PART 3Providers of regulated user-to-user services and regulated search services: duties of care
CHAPTER 2Providers of user-to-user services: duties of care
Illegal content duties for user-to-user services
I1I39Illegal content risk assessment duties
1
This section sets out the duties about risk assessments which apply in relation to all regulated user-to-user services.
2
A duty to carry out a suitable and sufficient illegal content risk assessment at a time set out in, or as provided by, Schedule 3.
3
A duty to take appropriate steps to keep an illegal content risk assessment up to date, including when OFCOM make any significant change to a risk profile that relates to services of the kind in question.
4
Before making any significant change to any aspect of a service’s design or operation, a duty to carry out a further suitable and sufficient illegal content risk assessment relating to the impacts of that proposed change.
5
An “illegal content risk assessment” of a service of a particular kind means an assessment of the following matters, taking into account the risk profile that relates to services of that kind—
a
the user base;
b
the level of risk of individuals who are users of the service encountering the following by means of the service—
i
each kind of priority illegal content (with each kind separately assessed), and
ii
other illegal content,
taking into account (in particular) algorithms used by the service, and how easily, quickly and widely content may be disseminated by means of the service;
c
the level of risk of the service being used for the commission or facilitation of a priority offence;
d
the level of risk of harm to individuals presented by illegal content of different kinds or by the use of the service for the commission or facilitation of a priority offence;
e
the level of risk of functionalities of the service facilitating the presence or dissemination of illegal content or the use of the service for the commission or facilitation of a priority offence, identifying and assessing those functionalities that present higher levels of risk;
f
the different ways in which the service is used, and the impact of such use on the level of risk of harm that might be suffered by individuals;
g
h
how the design and operation of the service (including the business model, governance, use of proactive technology, measures to promote users’ media literacy and safe use of the service, and other systems and processes) may reduce or increase the risks identified.
6
In this section references to risk profiles are to the risk profiles for the time being published under section 98 which relate to the risk of harm to individuals presented by illegal content.
7
See also—
b
Schedule 3 (timing of providers’ assessments).
I2I410Safety duties about illegal content
1
This section sets out the duties about illegal content which apply in relation to regulated user-to-user services (as indicated by the headings).
All services
2
A duty, in relation to a service, to take or use proportionate measures relating to the design or operation of the service to—
a
prevent individuals from encountering priority illegal content by means of the service,
b
effectively mitigate and manage the risk of the service being used for the commission or facilitation of a priority offence, as identified in the most recent illegal content risk assessment of the service, and
c
effectively mitigate and manage the risks of harm to individuals, as identified in the most recent illegal content risk assessment of the service (see section 9(5)(g)).
3
A duty to operate a service using proportionate systems and processes designed to—
a
minimise the length of time for which any priority illegal content is present;
b
where the provider is alerted by a person to the presence of any illegal content, or becomes aware of it in any other way, swiftly take down such content.
4
The duties set out in subsections (2) and (3) apply across all areas of a service, including the way it is designed, operated and used as well as content present on the service, and (among other things) require the provider of a service to take or use measures in the following areas, if it is proportionate to do so—
a
regulatory compliance and risk management arrangements,
b
design of functionalities, algorithms and other features,
c
policies on terms of use,
d
policies on user access to the service or to particular content present on the service, including blocking users from accessing the service or particular content,
e
content moderation, including taking down content,
f
functionalities allowing users to control the content they encounter,
g
user support measures, and
h
staff policies and practices.
5
A duty to include provisions in the terms of service specifying how individuals are to be protected from illegal content, addressing each paragraph of subsection (3), and (in relation to paragraph (a)) separately addressing terrorism content, CSEA content (see section 59 and Schedule 6) and other priority illegal content.
6
A duty to apply the provisions of the terms of service referred to in subsection (5) consistently.
7
8
9Additional duty for Category 1 services
A duty to summarise in the terms of service the findings of the most recent illegal content risk assessment of a service (including as to levels of risk and as to nature, and severity, of potential harm to individuals).
Interpretation
10
In determining what is proportionate for the purposes of this section, the following factors, in particular, are relevant—
a
all the findings of the most recent illegal content risk assessment (including as to levels of risk and as to nature, and severity, of potential harm to individuals), and
b
the size and capacity of the provider of a service.
11
In this section “illegal content risk assessment” has the meaning given by section 9.
12
See also, in relation to duties set out in this section, section 22 (duties about freedom of expression and privacy).