United Kingdom: Office of Communications opened consultation on updated draft Illegal Content Codes of Practice for user-to-user services, including risk assessment provisions

On 30 June 2025, the Office of Communications (Ofcom) opened a consultation on the draft Illegal Content Codes of Practice for user-to-user services until 20 October 2025. These codes outline risk assessment provisions under sections 5.4 to 5.6, requiring providers to determine whether their service is at medium or high risk of specified kinds of illegal harm, as defined in Table C. A service is classified as multi-risk if it faces medium or high risk in two or more harm categories, excluding image-based Child Sexual Abuse Material (CSAM), CSAM URLs, and grooming. Risk levels are identified through the provider’s most recent risk assessment under section 9 of the Online Safety Act 2023 or via a confirmation decision under section 134 of the Act. The provisions specify that offences include inchoate offences such as aiding, abetting, or attempting the commission of listed crimes. Providers must apply these classifications to implement relevant recommended measures under the Codes. The updates form part of broader changes including new content moderation measures (ICU C11-C16), enhanced reporting requirements (ICU D15-D17), recommender system safeguards (ICU E2), settings (ICU F3), and user access (ICU H2-H3). Modifications affect existing provisions on content moderation (ICU C1, C4, C9), reporting (ICU D8-D11, D13), settings (ICU F1-F2), terms of service (ICU G1), and user controls (ICU J1-J2).