12Safety duties protecting childrenU.K.
(1)This section sets out the duties to protect children’s online safety which apply in relation to regulated user-to-user services that are likely to be accessed by children (as indicated by the headings).
All services
(2)A duty, in relation to a service, to take or use proportionate measures relating to the design or operation of the service to effectively—
(a)mitigate and manage the risks of harm to children in different age groups, as identified in the most recent children’s risk assessment of the service (see section 11(6)(g)), and
(b)mitigate the impact of harm to children in different age groups presented by content that is harmful to children present on the service.
(3)A duty to operate a service using proportionate systems and processes designed to—
(a)prevent children of any age from encountering, by means of the service, primary priority content that is harmful to children;
(b)protect children in age groups judged to be at risk of harm from other content that is harmful to children (or from a particular kind of such content) from encountering it by means of the service.
(4)The duty set out in subsection (3)(a) requires a provider to use age verification or age estimation (or both) to prevent children of any age from encountering primary priority content that is harmful to children which the provider identifies on the service.
(5)That requirement applies to a provider in relation to a particular kind of primary priority content that is harmful to children in every case except where—
(a)a term of service indicates (in whatever words) that the presence of that kind of primary priority content that is harmful to children is prohibited on the service, and
(b)that policy applies in relation to all users of the service.
(6)If a provider is required by subsection (4) to use age verification or age estimation for the purpose of compliance with the duty set out in subsection (3)(a), the age verification or age estimation must be of such a kind, and used in such a way, that it is highly effective at correctly determining whether or not a particular user is a child.
(7)Age verification or age estimation to identify who is or is not a child user or which age group a child user is in are examples of measures which (if not required by subsection (4)) may be taken or used (among others) for the purpose of compliance with a duty set out in subsection (2) or (3).
(8)The duties set out in subsections (2) and (3) apply across all areas of a service, including the way it is designed, operated and used as well as content present on the service, and (among other things) require the provider of a service to take or use measures in the following areas, if it is proportionate to do so—
(a)regulatory compliance and risk management arrangements,
(b)design of functionalities, algorithms and other features,
(c)policies on terms of use,
(d)policies on user access to the service or to particular content present on the service, including blocking users from accessing the service or particular content,
(e)content moderation, including taking down content,
(f)functionalities allowing for control over content that is encountered, especially by children,
(g)user support measures, and
(h)staff policies and practices.
(9)A duty to include provisions in the terms of service specifying—
(a)how children of any age are to be prevented from encountering primary priority content that is harmful to children (with each kind of primary priority content separately covered);
(b)how children in age groups judged to be at risk of harm from priority content that is harmful to children (or from a particular kind of such content) are to be protected from encountering it, where they are not prevented from doing so (with each kind of priority content separately covered);
(c)how children in age groups judged to be at risk of harm from non-designated content that is harmful to children (or from a particular kind of such content) are to be protected from encountering it, where they are not prevented from doing so.
(10)A duty to apply the provisions of the terms of service referred to in subsection (9) consistently.
(11)If a provider takes or uses a measure designed to prevent access to the whole of the service or a part of the service by children under a certain age, a duty to—
(a)include provisions in the terms of service specifying details about the operation of the measure, and
(b)apply those provisions consistently.
(12)A duty to include provisions in the terms of service giving information about any proactive technology used by a service for the purpose of compliance with a duty set out in subsection (2) or (3) (including the kind of technology, when it is used, and how it works).
(13)A duty to ensure that the provisions of the terms of service referred to in subsections (9), (11) and (12) are clear and accessible.
Additional duty for Category 1 services
(14)A duty to summarise in the terms of service the findings of the most recent children’s risk assessment of a service (including as to levels of risk and as to nature, and severity, of potential harm to children).
Commencement Information
I1S. 12 not in force at Royal Assent, see s. 240(1)
I2S. 12 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(d)