Phosra
Get Started
United KingdomEnacted (Oct 2023); Ofcom codes in phased rollout

UK Online Safety Act 2023 (UK OSA)

UK law imposing a duty of care on platforms to protect children from harmful content online. Requires age verification and proactive measures to prevent children encountering harmful material.

Compliance Coverage7/8

What UK OSA Requires

Key provisions of UK Online Safety Act 2023

Duty of Care for Children

Platforms have a statutory duty of care to protect children from harmful content. This includes proactive measures to prevent children from encountering content relating to self-harm, eating disorders, pornography, and violence.

Mandatory Age Verification

Platforms likely to be accessed by children must implement age verification or age estimation technology. Services must use highly effective age assurance measures to prevent children from accessing age-restricted content.

Priority Harmful Content Categories

The Act defines priority categories of content harmful to children, including suicide/self-harm promotion, eating disorder content, pornography, and content promoting violence. Platforms must actively prevent children from encountering such content.

Adult-Child DM Restrictions

Platforms must implement measures to prevent adults from sending direct messages to children they do not know. This includes restricting contact discovery and limiting messaging to existing connections.

CSAM Detection and Reporting

Platforms must implement systems to detect and report child sexual abuse material (CSAM). This includes proactive scanning obligations and mandatory reporting to the National Crime Agency.

Ofcom Regulatory Powers

Ofcom serves as the regulator with power to fine up to 10% of global revenue or £18 million (whichever is greater). Senior managers face criminal liability for failing to comply with information requests.

How Phosra Helps

UK OSA provisions mapped to Phosra features

Each UK OSA requirement is addressed by a specific Phosra capability. Integrate once, and your platform is covered.

Duty of care for children

PCSS Policy Engine

addictive_design_control

Phosra's comprehensive policy engine covers the full scope of the OSA's duty of care, enforcing protective defaults across all connected platforms in a single API call.

REST API — OSA duty of care enforcement
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_oliver_05",
    "rules": ["addictive_design_control",
              "algo_feed_control",
              "dm_restriction",
              "targeted_ad_block"],
    "platforms": ["youtube", "tiktok",
                  "instagram", "discord"]
  }'

Age verification

Age Gate

age_gate

The age_gate rule enforces age verification requirements on connected platforms, ensuring minor accounts are properly identified and protected.

REST API — UK age verification
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_oliver_05",
    "rules": ["age_gate"],
    "platforms": ["instagram", "tiktok",
                  "discord", "snapchat"]
  }'

DM restrictions

DM Restriction

dm_restriction

The dm_restriction rule limits direct messaging to contacts-only or disables DMs entirely, preventing unsolicited adult-to-child contact on Instagram, TikTok, Discord, and Snapchat.

REST API — Restrict direct messages
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_oliver_05",
    "rules": ["dm_restriction"],
    "config": { "mode": "contacts_only" },
    "platforms": ["instagram", "tiktok",
                  "discord", "snapchat"]
  }'

CSAM reporting compliance

CSAM Reporting

csam_reporting

The csam_reporting rule ensures platforms have detection and reporting mechanisms enabled, supporting compliance with the OSA's mandatory CSAM reporting obligations.

REST API — CSAM reporting status
bash
curl -G https://api.phosra.com/v1/compliance/csam-reporting \
  -H "Authorization: Bearer sk_live_..." \
  -d "child_id=ch_oliver_05"

Addictive design mitigation

Addictive Design Control

addictive_design_control

The addictive_design_control rule disables autoplay, infinite scroll, and engagement-maximizing features, reducing exposure to harmful content amplification.

REST API — Disable addictive features
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_oliver_05",
    "rules": ["addictive_design_control"],
    "platforms": ["youtube", "tiktok", "instagram"]
  }'

Regulatory audit readiness

Enforcement Audit Trail

Complete enforcement logging with timestamped records provides documentary evidence for Ofcom regulatory reviews and compliance demonstrations.

REST API — Ofcom audit export
bash
curl -G https://api.phosra.com/v1/enforcement/audit \
  -H "Authorization: Bearer sk_live_..." \
  -d "regulation=uk_osa" \
  -d "format=ofcom_report"

Coverage Assessment

UK OSA compliance checklist

Compliance Coverage

Duty of care measures implementedPCSS Policy Engine with 40 rule categories
Age verification enforcedage_gate rule category
Adult-child DM restrictions in placedm_restriction rule category
CSAM detection and reporting enabledcsam_reporting rule category
Addictive design features disabledaddictive_design_control rule category
Cross-platform enforcement activePlatform adapters for 6+ regulated platforms
Ofcom compliance documentationEnforcement audit trail and compliance dashboard
Proactive content scanningContent scanning integration (platform-side responsibility)

Start building UK OSA-compliant features today

Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.

Get Started FreeRead the Docs