Online Safety Act 2023

11Children’s risk assessment dutiesU.K.

(1)This section sets out the duties about risk assessments which apply in relation to regulated user-to-user services that are likely to be accessed by children (in addition to the duties about risk assessments set out in section 9 and, in the case of services likely to be accessed by children which are Category 1 services, the duties about assessments set out in section 14).

(2)A duty to carry out a suitable and sufficient children’s risk assessment at a time set out in, or as provided by, Schedule 3.

(3)A duty to take appropriate steps to keep a children’s risk assessment up to date, including when OFCOM make any significant change to a risk profile that relates to services of the kind in question.

(4)Before making any significant change to any aspect of a service’s design or operation, a duty to carry out a further suitable and sufficient children’s risk assessment relating to the impacts of that proposed change.

(5)Where a children’s risk assessment of a service identifies the presence of non-designated content that is harmful to children, a duty to notify OFCOM of—

(a)the kinds of such content identified, and

(b)the incidence of those kinds of content on the service.

(6)A “children’s risk assessment” of a service of a particular kind means an assessment of the following matters, taking into account the risk profile that relates to services of that kind—

(a)the user base, including the number of users who are children in different age groups;

(b)the level of risk of children who are users of the service encountering the following by means of the service—

(i)each kind of primary priority content that is harmful to children (with each kind separately assessed),

(ii)each kind of priority content that is harmful to children (with each kind separately assessed), and

(iii)non-designated content that is harmful to children,

giving separate consideration to children in different age groups, and taking into account (in particular) algorithms used by the service and how easily, quickly and widely content may be disseminated by means of the service;

(c)the level of risk of harm to children presented by different kinds of content that is harmful to children, giving separate consideration to children in different age groups;

(d)the level of risk of harm to children presented by content that is harmful to children which particularly affects individuals with a certain characteristic or members of a certain group;

(e)the extent to which the design of the service, in particular its functionalities, affects the level of risk of harm that might be suffered by children, identifying and assessing those functionalities that present higher levels of risk, including functionalities—

(i)enabling adults to search for other users of the service (including children), or

(ii)enabling adults to contact other users (including children) by means of the service;

(f)the different ways in which the service is used, including functionalities or other features of the service that affect how much children use the service (for example a feature that enables content to play automatically), and the impact of such use on the level of risk of harm that might be suffered by children;

(g)the nature, and severity, of the harm that might be suffered by children from the matters identified in accordance with paragraphs (b) to (f), giving separate consideration to children in different age groups;

(h)how the design and operation of the service (including the business model, governance, use of proactive technology, measures to promote users’ media literacy and safe use of the service, and other systems and processes) may reduce or increase the risks identified.

(7)In this section references to risk profiles are to the risk profiles for the time being published under section 98 which relate to the risk of harm to children presented by content that is harmful to children.

(8)See also—

(a)section 23(2) and (10) (records of risk assessments), and

(b)Schedule 3 (timing of providers’ assessments).