The UK’s Online Safety Act Turns Two: What’s changed for children?
As the landmark legislation reaches a milestone, 5Rights examine progress, challenges and what comes next for children’s rights online.
As the Online Safety Act marks its second anniversary, some of its most significant duties are now in force – including those addressing illegal content and activity, and, crucially, children’s online safety. Earlier this summer, the Protection of Children Code officially took effect, marking a major milestone for the Act and a crucial step forward for children’s lives online.
This moment was years in the making. While the work is not finished, it lays the foundation for a safer digital world for children. But what do children themselves think about this progress?
Our Youth Ambassadors have been clear about what they need from the digital world. Haydn captures both the promise and the limitations of where we are today:
“Overall, the law is a good start, but we have got to keep speaking up if we want a digital world that’s actually made for us… the law is finally making tech companies to take this issue seriously.
But of course, I think there’s still more to do. Things like endless scrolling, autoplay or constant notifications, these features always keep young people glued to screens, and the law still doesn’t cover them yet.”
Haydn, 5Rights Youth Ambassador
Driving change through the Children’s Coalition
Following sustained campaigning from the Children’s Coalition, led by 5Rights, Ofcom has proposed new measures to address the specific risks posed by livestreaming. The regulator has also signalled that future Codes may require tech companies to consider age appropriate design – a key expectation of the Act and a cornerstone of our advocacy work.
But while this progress is encouraging, important gaps remain.
Closing the gaps: what still needs to change
At 5Rights, we champion a strong co-regulatory approach – one where regulators work with each other to protect children across the evolving digital landscape, from emerging challenges with AI to fundamental safety measures.
As services implement the Act’s requirements, age assurance measures must not only be effective but also privacy-preserving. Companies must be held fully accountable for meeting all their legal duties, including GDPR, to give the public confidence that the regulatory system protects both safety and privacy for children and adults alike.We remain concerned about Ofcom’s current approach to certain elements within the codes of practice. In some areas, the measures are overly narrow and incomplete. The Act’s purpose – to make online services safer by design – requires an outcomes-led approach, where compliance is judged by whether services actually reduce harm to children and prevent illegal activity online.
Without this, there’s a real risk that the “safe harbour” given to companies for following the measures will turn the need for action on children’s safety into a box-ticking exercise, rather than driving meaningful, systemic change.
Looking ahead, urgent action is needed to close the remaining gaps and ensure services take a truly holistic approach to safety by design – one that tackles persuasive design features and dark patterns head-on. The Government, Ofcom, and the ICO must work together to confront the tech sector’s ongoing disregard for children’s rights and end the misuse of children’s data, which strips them of agency and puts them at risk. The regulatory framework is in place: now it must be enforced with conviction.
Two years in, the Online Safety Act has made progress – but this is only the first step. The next phase must be about turning the ambition of Parliament, children, parents and civil society into accountability and enforcement to ensure that every child can participate in a digital world that respects their rights and allows them to thrive.