“Ofcom’s role will be to force firms to tackle the causes of online harm by making their services fundamentally safer.” - Ofcom

The United Kingdom’s Online Safety Act (OSA) received Royal Assent on 26th October 2023 and became law. The act will empower Ofcom, the UK’s communications regulator, to require tech firms to implement measures to protect their users from illegal content online – from child sexual abuse material and grooming to fraud.

Fraud is now the most reported crime in the UK accounting for 40% of all crime. Analysis of fraud reported to the Police and financial services sector consistently indicates that over 80% of such criminality has a cyber component.

Ofcom’s own research found that around nine in ten online adults had encountered content they suspected to be a scam or fraud, with over a quarter losing money. Aside from the financial losses, more than a third of those adults indicated that their mental health was adversely impacted.

In parallel to the Online Safety Act, the UK is implementing mandatory reimbursement of Authorised Push Payment (APP) fraud starting in October 2024. Provisions in the Financial and Services Markets Act will require all Payment Service Providers (PSPs) with a direct or indirect connection to the UK’s real-time payments system to reimburse customers who fall victim to APP fraud.

The importance of the Online Safety Act to the financial sector cannot be understated when you also consider that banks and non-bank PSPs claim that between 60 percent and 80 percent of APP frauds start on one of Meta’s platforms (Facebook, Instagram, and WhatsApp).

The breath of the OSA has meant that Ofcom has divided the task of implementation into three distinct phases. The OSA sets out to address fraud risk by focusing on two distinct categories of service, those that carry illegal content (user-to-use and search) and those that provide paid advertising.  

From Act to Action

Ofcom has exercised its new powers to release draft Codes of Practice that set out how social media, gaming, pornography, search and sharing sites can follow to meet their duties under the Online Safety Act.

It intends to consult on the codes in three distinct phases, gathering feedback from the industry through late 2026.

• Phase 1 – Illegal Harms, with consultation taking place in 2024 with a view the resulting codes being in place before the end of the 2024.

• Phase 2 – Child safety and pornography, with consultation taking place throughout 2024 and early 2025, with the resulting codes to be in place by Q3 2025

• Phase 3 – Duties on categorised services, with consultation taking place mid 2024 through to late 2025 and the resulting codes envisaged to be in place for late Q1 2026.  

When considered through a financial service lens, Phase 1 and Phase 3 are the key elements as they govern the services that are typically considered to have fueled APP fraud.

• User-to-user (U2U) refers to an online service where users may encounter content (such as messages, images, videos, and comments) that has been generated, uploaded, or shared by other users. This includes services which allow private messaging between users.

• Search services are online services with a search engine which enable users to search more than one website and/or database.

• Fraudulent advertising is a paid for service that breaches certain provisions of financial services, fraud, or serious crime legislation.

The consultation makes it clear that Ofcom’s approach is not “one size fits all” with expectations of the platforms differentiated according to the number of users and risk profile.

Ofcom acknowledges that tackling fraud is complex but is also clear that the new rules will require online services to assess the risk of their users being defrauded due to an encounter with illegal content. Online service providers are required to take appropriate steps to protect their users and removing illegal content when they identify it or are told about it.

Recommended measures for large services with medium to high level risks include:

• The use of Automatic keyword searching to detect content that contains keywords that are strongly associated with the sale of stolen personal and financial information.

• Provision of Streamlined expert reporting to enable expert bodies to engage with online services, law enforcement, government departments and regulators like the Financial Conduct Authority.

• The opportunity for individuals, celebrities, companies, and government bodies to obtain a Verified account that is backed up by clear internal processes which support the public to understand what that verified status means in practice. 


The introduction of the new online safety regime by Ofcom represents a pivotal moment in the fight against online fraud. The Online Safety Act provides a comprehensive framework to tackle a problem that affects millions of people every year.

By placing a greater onus on tech companies, fostering collaboration among regulatory bodies, and empowering consumers with knowledge, the UK is setting a global standard for online safety.

Whilst the road ahead is undoubtedly challenging, with technological and enforcement hurdles to overcome, it marks a watershed in the fight against online fraud.

For more information, Ofcom has a range of consultation documents that can be viewed here.


Recent Posts