What is the Online Safety Act 2023?

The Online Safety Act 2023 is a comprehensive UK legislative framework, regulated by Ofcom, that legally compels tech companies, social media platforms, and search engines to protect users from illegal and harmful content. For those looking after children—whether in foster care, residential settings, or kinship arrangements—the Act acts as a systemic, statutory safeguard. It legally requires platforms to enforce robust age verification, remove priority illegal content (such as material promoting suicide, eating disorders, or child sexual abuse), and provide accessible, transparent reporting tools for users.

As we navigate the operational realities of 2026, understanding this legislation is no longer an optional “tech update” for care professionals—it is a mandatory component of trauma-responsive safeguarding and placement stability.

The 2026 Landscape: Enforcement and The End of “Self-Regulation”

When I reflect on my 7+ years of frontline experience—managing residential homes, upholding NVQ Level 4 standards, and operating as a protective factor for highly traumatized youth—the digital landscape has consistently been the most volatile risk factor we face. Historically, the internet was a regulatory void where tech companies self-policed, often at the expense of our most vulnerable children.

The Online Safety Act fundamentally shifts the burden of responsibility. As of early 2026, Ofcom is actively enforcing compliance across all major platforms. Understanding these shifts is critical for your daily practice:

• Proactive Removal of Priority Offences: Tech companies are no longer allowed to wait for a social worker or foster carer to report harmful content. Platforms have a legal duty to proactively detect and remove “priority offences.” This includes cyberflashing, the non-consensual sharing of intimate images (including AI-generated deepfakes), and content encouraging serious self-harm or suicide.
• Mandatory Age Assurance: Pornography platforms and high-risk user-to-user services are now under strict legal obligations to implement “highly effective age assurance.” This goes far beyond the easily bypassed “tick box” of the past.
• The Power of Enforcement: Ofcom is actively issuing substantial fines (routinely reaching up to 10% of global turnover) to non-compliant companies. Furthermore, in severe cases of repeated safeguarding failures, Ofcom utilizes Business Disruption Orders, effectively blocking unsafe services from operating within the UK.

The Dual Lens: Why This Matters for Placement Stability

From my perspective as both a care-experienced survivor and a Director of Looked After Child Limited, I view digital exploitation as a direct threat to placement stability. A child can be physically safe within a heavily vetted, therapeutic residential home, yet completely unprotected if their smartphone acts as an unmonitored portal to predators, cyberbullying, or self-harm communities.

Our young people often use digital spaces as an escape or a maladaptive coping mechanism. When platforms fail to protect them, it triggers trauma responses that manifest as absconding, aggression, or deep depressive episodes. The Online Safety Act equips us with legislative backing. When we teach our young people about this Act, we are not just talking about “internet safety”; we are validating their right to exist in digital spaces without being targeted, exploited, or traumatized.

An Operational Framework for Care Teams

As Foster Parents, Social Workers, and Residential Workers, you are not responsible for enforcing the Online Safety Act—Ofcom is. However, your role requires you to integrate this legislation into your practical, day-to-day care planning. Here is a four-step framework to implement within your settings:

1. Pre-emptive Digital Care Planning

Do not wait for a safeguarding crisis to discuss digital boundaries. Digital safety must be integrated into the core Care Plan and Risk Assessment from the day of admission.

• Action: Map out the young person’s digital footprint. What platforms do they use? Discuss the Act with them. Frame it not as restricting their freedom, but as their legal right to a safe online environment.

2. Activating the “Triple Shield”

The Act mandates a “Triple Shield” of protection, which is particularly vital for older youth and care leavers transitioning into independence.

• Action: Ensure that accounts belonging to under-18s have default safety settings activated (platforms are now legally required to provide these). For care leavers (18+), guide them in activating user empowerment tools, which allow adult users to filter out unverified users, unsolicited sensitive content, and abusive language.

3. Trauma-Informed Incident Response

When a young person is exposed to illegal content (e.g., explicit material or self-harm promotion), their physiological arousal will be high.

• Action: Prioritize emotional de-escalation first. Validate their distress. Once the young person is grounded, utilize the platform’s reporting tools together. This models healthy digital boundaries and reinforces that the platform—not the child—is at fault for the exposure.

4. Strategic Logging and Reporting

Under the 2026 guidelines, your incident reports must be precise to be effective.

• Action: Document the exact nature of the digital harm, the platform involved, the time of exposure, and the time the platform was notified. While Ofcom does not investigate individual cases, logging systemic failures through your Local Authority’s safeguarding channels contributes to the broader regulatory pressure applied to these platforms.

Digital Safeguarding & The Lived Experience Vault

To truly understand the devastating operational impact of unregulated digital spaces, we must analyze the realities of digital exploitation, county lines grooming via social media, and online peer-on-peer abuse. However, public-facing platforms are not the appropriate venue for raw trauma narratives.

• The Public Standard: All content published on the Looked After Child Limited main site prioritizes the digital footprints and privacy of vulnerable children. We do not share graphic chronologies, triggering details, or identifiable case histories here.
• The Vault Protocol: If you are a verified practitioner (Social Worker, Registered Manager, or Foster Carer) requiring granular, operational case studies regarding digital exploitation and online grooming, please access The Lived Experience Vault. In this secure, gated environment, we utilize managed lived experience strictly as a professional tool for sector change, ensuring we learn from the past without compromising the psychological safety of the present.

Frequently Asked Questions (FAQs)

Q: Does the Online Safety Act mean social workers and carers are responsible for monitoring tech companies? A: No. The legal burden rests entirely on the tech companies to conduct risk assessments, implement safety measures, and police their own platforms. Your professional role is to understand the statutory protections in place so you can advocate for the child, utilize reporting mechanisms when platforms fail, and teach the young person digital resilience.

Q: What is the immediate operational step if a child in my care encounters content promoting self-harm? A: First, ensure the immediate physical and emotional safety of the child using trauma-informed de-escalation techniques. Do not immediately confiscate the device in a punitive manner, as this can sever trust. Second, report the content using the platform’s built-in tools—under 2026 regulations, platforms are legally mandated to remove this priority content rapidly. Finally, log the incident meticulously in your residential or fostering records to maintain a clear safeguarding chronology.

Q: How does the Act address the sharing of intimate images without consent, including AI deepfakes? A: The Act has classified “cyberflashing” and the non-consensual sharing of intimate images (including synthetically generated deepfakes) as priority criminal offences. Tech firms must proactively detect and remove such abusive images. If a young person is a victim, follow standard safeguarding procedures, involve the police immediately to secure evidence, and reassure the young person that the law explicitly protects them from this exploitation.

Q: Does the Act apply to encrypted messaging services like WhatsApp or iMessage? A: This remains a complex area of the legislation. While the Act generally exempts the content of private encrypted messages from proactive scanning to protect user privacy, platforms are still required to implement safety measures regarding how users find and interact with each other (e.g., preventing unknown adults from messaging children). If abuse occurs on encrypted apps, manual reporting by the user remains the primary mechanism for intervention.

Q: Where can I find specific, actionable case studies on managing digital risks and confiscating devices safely in a residential setting? A: Because these scenarios often involve highly sensitive behavioral chronologies, verified professionals must log into The Lived Experience Vault to access our advanced training modules and detailed operational case studies.

Keep the Conversation Going

 

If this article sparked your interest in safeguarding and supporting vulnerable young people, we invite you to join our community. Sign up to the Looked After Child Limited newsletter to receive guidance on trauma-informed care, updates on our community events, and resources to help you understand the fostering and residential care journey. Together, we can prioritize the welfare and future of every child.

SUBSCRIBE!

You have Successfully Subscribed!