)the nature, and severity, of the harm that might be suffered by children from the matters identified in accordance with paragraphs (a) to (d), giving separate consideration to children in different age groups;
(f)how the design and operation of the service (including the business model, governance, use of proactive technology, measures to promote users’ media literacy and safe use of the service, and other systems and processes) may reduce or increase the risks identified.
(6)In this section references to risk profiles are to the risk profiles for the time being published under section 98 which relate to the risk of harm to children presented by content that is harmful to children.
(7)See also—
(a)section 34(2) and (9) (records of risk assessments), and
(b)Schedule 3 (timing of providers’ assessments).
Commencement Information
I1S. 28 not in force at Royal Assent, see s. 240(1)
I2S. 28 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(j)
(1)This section sets out the duties to protect children’s online safety which apply in relation to regulated search services that are likely to be accessed by children (as indicated by the headings).
(2)A duty, in relation to a service, to take or use proportionate measures relating to the design or operation of the service to effectively—
(a)mitigate and manage the risks of harm to children in different age groups, as identified in the most recent children’s risk assessment of the service (see section 28(5)(e)), and
(b)mitigate the impact of harm to children in different age groups presented by search content that is harmful to children.
(3)A duty to operate a service using proportionate systems and processes designed to—
(a)minimise the risk of children of any age encountering search content that is primary priority content that is harmful to children;
(b)minimise the risk of children in age groups judged to be at risk of harm from other content that is harmful to children (or from a particular kind of such content) encountering search content of that kind.
(4)The duties set out in subsections (2) and (3) apply across all areas of a service, including the way the search engine is designed, operated and used as well as search content of the service, and (among other things) require the provider of a service to take or use measures in the following areas, if it is proportionate to do so—
(a)regulatory compliance and risk management arrangements,
(b)design of functionalities, algorithms and other features relating to the search engine,
(c)functionalities allowing for control over content that is encountered in search results, especially by children,
(d)content prioritisation,
(e)user support measures, and
(f)staff policies and practices.
(5)A duty to include provisions in a publicly available statement specifying how children are to be protected from search content of the following kinds—
(a)primary priority content that is harmful to children (with each kind of primary priority content separately covered),
(b)priority content that is harmful to children (with each kind of priority content separately covered), and
(c)non-designated content that is harmful to children.
(6)A duty to apply the provisions of the statement referred to in subsection (5) consistently.
(7)A duty to include provisions in a publicly available statement giving information about any proactive technology used by a service for the purpose of compliance with a duty set out in subsection (2) or (3) (including the kind of technology, when it is used, and how it works).
(8)A duty to ensure that the provisions of the publicly available statement referred to in subsections (5) and (7) are clear and accessible.
(9)A duty to summarise in a publicly available statement the findings of the most recent children’s risk assessment of a service (including as to levels of risk and as to nature, and severity, of potential harm to children).
Commencement Information
I3S. 29 not in force at Royal Assent, see s. 240(1)
I4S. 29 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(j)
(1)In determining what is proportionate for the purposes of section 29, the following factors, in particular, are relevant—
(a)all the findings of the most recent children’s risk assessment (including as to levels of risk and as to nature, and severity, of potential harm to children), and
(b)the size and capacity of the provider of a service.
(2)So far as a duty set out in section 29 relates to non-designated content that is harmful to children, the duty is to be taken to extend only to addressing risks of harm from the kinds of such content that have been identified in the most recent children’s risk assessment (if any have been identified).
(3)The reference in section 29(3)(b) to children in age groups judged to be at risk of harm from content that is harmful to children is a reference to children in age groups judged to be at risk of such harm as assessed by the provider of a service in the most recent children’s risk assessment of the service.
(4)The duties set out in section 29(3) are to be taken to extend only to content that is harmful to children where the risk of harm is presented by the nature of the content (rather than the fact of its dissemination).
(5)The duties set out in section 29 extend only to such parts of a service as it is possible for children to access.
(6)For the purposes of subsection (5), a provider is only entitled to conclude that it is not possible for children to access a service, or a part of it, if age verification or age estimation is used on the service with the result that children are not normally able to access the service or that part of it.
(7)In section 29 and this section “children’s risk assessment” has the meaning given by section 28.
(8)See also, in relation to duties set out in section 29, section 33 (duties about freedom of expression and privacy).
Commencement Information
I5S. 30 not in force at Royal Assent, see s. 240(1)
I6S. 30 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(j)