Summary:
La loi britannique sur la sécurité en ligne de 2023 impose aux services en ligne de nouvelles obligations concernant la protection des enfants et la gestion des contenus illégaux. Les services qui permettent l’interaction des utilisateurs doivent évaluer l’accès potentiel des enfants, avec un délai fixé au 16 avril 2025. Si l’accès est probable, les prestataires doivent réaliser une évaluation des risques pour les enfants et respecter les codes de protection établis par Ofcom, visant particulièrement les plateformes de jeux en ligne en raison de leur popularité auprès des jeunes.
Original Link:
Original Article:
Under the UK Online Safety Act 2023 (OSA), a wide range of online services are subject to extensive new obligations related to illegal content and content harmful to children. The UK’s Online Safety regulator, Ofcom, has now set out its children’s access guidance, along with guidance on what constitutes effective age assurance. These publications triggered a requirement for all in-scope services to assess whether they are likely to be accessed by children (a child, for the purpose of this legislation, being a person in the UK under the age of 18). This children’s access assessment must be completed by 16 April 2025.
If a service is likely to be accessed by children, the service provider will be required to comply with children’s protection duties – namely, carry out a children’s risk assessment (guidance on this is due in April 2025) and comply with Ofcom’s Protection of Children Codes (which will come into effect in July 2025). Ofcom has previously stated that online gaming is a ‘fundamental form of entertainment for children’. Therefore, gaming platforms will no doubt be a target for the regulator.
By way of reminder to check whether you’re in scope:
Type of service: If you provide a service which allows users to interact with each other, then you are likely to fall within the user-to-user service bracket and be in scope of the OSA. Offline games are not caught by the OSA. However, online gaming platforms are likely to be caught by the OSA where they have functionalities that enable user-to-user interaction.
The children’s access assessment is a two-stage test:
Stage 1: Is it possible for children to access the service (in full or part)? If the service has in place highly effective age assurance (HEAA), then it is not in scope. Stage 2: Are a significant number of children accessing the service, and is the service likely to attract a significant number of children? Unless the answer to both questions is no, the service will be in scope.
The results of the children’s access assessment must be documented. If you conclude that your service is not likely to be accessed by children, you must also document your methodology and evidence for reaching this conclusion. There is an ongoing duty to assess children’s access. Services out of scope of children’s protection duties are required to carry out children’s access assessments regularly (and not more than one year apart). Ofcom has provided guidance on implementing HEAA requirements, which includes various methods considered highly effective.
The guidance sets out four criteria for assessing age assurance methods’ effectiveness: technical accuracy, robustness, reliability, and fairness. Challenges for services can arise in implementing HEAA whilst also complying with data protection obligations.
Legal firms and gaming services should prepare for the upcoming assessments to ensure compliance and address the requirements set out by Ofcom.