PART 3Providers of regulated user-to-user services and regulated search services: duties of care

CHAPTER 2Providers of user-to-user services: duties of care

Illegal content duties for user-to-user services

I19Illegal content risk assessment duties

1

This section sets out the duties about risk assessments which apply in relation to all regulated user-to-user services.

2

A duty to carry out a suitable and sufficient illegal content risk assessment at a time set out in, or as provided by, Schedule 3.

3

A duty to take appropriate steps to keep an illegal content risk assessment up to date, including when OFCOM make any significant change to a risk profile that relates to services of the kind in question.

4

Before making any significant change to any aspect of a service’s design or operation, a duty to carry out a further suitable and sufficient illegal content risk assessment relating to the impacts of that proposed change.

5

An “illegal content risk assessment” of a service of a particular kind means an assessment of the following matters, taking into account the risk profile that relates to services of that kind—

a

the user base;

b

the level of risk of individuals who are users of the service encountering the following by means of the service—

i

each kind of priority illegal content (with each kind separately assessed), and

ii

other illegal content,

taking into account (in particular) algorithms used by the service, and how easily, quickly and widely content may be disseminated by means of the service;

c

the level of risk of the service being used for the commission or facilitation of a priority offence;

d

the level of risk of harm to individuals presented by illegal content of different kinds or by the use of the service for the commission or facilitation of a priority offence;

e

the level of risk of functionalities of the service facilitating the presence or dissemination of illegal content or the use of the service for the commission or facilitation of a priority offence, identifying and assessing those functionalities that present higher levels of risk;

f

the different ways in which the service is used, and the impact of such use on the level of risk of harm that might be suffered by individuals;

g

the nature, and severity, of the harm that might be suffered by individuals from the matters identified in accordance with paragraphs (b) to (f);

h

how the design and operation of the service (including the business model, governance, use of proactive technology, measures to promote users’ media literacy and safe use of the service, and other systems and processes) may reduce or increase the risks identified.

6

In this section references to risk profiles are to the risk profiles for the time being published under section 98 which relate to the risk of harm to individuals presented by illegal content.

7

See also—

a

section 23(2) and (10) (records of risk assessments), and

b

Schedule 3 (timing of providers’ assessments).