unphish
unphish unphish

United Kingdom – Online Safety Act 2023

Understanding and operationalising the UK’s Online Safety Act, enabling platforms to reduce illegal activity risk, strengthen user protection, and meet evolving regulatory expectations with confidence.

A New Duty of Care Framework for Online Safety in the UK

The UK Online Safety Act establishes a duty of care framework for in scope user to user services and search services, supported by Ofcom codes of practice and phased implementation. The Government’s explainer is explicit that services must implement systems and processes to reduce the risk their services are used for illegal activity and to remove illegal content when it appears.

The regime includes illegal content duties, underpinned by risk assessments and proactive measures for priority offences. Official guidance also frames fraud as within scope of the illegal content and activity the Act targets, alongside other categories of harm. Enforcement is supported by Ofcom’s powers, including significant financial penalties and strong supervisory mechanisms.

Implementation is being delivered in phases, led by Ofcom, with duties and codes taking effect progressively through 2024 to 2026, reflecting the scale of changes required across the online ecosystem.

Regulatory Priorities

Key Regulatory Shifts Under the Online Safety Act

The Act introduces enforceable obligations requiring platforms to proactively manage illegal content risks and demonstrate accountability at scale.

Illegal Content Duties

Mandatory systems and processes to identify, mitigate, and remove illegal content, including fraud and scam activity.

Risk Assessment Frameworks

Ongoing risk assessments to evaluate exposure to illegal harms and inform proportionate mitigation strategies.

Proactive Prevention Measures

Implementation of safeguards to prevent priority offences before they occur, not just reactive enforcement.

Ofcom Oversight & Enforcement

Regulatory supervision supported by strong enforcement powers, including significant financial penalties.

Transparency & Accountability

Clear documentation, reporting, and auditability of moderation, enforcement, and risk management decisions.

Phased Implementation

Progressive rollout of duties and codes between 2024–2026, reflecting the scale of operational change required.

Operational Impact

What This Means for Organisations

The Online Safety Act requires organisations to move beyond reactive moderation toward structured, risk-driven safety operations.

Organisations must demonstrate:
  • Continuous monitoring of services for illegal activity, including fraud and scams
  • Risk assessments that inform proportionate safety and enforcement measures
  • Rapid detection and removal workflows for illegal content
  • Clear audit trails supporting regulatory scrutiny and internal governance
  • Ongoing improvement of systems to address evolving threat patterns

This requires operational maturity across detection, enforcement, intelligence, and compliance reporting.

Operational Obligations

Core Operational Obligations Under the Online Safety Act

Defines how organisations must implement detection, risk mitigation, and enforcement processes to meet regulatory obligations at scale.
Monitoring & Detection

Continuous identification of illegal activity, including impersonation, scams, and fraudulent infrastructure.

Risk Assessment & Mitigation

Structured evaluation of platform risks with aligned controls to reduce exposure.

Enforcement & Takedowns

Timely removal of illegal content and disruption of harmful activity across channels.

Audit & Evidence Management

Comprehensive documentation of actions, decisions, and outcomes for compliance validation.

Intelligence & Pattern Detection

Identification of repeat offenders, coordinated campaigns, and evasion tactics.

Regulatory Reporting Readiness

Preparedness to meet Ofcom expectations for transparency, reporting, and compliance assurance.

Capability Alignment

How unphish Aligns with the Online Safety Act

unphish supports the Act’s duty of care model by enabling demonstrable, repeatable reduction of scam and fraud exposure and rapid disruption when illegal activity is identified.

Continuous Monitoring

Persistent detection of impersonation, scam campaigns, and fraudulent infrastructure targeting UK users and services.

Rapid Disruption & Enforcement

Accelerated takedown workflows that reduce exposure windows across web, social, and brand impersonation channels.

Compliance-Ready Evidence

Evidence packs and audit trails that support Ofcom style scrutiny and internal compliance assurance.

Risk Intelligence & Insights

Actionable intelligence supporting risk assessments, including repeat campaign detection and evasion patterns.

Online Safety Act Compliance

Operationalise Online Safety Act Compliance with Confidence

Align your platform with UK regulatory expectations through measurable risk reduction, rapid enforcement, and audit-ready compliance workflows powered by unphish.
Request a Consultation

Create your account