@neil my server is held together by duct tape, it being my old laptop that got a bit too friendly with a hard floor. I don't think ofcom's idea of negligible really matches that scale...
@neil my server is held together by duct tape, it being my old laptop that got a bit too friendly with a hard floor. I don't think ofcom's idea of negligible really matches that scale...
@neil I created a TTRPG website for my family during lockdown. It features chat and a shared whiteboard. I'm pretty sure it's an £18 million OSA risk now. #ttrpg #onlineSafetyAct
Sometimes, Ofcom bewilders me:
Ofcom has said that for small sites, the costs of complying [with the Online Safety Act] “are likely to be negligible or in the small thousands at most”.
Small sites, especially volunteer-run community sites, generally don't have "small thousands" to spend on legal advice. And even if they did, that's far from "negligible".
I have updated my page of sites shut down by / blocking users in the UK because of the UK's #OnlineSafetyAct for what might be the final time:
Ofcom guidance: "service providers should not host or permit content on your service that directs or encourages child users to circumvent the age assurance process or the access controls, for example by providing information about, or links to, a virtual private network (VPN) which may be used by children to circumvent the relevant processes."
If you run a forum about technology, say, your #OnlineSafetyAct obligations include censoring discussions of VPNs, Tor or other privacy-preserving tech.
So question for the OSA people out there: I’ve done a risk assessment for my mastodon instance (what a huge waste of time). Do I actually need to do anything with it, other than to keep it safe?
Do I need to publish it, or file it somewhere?
I'm now getting customers asking me how they can make their business #OnlineSafetyAct (UK) compliant.
These are small businesses who don't have any kind of forum or customer to customer interaction. Grrr.
There's still time to put pressure on the UK government.
The UK Secretary of State has the power to exempt small, safely moderated websites from the Online Safety duties.
We need urgent change to protect net plurality, rather than further consolidating power in monopoly platforms. We need competition for a safer Internet.
Write to your MP (UK) #SaveOurSites
https://action.openrightsgroup.org/save-our-sites-write-your-mp
The UK Online Safety Act comes into effect today.
Its onerous duties may cause many small sites, blogs and fedi instances to shut down or geoblock UK users when faced with potential fines and penalties.
This won't keep children safe. It'll benefit large platforms like Facebook and X that are laying waste to content moderation.
Ofcom’s risk assessment deadline has passed, and online platforms must now take action to protect users from illegal content and activity occurring on their platforms. Significant fines await those who fail.
https://www.computing.co.uk/news-analysis/2025/new-online-safety-act-measures-come-into-force
Just published the Online Safety Act pages for my two web applications.
Viking Mind (bookmarks, out of scope):
https://vikingmind.uk/online-safety-act
Pick a Date (polls + votes, in scope):
https://pickadate.uk/online-safety-act
Pick a Date will probably go through a couple more versions to tighten things up. I've also disabled comments on all my blogs.
Feels like a waste of time, but there's no exemption for small / low risk sites.
Shut vile death video site, families say, as Ofcom gets new powers
...
From Monday, Ofcom gets new powers to crack down on illegal content, but it may not be enough to close the site.
Ofcom has no powers to "shut" or "close" sites.
At most, it can seek an order from a court to compel ISPs on the UK to attempt to block access (which probably means abusing DNS).
And from the summer all sites must have robust age verification systems to prevent children accessing a range of content.
No, they don't.
Bravo, BBC. Another excellent job reporting the facts there.
I spent a good chunk of my weekend helping people running tiny, low risk, online services complete paperwork about the UK’s Online Safety Act, for zero discernible benefit.
So it is a bit galling that the main headline on the BBC this morning is about the government wanting to “slash red tape”.
I have spent one heck of a lot of time on the OSA, trying to help others with its burden, and it just seems so utterly unnecessary.
When it comes to blogs, Ofcom says one thing, the UK Online Safety Act says another.
This lack of clarity over whether blogs with comments are exempt will push small sites to shut down completely.
We need the UK government to tighten up the definitions and exemptions in the Act.
Read our explainer for more detail https://www.openrightsgroup.org/blog/save-our-sites-deadline-17-march/
Under the UK Online Safety Act, small blogs, forums and fedi instances are faced with disproportionate requirements to:
️ Check if they have UK users
️ Do a risk assessment on whether kids might access the content, or if CSAM or terrorist material might be posted in the comments
️ Put themselves at the risk of fines, and even prison sentences, if they fail to comply with Ofcom’s future directives
The UK Online Safety Act burdens small sites with duties and penalties that they can't shoulder. They'll shut down instead, stripping us of net plurality.
There’s a simple solution:
Exempt small, safely run blogs, forums and fedi instances
The government can do this now
The duties start TOMORROW – Write to your MP
https://action.openrightsgroup.org/save-our-sites-write-your-mp
Saddling small sites with the same duties as huge platforms means many will shut down in a hammer blow to net plurality.
We'll be left with the Sophie’s choice of monopoly services; the incubators of online harms.
URGENT: The UK government must change the Online Safety Act to protect safe, non-commercial blogs, forums and fediverse.
Write to your MP to #SaveOurSites
https://action.openrightsgroup.org/save-our-sites-write-your-mp
On second thought:
Even calling this age ‘verification’ seems overly optimistic. There is no verification at all …
Hm. Looks like mastodon is gonna get some very basic age verification tools
I have a feeling that that in its current form without audit trail likely won’t suffice to really change anything for OSA compliance?