News: 1736856910

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

It's not just Big Tech: The UK's Online Safety Act applies across the board

(2025/01/14)


Analysis A little more than two months out from its first legal deadline, the UK’s Online Safety Act is causing concern among smaller online forums caught within its reach. The legislation, which came into law in the autumn of 2023, applies to search services and services that allow users to post content online or to interact with each other.

UK's Online Safety Act: Does it apply to you?

A [1]UK government notice says the Act’s duties apply to search services and services that allow users to post content online or to interact with each other. This includes: websites; apps; and other services – including social media services, consumer file cloud storage and sharing sites; video-sharing platforms; online forums; dating services; and online instant messaging services.

They don't have to be based in the UK for the act to apply. If the service has a significant number of UK users, if the United Kingdom is a target market, or the site is capable of being accessed by British and Northern Irish users and there is a material risk of significant harm to such users, then the law applies.

Ofcom, which will enforce the Act, said all services falling under it will have to comply, for example, by naming an individual accountable for online safety compliance and ensuring terms of service (or publicly available statements) are clear and accessible.

However, some measures in its illegal content codes of practice are recommended only to "large services," defined as having more than 7 million monthly active UK users. In some other cases, measures are recommended to services with more than 700,000 monthly active UK users. For example, using hash-matching and URL detection to detect child sexual abuse material.

Ofcom are proposing that Category 1 services will be those that meet one of two criteria, either:

services that use a content recommender system and have more than 34 million UK users; or

services that allow users to forward or reshare user-generated content, use a content recommender system and have 7 million or more UK users.

The government still needs to pass the secondary legislation to give effect to those criteria.

Ultimately, measures will apply to different services based on factors such as:

the type of service provided;

the features and functionalities of a service;

the number of users a service has; and

the results of a provider’s illegal content risk assessment.

Ofcom has a quick guide to our illegal content codes of practice, [2]here .

The government says it is designed to protect children and adults online and creates new legal duties for the online platforms and apps affected.

When one thinks of online harms – death threats, revenge porn, suicide encouragement etc. – one thinks of the largest global platforms and services. But over the decades small hobbyist forums have sprung up on even the most niche topics, while retailers often allow customers to chat to each other to share ideas, challenges, and solutions.

[3]Estimates suggest 100,000 such services will have to comply with the act, and some feel they don't have resources to do the compliance work, or that their content is not relevant to the kind of harm the law is designed to prevent.

Nonetheless, according to law, regulator Ofcom could impose a fine of £18 million ($22 million) or 10 percent of their global revenue – whichever is greater – for failing to comply.

[4]

For the cycling forum dubbed London Fixed Gear and Single Speed (that’s LFGSS for short), the Online Safety Act was too much to bear.

[5]

[6]

"We're done... we fall firmly into scope, and I have no way to dodge it. The act is too broad, and it doesn't matter that there's never been an instance of any of the proclaimed things that this act protects adults, children and vulnerable people from... the very broad language and the fact that I'm based in the UK means we're covered," the forum's creator said in [7]a post .

The Act applies to search services and services that allow users to post content online or to interact with each other, such as websites, apps and other services, including social media services, consumer file cloud storage and sharing sites, video-sharing platforms, online forums, dating services, and online instant messaging services. The Act also applies to services that have links to the UK, even if they are based outside it. If a service, platform or forum has a significant number of UK users, if the UK is a target market, or it is capable of being accessed by UK users and there is a material risk of significant harm to such users, then the law also applies.

[8]

[9]Any entity to which the law applies will have to comply with the first tranche of obligations, from 17 March 2025 onwards.

Ben Packer, partner at law firm Linklaters, said the first involves a risk assessment which Ofcom says must be completed by the end of March 16. “It contains 17 different types of priority illegal content that organizations are going to have to run through and work out whether the risk of harm for each type of content is negligible, low, medium or high. It's quite a detailed and involved process, and, as well as doing that, once they've done that risk assessment, they're going to have to work out what measures to put in place to mitigate those risks.

"Every single service will have to go through all 17 categories of priority illegal content and consider ‘non priority’ illegal content too. This is the case even if you're a small cycling based forum that only allows text based comments. That's just the way that Parliament designed the act. Unfortunately, that's not Ofcom's choice to do it that way," Packer said.

[10]

Who has to publish a summary risk assessment on their website? Sites with 34 million or more monthly active UK users. The threshold is lower for services that allow users to forward or reshare user-generated content and use a content recommender system: 7 million or more UK users. Organizations with a smaller number of users will simply have to have the document ready should Ofcom request it.

Ria Moody, Linklaters managing associate, said: "The practical journey [for smaller organizations] would be that Ofcom would write to these services and say, 'Have you done your risk assessment? Please show it to us. We're exercising our rights to request information from you as a service in scope.' And then if the service hasn't done a risk assessment, or the risk assessment wasn't suitable and sufficient, which is the language that the Online Safety Act uses, based on Ofcom guidance and the principles they've set out, then Ofcom could take enforcement action."

Once a service has completed a risk assessment, then Ofcom requires it to put in place the risk mitigations recommended in its Codes of Practice. Packer said: "Ofcom is saying they expect most services to have put in place almost all of the recommended risk mitigations by six months [after the March deadline], so September 2025. If after that, you still haven't taken the measures to comply, that's when they might start taking enforcement action. But what they've also said is that, in the meantime, they will still take action against deliberate or egregious breaches where there is a very significant risk of serious harm to UK users, especially children."

The Codes of Practice measures are also categorized by size of service on the same criteria. Some measures will depend on functionality, for example, the ability to offer users controls to disable comments will only apply on a service which allows commenting on content. Meanwhile, some measures only apply if the relevant risks to which they relate are identified on the platform.

Moody said: "There are about 40 code measures which are the practical mitigation measures you need to put in place. For a small service [with less than 7 million monthly active UK users] which is low risk, of those 40-odd measures, about 14 apply."

She added: "On a practical level, if you were a very low-risk forum, which is maybe only text-based, the actual amount of time it's going to take you to assess risk on that site will likely be a lot lower than if you are a complex social media platform with all different kinds of content, all different kinds of functionality, and a really wide user base."

Nonetheless some forums in the UK remain concerned about the Act and the work it will require to comply, given they have never seen the kind of nefarious activity the Act is designed to prevent taking place in their community.

The Register spoke to an independently hosted outdoor sports forum with about 29,000 registered users and at most 2,000 active at any one time.

The lead moderator and technical manager, who asked not to be named, told us: "I don't envy Ofcom because there must be hundreds of forums like ours. Technically, we could be used for these horrible things, but in 18 years, we have not. We get people 'shouting' at each other from time to time, which the moderators jump on, and people can post complaint. From a logical point of view, we're very low risk," he said.

Cutting kids off from the dark web – the solution can only ever be social [11]READ MORE

He said they would try to a complete a risk assessment as best he can with the time allowed, concluding that they are low risk and wait for feedback from Ofcom.

Ofcom has [12]produced a regulation checker to help organizations understand if the Act applies to them.

A spokesperson said: "We know there’s a diverse range of services in scope of the UK’s new online safety laws. The actions sites and apps will need to take will depend on their size and level of risk. We’re providing support to online service providers of all sizes to make it easier for them to understand – and comply with – their responsibilities.”

[13]UK government pledges law against sexually explicit deepfakes

[14]Now Online Safety Act is law, UK has 'priorities' – but still won't explain 'spy clause'

[15]EU attempt to sneak through new encryption-eroding law slammed by Signal, politicians

[16]It's ba-ack... UK watchdog publishes age verification proposals

As well as the Regulation Checker, Ofcom said it has an extensive program of work to make the regulations accessible, and compliance more easily attainable for all online services that fall in scope of the Act, which include many small or medium-sized enterprises.

In the next few weeks, Ofcom is set to launch a "Digital Support Service" consisting of interactive digital tools – accessible on the Ofcom website – for regulated organizations based on their perspectives and feedback. “Our first release will provide a four-step process for illegal harms, covering services’ risk assessment duties, Codes, and recordkeeping obligations,” it said.

Information published by Ofcom to help organizations and their lawyers achieve compliance with the new Act amounts to more than 2,000 pages. Hopefully, with the only tools promised in the next few weeks, smaller forums will be able to comply with wading through all the legal details.

What activity is the Online Safety Act trying to prevent?

Ofcom has tried to group “priority offences” into broad categories such as terrorism, hate offences, child sexual exploitation and abuse, and fraud and financial offences. They include, for example:

offences related to information likely to be of use to a terrorist and offences relating to training for terrorism

hate offences such as stirring up of racial hatred offence and stirring up of hatred on the basis of religion or sexual orientation

sexual exploitation of adults such as causing or inciting prostitution for gain offence

human trafficking

assisting or encouraging suicide offence

the unlawful supply, offer to supply, of controlled drugs, and the unlawful supply, or offer to supply, of articles for administering or preparing controlled drugs

weapons offences such as offences relating to firearms, their parts, ammunition, including air guns and shotguns

A full list of offences is [17]available from Ofcom [PDF].

Get our [18]Tech Resources



[1] https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer

[2] https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/codes-of-practice/

[3] https://www.theguardian.com/media/2024/dec/16/social-media-platforms-have-work-to-do-to-comply-with-online-safety-act-says-ofcom

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z4aYNiqfLBQIO550D_86ewAAAQI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z4aYNiqfLBQIO550D_86ewAAAQI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z4aYNiqfLBQIO550D_86ewAAAQI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.lfgss.com/profiles/47686/

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z4aYNiqfLBQIO550D_86ewAAAQI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z4aYNiqfLBQIO550D_86ewAAAQI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://www.theregister.com/2024/02/16/dark_web_kids_limit_uk/

[12] https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/check/

[13] https://www.theregister.com/2025/01/09/uk_government_promises_law_against_deepfake_smut/

[14] https://www.theregister.com/2024/11/21/online_safety_act/

[15] https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/

[16] https://www.theregister.com/2023/12/05/uk_age_verifcation_proposals/

[17] https://www.ofcom.org.uk/siteassets/resources/documents/online-safety/information-for-industry/illegal-harms/overview-of-illegal-harms.pdf

[18] https://whitepapers.theregister.com/



Just another example...

Anonymous Coward

...of clueless government ministers failing to have basic grasps of technology and the web.

Re: Just another example...

Headley_Grange

Why is it less important to protect people on a small site than it is on a big site? Sure, it's expensive, but you can make exactly the same argument for health and safety legislation; big chain stores should have to make sure their products are in date and the shop isn't a dangerous place to walk around cos they can afford it but it's too expensive for small shops to do that so they shouldn't have to do anything to make their shops safe and they can sell out-of-date food if they want to.

Re: Just another example...

Anonymous Coward

Shops aren't run by hobbyists doing it out of love and passion. They're businesses. And use by dates are easier to define than "hate speech" or whatever else people are meant to be protected against.

Re: Just another example...

Headley_Grange

So - why is it OK that people aren't protected when they are on a hobby site?

Re: Just another example...

Anonymous Coward

You think that these new laws are going to meaningfully protect people? They are largely a bureaucratic burden that is more likely to stifle and kill off small positive sites than reduce existing problematic behaviours. We will lose more than we will gain.

There are already laws protecting against defamation, harrassment, hate, etc - so people are not without protection; the problem is getting the existing laws applied. Got a problem, take a crime report number.

Small shopkeepers are required to ensure that their properties are safe (just as homeowners are rerquired to ensure their homes are safe for visitors - even uninvited ones); shopkeepers are also subject to merchantability laws. However, they might not be required to do all the same paperwork or meet all the same standards as a large store simply because the degree of risk is much less with around 50 visitors a day compared with 2000 a day.

Unfortunately this looks like typical UK 'gold plated' legislation dreamt up by professional bureaucrats and written in the broadest catch-all terms. Ministers will once again say that "it is not intended to ..." - but these words are worthless as it is only the words written in the statute that will be used in determining the application of the law.

For the tech giants the penalties might be a rounding error in their legal department's budget, for small concerns it will be a death knell. Why would anyone want to volunteer to do something positive when the consequences could be personal ruination.

Re: Just another example...

Headley_Grange

You still haven't answered the question - and I suspect that no one will. Small shops have exactly the same health and safety responsibilties as large shops and the law makes no recognition of size of the business in the case of an H&S breach.

The main problem here is the prevailing view that everything on the internet should be free. If these small hobby sites are so useful to their members then their members won't mind paying a nominal fee to use them and that fee could be used to pay for compliance. You can imagine a Shopify-type setup which provides a compliant set of policy and procedure docs, online training and away you go - follow the rules and you're OK. The problem is, of course, that no matter how "valuable" these sites are claimed to be for their users, when that value is tested then most of the time they come up wanting and about 0% of their users are willing to pay a few quid a year to use them. I really like the Reg. It's the only tech site I read and the only internet site I comment btl on, mainly cos its a nice relatively twat-free zone and there's no stress coming here - not even the downvotes I'll get for these posts. If the Reg started charging me to have an account for commenting I'd stop commenting and if the Reg went behind a paywall I'd almost certainly stop reading it.

Re: Just another example...

Fonant

You've answered your own question: "If the Reg started charging me to have an account for commenting I'd stop commenting and if the Reg went behind a paywall I'd almost certainly stop reading it."

Small hobby forums only exist because they're free to use, and run by volunteers. They provide much useful benefit and almost entirely zero risk of being used for online harm.

This is nothing like a shop, which is a business. It's more like requiring all community noticeboards to be risk-assessed and monitored by a named person just in case someone pins up a pornographic image: it's possible that someone could do so, but vanishingly unlikely.

Re: Just another example...

Killing Time

'the law makes no recognition of size of the business in the case of an H&S breach.'

Wrong. The Health and Safety at Work Act applies to all organisations above a certain level of employees. The mantra being ' 5 or more or over 4'

Re: Just another example...

Headley_Grange

The H&S act applies to all businesses. If someone gets killed or injured in a place of business because the business owner is negligent there is no defence of "there are only two employees so we don't have to do H&S".

Re: Just another example...

Killing Time

Again, you are wrong. The Act applies as stated previously therefore 'the law does make recognition of size of the business in the case of an H&S breach.'

That doesn't mean to say that just because you have less employees than specified you are are absolved of all responsibilities. It the case of your ludicrous ' selling out of date food' scenario the 'Act' wouldn't apply for any size of organisation however other legislation would. Most likely in that case it would be covered by Trading Standards legislation.

In the case of 'someone gets killed or injured in a place of business because the business owner is negligent' other overlapping legislation would apply if the organisation is smaller than the stated requirements but not the H+S at Work Act.

Re: Just another example...

Andy 73

I think you're unwilling to accept the answers that have been given. This legislation applies right down to a village run website, which will never have sufficient traffic or 'value' (in your miserable monetary sense) to justify or pay for someone doing a few days worth of legally consequential work.

And the obligation is so severe and vaguely worded that it is like asking your local village store to provide complete supply chain tracking for anything they sell, or face a multi million pound fine.

Most of your argument is the usual 'think of the children' nonsense, relying on the fallacy that no amount of busy work is too much if there is some vague threat that it might tangentially prevent.

Re: Just another example...

John Robson

"So - why is it OK that people aren't protected when they are on a hobby site?"

The question is invalid - it presupposes that they *are* protected elsewhere, or that the actions to be taken will meaningfully protect them.

Re: Just another example...

Yet Another Anonymous coward

Yes but this is more like having your corner store get a team of lawyers to confirm in writing with each of their suppliers that their products don't contain weapons of mass destruction.

Fairly easy if your Costco, a little expensive for a corner shop.

Re: Just another example...

abend0c4

Corner stores have exactly the same liability for the goods and services they provide as do multiple retailers. And, in reality, it's corner stores that are more likely to be selling counterfeit products and knocked-off stock. Yes, it's harder to make a profit on small margins at small volumes but that's not usually an acceptable excuse for lower standards.

Community websites were previously liable to the same extent as big tech for compliance in areas such as libel and illegal contents. They really ought already to have a policy for dealing with it. In future the responsibilities will be more proportionate to the scale of the risk.

What's new is that you must conduct a risk assessment - that doesn't require lawyers or, for most cases, a great investment of itme. But it does require thinking about the possible consequences of what you're doing. If the risk is low, you need to have a stated content policy, a clear channel for reporting inappropriate content and a mechanism for removing it. That's not much different to your current responsibilities, except it's now explicit.

There's an entry-level of responsibility in providing services of all kinds. In this case it's pretty minimal. If you don't want even that level of responsibility, don't do it. There are plenty of other places you can take your group conversation where it's already taken care of. If you want to volunteer to work with children or vulnerable adults - or even provide community meals in the local church hall - you'll be dealing witch considerably higher compliance requirements for activities of considerably greater social value.

Re: Just another example...

Yet Another Anonymous coward

But this doesn't scale with the goods. The corner shop buys the goods from reputable wholesalers and assumes they are responsible for the quality that they pay for,

This is like putting all the health and safety requirements for the entire supply chain on the teenager at the counter.

The reason is obvious, the lobbyists paid for the legislation, small local community PHP forums will close down and you will be forced to move your parish Bell Ringing meetup to Whatever-Facebook-Is-Called-Today and the failed cabinet minister behind this will be given the job of vice-president of community at Whatever-Facebook-Is-Called-Today

Something tells me...

Mentat74

This is all designed to put an extra burden on small players while the big ones just shrug their shoulders and continue doing whatever they where doing...

(I can definitely see Ofcom getting a poop-emoji from Twatter as a reaction to their request...)

Re: Something tells me...

Andy 73

Government has been almost completely captured by the global corporations, who long ago realized that almost all regulation was to their benefit. The rest of the harm has been done by bureaucrats who only want to expand their department.

Re: Something tells me...

John Sager

This! Very definitely. We've seen the burden of State control of us proles increasing steadily over at least the last 2 decades. It's not just a Left- wing thing either - the Tories seem to have been just as willing to circumscribe our freedom to do stuff in the name of various Menckenian Hobgoblins.

AVR

Besides the direct compliance costs there's the risk of trolls shutting down the site and exposing the operators to liability by putting up objectionable material and reporting it. There's possible ways around that, but they either kill engagement on the site or require more investment in tech &/or moderators than a single forum operator is likely to be able to handle. This act is going to kill a lot of UK blogs and forums, and I really doubt it's going to put a dent in the availability of child porn or terrorists info or drugs.

Yet Another Anonymous coward

No but it does help big sites remove the competition. Handy if you're a deputy PM hoping for a job when you lose an election

KittenHuffer

I get the feeling that many non-UK websites may end up geofencing the UK so as to not have to worry about this legislation. And the UK websites will end up closing down.

Guess I'm gonna have to start using my VPNs geolocation changing facility, and start visiting non-UK websites.

.

Is TheReg having to go through this BS as well?

Dan 55

"Below-the-line" comments [1]are exempt , but then again have you seen the comments on the Mail, Sun, BBC Speek Yur Brainz, etc...? Perhaps they should be covered after all.

[1] https://www.taylorwessing.com/en/interface/2022/the-online-safety-bill---the-uks-answer-to-addressing-online-harms/online-safety-bill-are-you-caught

Tom 38

El Reg doesn't just have comments on stories, there is a whole [1]user forums section too

[1] https://forums.theregister.com/section/user/

Dan 55

I forgot about them. Probably as good a reason as any to knock them on the head, they're pretty dead.

devin3782

I thinik theres possibly another way this could be achieved would be to have a DNS record similar to the SFP for email. It could work thus:

TXT "child-safe:true, min-age=13, country=GB"

min-age (see film classifications or something similar)

country (2 letter country code)

- Any website without this record is classed as child unsafe by default.

- Perhaps social media sites could be classed as adult only by default (we'll simply single out the big ones here: any owned by publicly traded company )

- Parents enable parental controls, any time their kid goes to a new website with say a PG or is less than their age the parent gets a notification of the URL so they can check the site and has a log of what they're looking at, then the parent can allow or deny. This should be pretty trivial to implement on all devices and can operate solely on those devices i.e. doesn't need the cloud to compute whether a site is safe or not.

Obviously this is still marking your own homework, but so is the current law also who decides what's safe for their children? the current law doesn't define it and its moving goal posts this gives the tools to parents. The nice thing is this would work globally for everyone, although the age classifications depending on territory could be challenging... but DNS zoning does exist so maybe it would work even with that and using a VPN to a different country.

Scotech

Connect to a VPN, or even directly to a website, by its raw IP address then, and bypass the whole DNS palaver. Or use DoH. Or a private proxy server running on a domain you control. All stuff I could do at 13 (except for DoH, which mercifully hadn't been invented then, and never should have been, IMO) and presumably many more teens could today.

There's no technical solution here that works for all cases, or that can't be circumvented somehow. The solution isn't to try to legislate or solutionise the problem away, but to apply the existing laws properly, fund police forces to run proper cyber-crime divisions, and tell parents to stop being lazy and pay more attention to what their kids are doing on the computer.

On that last note - I was 15 before I got a private computer in my own room. Prior to that, all my screen time was monitored because the family PC was in the living room, with the screen in full sight from there and the kitchen at all times. And I had a mobile, but I didn't get a smartphone until I was away on my own - prior to that, all I got was a dumb Sony Ericsson, and it did me just fine. If parents want to control their kids' access to the web, they don't need fancy technological solutions, they just need to pay attention and put in a little effort!

Yet Another Anonymous coward

Wouldn't a bit field be more flexible?

Then you can code if your 21 year old can see boobies but not alcohol

Or your 12 year old can see ads for machine guns but not Kinder Surprise

offences related to information likely to be of use to a terrorist

heyrick

Oh piss off.

That's stupidly vague. A train timetable could be information of use to a terrorist, in the right circumstances.

Re: offences related to information likely to be of use to a terrorist

heyrick

Reading on in the linked document:

"Possession of extreme pornography offence" - kindly define extreme.

"Offences related to articles for use in fraud" - to silence criticism of the banking industry? They're the biggest fraudsters around.

"Foreign interference offence" - so why haven't they demanded Musk be extradited?

Re: offences related to information likely to be of use to a terrorist

Yet Another Anonymous coward

>kindly define extreme.

Anything you wouldn't want your wives or servants to see. Especially anything involving game keepers.

Can probably be ignored.

Licensed_Radio_Nerd

This will be a bit like speed-limits on the roads. It is only enforced if you have resource to catch people. Ofcom lack the ability to police and protect the radio spectrum (outside of safety-of-life services). I cannot see, short of employing thousands of people, how they can police every web-forum (and others) in the UK. And what if you set-up your forum with a non UK gTLD and claim it is outside the UK? They are going to have to pester a lot of DNS registrars to find out who owns what in order to chase them.

Re: Can probably be ignored.

I could be a dog really

But, the corollary is that they can take action against anyone if they have a reason to. So "small forum with no problems" could be trolled & reported, then OfCon prosecute the person who runs it who ends up with a criminal record and their life ruined. That's quite a risk.

Re: Can probably be ignored.

Anonymous Coward

It looked to me that the penalties were civil, not criminal. Perhaps I missed something?

Re: Can probably be ignored.

Anonymous Coward

Unless they decide it comes under some vaguely defined terrorism or computer misuse act - but that would never be misused for trivial offenses

#include < stories_of_local_council_using_RIPA_fly_tipping_dog_shit_leaving >

Re: Can probably be ignored.

keithpeter

I suspect the concern is the amount of work needed to have the risk analysis document and the relevant counter-measures ready just in case that is the issue.

I gather that OFCOM has to finance all activity under this act through fines received so I suspect they will be after larger concerns that are flagrant in their defiance initially.

Game over for Web 2.0 in the UK.

Tron

Unless you have a corporate level legal dept., you may as well take down all Web 2.0 interactivity.

So, why is it like this? Three reasons. Some folk in government want to end the ability of individuals to broadcast their opinions or dirt they have on the wealthy and powerful - #MeToo etc. The Horizon scandal took years of concerted pressure from 'Private Eye' to gain traction. The #MeToo movement was much quicker. Public voices on the net make it harder for the rich and powerful to get away with corrupt and evil stuff and hide their failures, so obviously they will suppress Web 2.0. Second, incompetence - the British govt. lacks competence all over, and decent, competent people just don't want to work with them [in part because they do stuff like this]. Finally, activists. This is the age of the screechy activist. Protect the children from the evil internet. Because they were all fine before the net, and their parents have no role in such things. One person suffering from hurt feelings is one too many. Nazi types can leverage this into bans very easily.

China, Russia and Iran already do this. Australia and the EU will follow the UK. Our internet is being taken away from us piece by piece, because it empowered us at the expense of the idiots who ru(i)n our countries.

What can we do? Some distributed services may fill in the gap, but we are in the same place as the Chinese and the others - we can do toss all. Just hate your government for what it is doing and what it is taking away from you. Vote whatever regime you have out at the earliest opportunity. What replaces them won't be any better, but seeing a bunch of them forced to remove their snouts from the trough for what they have done, and leave, feels good. It's all we have as the quality of life in our Orwellian dystopia continues to decline.

Brewster's Angle Grinder

I haven't looked at the legislation, yet. But if you are a small, text-based forum, do you even need to bother with the risk assessment? You, ahem, do it when Ofcom write to you and backdate it knowing every case will be low risk.

There will always be beer cans rolling on the floor of your car when
the boss asks for a lift home from the office.