UK Online Safety Regulations and impact on Forums

[robt]

But that is only relevant to one of the 17 types of harm, and also seems to be only relevant to porn sites. Not hamsters

Is there any detail / specific guidance that states the age verify is porn specific? Info I have had is that it is not limited to that.

(Also, I don't want to judge if people think hamsters are sexy )

 

[chillibear]

I think

If Xenforo could include legal age verification I might start my two remaing ones back up again - maybe. One of three is completely deleted as it was dead anyway.

I suspect my solution might be a bit "involved" (you'd have to be comfortable on a *NIX shell since it's not an XF add-on (ruby gem)), still baring a minor issue which I hope I can iron out with the supplier I'm moderately happy with it. I think it probably needs a little more real world testing before it was used too much. The Stripe system is quite clean and would integrate fairly neatly (still I'll use what I have for now), I'd probably still do that with the same approach - off the back of an account upgrade over doing it at registration. However that's mostly because I don't intend to pay for my users' checks, being a stingy old git I'm going to make them pay for it!

Is there any detail / specific guidance that states the age verify is porn specific? Info I have had is that it is not limited to that.

(Also, I don't want to judge if people think hamsters are sexy )

Hamster pr0n aside, if you run a site with pornography you HAVE to have age verification. Other sites don't have to have it. The only issue is that if you don't have age verification then Ofcom essentially say you have to assume some of your users might be children and take the appropriate steps in your risk-assessments / actions. So having age verification might make it somewhat less onerous to meet the Ofcom guidance.

 

[Alvin63]

But that is only relevant to one of the 17 types of harm, and also seems to be only relevant to porn sites. Not hamsters

The way I read it is you're responsible for not letting under 18's see anything inappropriate. My concern was spammers getting through and posting stuff and not getting removed quickly enough. Thinking of that recent situation on Mumsnet. Also the odd hostile argument between members etc

If there are verifiably no under 18's then that removes part of the issue.

 

[Mr Lucky]

there are verifiably no under 18's then that removes part of the issue.

I didn’t actually see that part. Regarding (their words) effective age verification was in regard to pornography sites.

 

[Alvin63]

Sorry just updated my previous post Re hassle!

 

[robt]

Hamster pr0n aside, if you run a site with pornography you HAVE to have age verification. Other sites don't have to have it. The only issue is that if you don't have age verification then Ofcom essentially say you have to assume some of your users might be children and take the appropriate steps in your risk-assessments / actions. So having age verification might make it somewhat less onerous to meet the Ofcom guidance.

Yes - would agree with all that. Sites without the age gate need to assume there might be kids on there, and then mitigate appropriately - which is a bit more involved / increased risks (IMHO).

If only OFCOM were useful, eh? A zoom call the other day was utterly pointless. "We cant answer that as we dont have lawyers in the room" type answers... cheers lads, we don't either, and hoped you knew what you were doing to tell us specifics.

 

[Alvin63]

Just wondering how all this applies to a place like Discord. Are Discord the ones liable for complying, or are they passing that responsibility onto individual server owners?

 

[robt]

Discord are.

Whatsapp was another similar example on OFCOM call, they were clear it is Whatsapp seen as the entity responsible and the sub groups - even though there is admin powers on content and membership - not Whatsapp group admins/creators. A rare bit of certainty.

 

[Alvin63]

Makes me wonder if a lot of accounts will get banned and closed for the slightest thing now. A group of my members set up a facebook page when that forum was closing and that got suspended quite quickly. Never did like Facebook - just my opinion!

 

[Mr Lucky]

A group of my members set up a facebook page when that forum was closing and that got suspended quite quickly.

Did they give a reason?

 

[Alvin63]

Did they give a reason?

No they tend not to I think. It just said suspended account and you can appeal. Once it's suspended that's it! Unless you appeal. It gives a list of reasons why an account could be suspended, so could be any of them. But I suspect it's when you open an account without a real name. Another reason was a lot of activity on a new account that might looks suspicious. Maybe a bot thing if a new group opened and loads of people joined at once.

 

[Alvin63]

These are some of the things I read. It's not very clear but the pdf download on the site for record keeping has a lot more info on it and seems to also be the written risk assessment, which needs emailing to Ofcom. So if everyone has to do a child assessment then it seems to me that everyone has to email their risk assessment to Ofcome. On that form you have to put the name of the person accountable. I'll try and find the bits that said

The accountable person's name needs to be published on the website

All sites need to do a child risk assessment and it seems clear that age verification is needed because it says unless you have age verification it can be assumed that children can access all or part of your site. So that is all sites as I read it. Sounds like they assume that even if it's a safe site, it can't be assumed to be safe.

 

[Alvin63]

There is more info on this pdf download as well where it shows what record keeping you need to have done and have available to see (lengthy thing with a lot of boxes to tick and fill in) and how often it will be reviewed, when it will be updated etc. It was all the paperwork that put me off mainly. Ok so it's only once a year but .....it's time. The document has to have the name of the accountable person on. Although it says it's the record keeping document, it's also a detailed risk assessment document.

It's quite intrusive in a way. Asks lots of questions for you to record when considering your risk assessment. Do you have hyperlinks in messages? Are photos or videos uploaded etc etc.

 

[Alvin63]

"Unless you are already using highly effective age assurance and can evidence this, we anticipate most of these services will need to conclude that they are likely to be accessed by children".

So either you have one of their stipulated age verification systems or you have to complete a child assessment by 16 April

The second screenshot shows what they accept as age verification

Age checks to protect children online

Children will be prevented from encountering online pornography and protected from other types of harmful content under Ofcom’s new industry guidance which sets out how we expect sites and apps to introduce highly effective age assurance.

www.ofcom.org.uk

 

[bzcomputers]

You can tell just by the wording this was a little rushed and not very well thought out. That said... as far as I can tell the requirement for a "highly effective age assurance process" is only currently a requirement for pornography sites/adult content and they require that process to be in place by July 2025.

If your site is not a pornography/adult content site, then your requirements for running a user to user service, also known as a Part 3 site (e.g. forum) are to carry out a Child Access Assessment. This should be done by April 16, 2025 if your site was up and running on January 16, 2025, if it wasn't then you have 3 months from the time it was/is up and running to complete the assessment. So what is the assessment? It basically a check you do and keep a personal record of, no reporting required.

Requirements for your Child Access Assessment:

• Your assessment must be recorded in an easily understandable form.
• Ensuring that the written record is legible and in as simple and clear language as possible.
• Keeping your written records in English.
• Ensuring you have dated your written record, reflecting when the record was made.
• Include any steps you take to 'mitigate and manage the risk of harm' for your users.
• Keep your written records.
• Repeat at least annually.

For most sites this should be quite simple, save a small text record annually covering the Children's Access Assessment process and requirements above.

After your Children's Access Assessment is complete, most forum sites will be shown to fall under "Service likely to be accessed by children", so they will also need to do a Children's Risk Assessment. What is it? Well, it's not setup yet. Nothing has really been updated online since its draft was posted in May 2024. It sounds like it will likely require some kind of online reporting, possibly a login and fill out a form. As of now there is nothing to do until they formalize it, which is expected soon - then you will have 3 months to comply from that date.

That's my interpretation.

 

[Alvin63]

Except if you have legal age verification you don't need to do the child assessessment and risk assessment

 

[robt]

"Unless you are already using highly effective age assurance and can evidence this, we anticipate most of these services will need to conclude that they are likely to be accessed by children".

So either you have one of their stipulated age verification systems or you have to complete a child assessment by 16 April

If your site is not a pornography/adult content site, then your requirements for running a user to user service, also known as a Part 3 site (e.g. forum) are to carry out a Child Access Assessment. This should be done by April 16, 2025 if your site was up and running on January 16, 2025, if it wasn't then you have 3 months from the time it was/is up and running to complete the assessment. So what is the assessment? It basically a check you do and keep a personal record of, no reporting required.

^ This is my understanding as well

I don't fully understand what needs to be in the CAA yet or what/if risks identified need sorting though

 

[robt]

New press release from OFCOM today https://www.ofcom.org.uk/online-saf...t-start-tackling-illegal-material-from-today/

 

[ForumFan]

I think there's good motivation behind it, to protect kids in a world of online everything. I think terrorism online is maybe not that common! Suicide groups etc. It's protecting people. BUT - it seems a bit thrown together in a hurry and some bits don't seem quite right or well explained - it's like - do something or else by x day, but we haven't finished telling you exactly what you need to do, when yet and have more to come.

“Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.”​

― William Pitt the Younger (one of your own, ironically)

I really do feel bad for those who own forums over there. The regulations and interpretations I've seen here are truly dizzying!

 

[rogerl]

These are some of the things I read. It's not very clear but the pdf download on the site for record keeping has a lot more info on it and seems to also be the written risk assessment, which needs emailing to Ofcom. So if everyone has to do a child assessment then it seems to me that everyone has to email their risk assessment to Ofcome. On that form you have to put the name of the person accountable. I'll try and find the bits that said

The accountable person's name needs to be published on the website

All sites need to do a child risk assessment and it seems clear that age verification is needed because it says unless you have age verification it can be assumed that children can access all or part of your site. So that is all sites as I read it. Sounds like they assume that even if it's a safe site, it can't be assumed to be safe.


View attachment 320341


View attachment 320342

I don't think anyone here is running a Category 1 U2U service ie. > 7 million UK users. If you are, congratulations!
As such we don't need to send our risk assessments to Ofcom unless they demand it, we just have to have completed and documented them by yesterday and are now in the stage of mitigating any risks we have found as a result of that.

The Childrens access statement will need to be complete in a months time and if we don't have "effective age verification" we will then need to produce a Children's Risk Assessment - at least that is my take on it having read a gazillion pages of cross referenced documents and notes from Ofcom