Self-harm and cyberflashing added to on-line security offences checklist
Ofcom has up to date its Unlawful Harms Codes and steerage for the way on-line service suppliers can defend their customers from “self-harm” and “cyberflashing” content material, after the On-line Security Act (OSA) was up to date to incorporate each as new “precedence” offences.
Added to the OSA by the federal government in December 2025, these two new classes will sit alongside an inventory of over 130 precedence offences – together with terrorism, promoting unlawful medication or weapons, and youngster sexual abuse – that are thought-about “probably the most severe and prevalent unlawful content material and exercise, towards which firms should take proactive measures”.
The precedence offences sit inside 17 teams of unlawful harms. The replace implies that “selling or facilitating suicide” will likely be mixed with “encouraging or aiding severe self-harm”, which was previously a non-priority offence. Consequently, self-harm content material will likely be assessed on the identical threat stage as suicide content material.
Cyberflashing is classed as a brand new class of unlawful hurt, increasing Ofcom’s checklist to 18 separate teams.
On-line service suppliers at the moment are required to evaluate the dangers of the brand new classes to make sure their security measures are inside “precedence offence” rules, then apply Ofcom’s security measures to “defend customers from unlawful content material and exercise”.
The measures primarily contain administrative updates, equivalent to making certain that monitoring and evaluation can seize cyberflashing and self-harm, and confirming that moderation insurance policies and prioritisation standards are in place that embody the 2 new classes.
Suppliers are required to combine these security measures into present compliance cycles, however are free to decide on tips on how to implement measures relying on their companies.
Ofcom’s amendments to the codes at the moment are topic to parliamentary approval, and can subsequently come into drive as soon as that course of is full someday in autumn 2026.
Influence on service suppliers
In March 2026, Ofcom held a formal session on how finest to replace its Codes of Observe and regulatory steerage after the 2 precedence offences had been added.
Outlining its session, Ofcom stated self-harm and suicide content material manifest equally on-line, with widespread threat components between the 2 classes.
Saying the OSA adjustments, Ofcom added that publicity to self-harm content material on-line may improve the chance of self-harm or suicidal behaviour, whereas repeated publicity “contributes to the normalisation of self-harm as a suitable coping mechanism”.
Service suppliers, together with Microsoft, LinkedIn and the Center Tech Coalition, reported through the session that combining the 2 classes is predicted to result in “clearer, simpler and complete threat evaluation course of and consistency within the deployment of mitigations”.
The measures are anticipated to lead to some further prices and operational impacts for service suppliers, though Ofcom’s report stated it expects these impacts to be restricted.
With cyberflashing, “survivors and victims describe the expertise of cyberflashing as aggressive, intimidating and violating”, with girls thrice extra probably than males to be on the receiving finish of cyberflashing.
Microsoft commented within the March session that introducing cyberflashing as a separate class could “add complexity and duplication to threat assessments”.
The Finish Violence In opposition to Ladies Coalition moreover highlighted that “algorithms can drive content material regarding cyberflashing, which in flip normalises this dangerous behaviour”, subsequently consumer blocking and muting measures had been prolonged to scale back dangers of cyberflashing.
Nevertheless, some session responders – together with West Grid for Studying, Finish Violence In opposition to Ladies Coalition and Iris Anticipa – expressed concern that the proposal “wouldn’t have a big influence on service suppliers” and known as for added measures in tackling cyberflashing.
Ofcom, in response to such suggestions, stated: “We stay of the view that the adjustments to the Unlawful Harms regulatory merchandise could have a big influence on consumer security.
“Taken collectively, these updates type a package deal that strengthens protections for customers from the dangers of hurt arising from suicide and self-harm and cyberflashing. They’re designed to enhance how companies establish, assess and mitigate dangers, and to assist safer consumer experiences throughout a wider vary of on-line companies.”
Codes of Observe as a ‘protected harbour’
Launched in October 2023, the OSA goals to reinforce on-line security for all web customers, significantly kids.
Companies that present user-to-user or search companies should function throughout the OSA, which is enforced by fines as much as £18m or 10% of an organization’s qualifying worldwide income, whichever is bigger.
Failure to adjust to Ofcom’s rules can result in firms or senior managers being held criminally liable.
Corporations are required to “hold updated unlawful content material threat assessments” and “implement proportionate measures to mitigate dangers and defend customers from encountering unlawful content material”.
Ofcom’s Unlawful Content material Codes of Observe apply to “the design, operation and use of companies” that both function throughout the UK or have an effect on UK customers. The codes are a “protected harbour” set out within the OSA – service suppliers that implement the codes’ measures are thought-about compliant.
Measures to deal with precedence offences embody instruments that disable feedback, block or mute customers; on-platform testing of recommender methods; and options that enable customers to report search strategies and stop the dangerous content material from being additional beneficial to different customers.
Different measures are additionally allowed beneath the OSA – suppliers should hold a report of their choices, clarify how their security duties are met, and think about the consumer’s rights to freedom of expression and privateness.

