The United Kingdom Online Safety Act 2023 (OSA) is enforced by Ofcom. It places a duty of care on in-scope online services to reduce illegal content and protect users — especially children — from harmful material.
This article explains the main OSA rules in plain language. If you host a site on mymember.site, you can be confident that we meet these regulatory requirements on your behalf — the assessments, record-keeping, and platform-level safety controls described below are maintained by us as the platform operator.
Which services are in scope?
OSA primarily regulates two kinds of service:
Search engines (Part 2): Services that search multiple websites or databases.
User-to-user (U2U) services (Part 3): Platforms where people encounter content or messages from other users — social networks, forums, gaming chat, and fan-subscription sites where creators publish content and members can message them.
Services that display pornographic content to people in the UK also face additional age-verification duties (Part 5) — separate from, but alongside, Part 3 obligations.
Mandatory risk assessments
Regulated platforms must complete written safety assessments and keep records on file. The three assessments most often referenced in audits and due-diligence questionnaires are:
1. Illegal Content Risk Assessment (ICRA)
What it is: An assessment of the risk that users could encounter illegal content — for example terrorism material, child sexual exploitation material (CSE), hate speech, fraud, or other crimes — and whether the service could be used to commit or facilitate those crimes.
When it was due: Existing platforms were expected to complete their first ICRA by March 16, 2025. New services, or existing services after a major change, must complete one within three months of launch or the change.
What gets documented: Evidence reviewed, residual risk levels (high / medium / low / negligible), and mitigation steps aligned with Ofcom guidance and Codes of Practice.
mymember.site has completed this assessment and maintains written records as required.
2. Children's Access Assessment (CAA)
What it is: Every regulated service must assess whether children are likely to access the platform.
The test: Unless a service uses highly effective age assurance and access controls that keep minors out entirely, the provider must evaluate whether a significant number of children use the service or whether the platform is likely to attract them.
If children are likely to access: A further assessment is required (see CRA below).
mymember.site has completed the Children's Access Assessment and deployed the age-assurance and content controls it requires.
3. Children's Risk Assessment (CRA)
When it is required: If the CAA concludes that children are likely to access the service.
What it covers: Risks of children encountering harmful content or contact — including priority harms such as suicide and self-harm material, bullying, and other content harmful to children — and the protections deployed to mitigate those risks.
Where required, mymember.site has completed the Children's Risk Assessment and keeps it on file with other OSA records.
Category 1, 2A, and 2B services
Ofcom categorises only the largest services for additional duties on top of core Part 3 obligations. Thresholds are set in UK regulations (2025) using UK monthly active users and service features such as content recommendation, sharing, or direct messaging.
In broad terms:
Category 1: The largest social platforms and similar services — extra duties including fraud protections, user empowerment tools, and proactive submission of risk-assessment records to Ofcom.
Category 2A: Large search engines — search-specific extra duties and proactive record submission.
Category 2B: Large services with direct messaging between users — messaging-focused extra duties.
Uncategorised services: Below all thresholds — still subject to core Part 3 duties (assessments, mitigations, record-keeping) but not the Category 1 / 2A proactive filing regime.
Fan-subscription and creator-hosting platforms like mymember.site are typically uncategorised — not Category 1 platforms like the largest social networks — but remain fully in scope for illegal-content and child-safety duties. We comply with all core duties that apply to our tier.
Record-keeping and documentation
Under sections 23 and 34 of the OSA, providers must keep a written record of their assessments, including:
Evidence gathered
Risk levels assigned
Specific mitigation steps deployed (for example content moderation, reporting systems, age assurance, safety-by-design defaults)
Who sees the records?
Most regulated services: Records are kept on file. Ofcom can require them during an investigation or audit. They are not routinely submitted proactively.
Category 1 and 2A services: Must share risk-assessment records with Ofcom when completed or revised.
Partners, payment processors, or auditors may also request summaries or redacted copies during due diligence.
mymember.site maintains these written records and provides them when lawfully required or during partner due diligence.
Part 5: UK age verification for adult content
Separate from Part 3, services that make pornographic content available to users in the United Kingdom must use highly effective age assurance before that content is shown — for example biometric age estimation or approved document-based checks.
Enforcement of Part 5 operator duties began in January 2025. On mymember.site this is handled at the platform level — UK visitors are age-verified before they can access adult content on any creator site. You do not need to build or configure age verification yourself.
What this means for your site
When you host on mymember.site, the regulatory work described in this article is already taken care of. We maintain the required assessments, records, and platform-level controls — including UK age verification and UK-specific content rules where the law requires them.
To stay aligned with our compliance framework, creators simply follow the same policies and verification steps we already require as part of onboarding:
Our published Content Policy
Identity verification in Legal Info (government-issued ID and live video selfie)
Model / performer verification (2257 documentation) for anyone appearing in your content, where applicable
You do NOT need to conduct your own ICRA, CAA, or CRA, implement UK age verification, or file records with Ofcom. That is all handled by mymember.site.
✅ Hosting on mymember.site means your site runs on a platform that is compliant with the UK Online Safety Act. Just follow our Content Policy and legal verification requirements — we take care of the rest.