Ofcom has published a consultation and draft guidance on ‘Online Safety Transparency’ as it continues its programme of work to implement the Online Safety Act 2023.

The central focus of the consultation and draft guidance is on the content of, and process relating to, so-called ‘transparency reports’ which, under the Act, must be published annually by those online services that are designated by the Government as ‘categorised services’. The documents explain that transparency reporting will play a significant role in the wider online safety regime by (1) “encouraging services to improve their safety practices in a way that results in better safety outcomes for UK users on their service”, and (2) “increasing users’ understanding of regulated services, enabling them to make informed choices about how they spend their time online”.

In terms of the process that Ofcom envisages being rolled out, the consultation document explains that once the Government sets the thresholds for the categorisation of services (following advice from Ofcom, which we’ve commented upon here), Ofcom will publish a Register of Categorised Services, setting out those services that will be subject to additional duties, including producing transparency reports. Ofcom states that as soon as the Register is published, it will prepare and send draft transparency notices to these service providers, allowing them the opportunity to make written representations about the information that they will be required to produce in the report before the notice is formally issued. Once a notice is formally issued, Ofcom states that, depending on the scope and nature of the information required by the notice, services will have between 2 and 6 months to produce their reports.

The content of any transparency report will depend upon the nature of the transparency notice that Ofcom issues to any particular online service. Schedule 8 of the Act already outlines the broad range of information that Ofcom can require from user-to-user services and search services, including matters relating to the service itself (i.e. its design, processes, and user base), the incidence of regulated content on the service, and the safety measures adopted by the service for the purposes of complying with the Act. The draft guidance sets out examples of the types of information that might be required in relation to each of these matters, as well as the principles and factors that will be considered when Ofcom determines the content of a transparency notice.

More broadly, the draft guidance explains that Ofcom has identified ‘certain key principles’ that will inform its determination of what information it will require from services in their transparency reports. First, it states that it wants to “ensure that the information we request is not only relevant to the service(s) in question, but also appropriate to ask for in the circumstances having regard to our strategic priorities. Our overall intention is for the reports produced by categorised services to be sufficiently tailored to ensure that they reflect the way in which each service is designed, used and operated, whilst also being sufficiently standardised to allow for meaningful comparison in certain areas.” Second, Ofcom commits itself to acting ‘proportionately’ in its decision-making and only to consider requesting “information that is necessary for the purpose of helping us meet our aims and policy objectives. We also recognise that providers record information in different ways, and face different challenges in producing it to fit certain specifications, so will take steps to ensure that the requirements are not unduly onerous”.

In applying these principles, Ofcom will “always take account” of the factors set out in paragraph 37 of Schedule 8 to the Act (including the kind of service, the number of users, the capacity of the provider, and the proportion of users of the service who are children) and the draft guidance explores how each of these factors might be taken into account. In addition, Ofcom sets out two further factors that will affect the content of transparency notices. First, it will consider information that has already been published by the relevant services (whether voluntarily or pursuant to a request under other regulatory regimes) which will, in turn, help it assess what information it is feasible to accept the services to collect. Second, Ofcom will seek to draw a distinction between, on the one hand, information that services will be expected to provide consistently over time or to support Ofcom’s identification of patterns across the industry (so-called ‘core’ information requirements) and, on the other, information that will be requested on an ad-hoc basis (so-called “thematic” information requirements).

The draft guidance also touches upon how information from providers’ transparency reports will be used by Ofcom to produce its own transparency reports, as well as Ofcom’s approach to compliance and enforcement in the event that a service fails to comply with its obligations. Finally, Ofcom makes clear that it is committed to “engage with providers during each transparency reporting cycle to inform decisions about information requirements and improve providers’ understanding of the transparency reporting regime”.

The consultation will be open until 4 October 2024, and both it and the draft guidance can be read here.