Understanding when and how children are at risk of exposure to harmful or illegal content is central to the UK Online Safety Act (OSA). As a marked departure from earlier (reactive) regimes, the OSA does not simply impose duties where children use an online service, but where they are likely to do so, creating a proactive obligation for providers to interrogate their services with a child-centred ­perspective.

In-scope providers must reconcile overlapping governance expectations, with the regulatory landscape becoming more complex, particularly considering parallel guidance from the UK Office of Communications (Ofcom), (the appointed regulator for the OSA), as well as the Children’s Code issued by the UK Information Commissioner’s Office (ICO) and wider UK data protection requirements. We explore how the OSA defines (i) the risk of harm to children and (ii) the extent to which they are at risk, and why these considerations have led to emerging pressures between online safety and data protection regulations.