The difficulties of rapidly moderating harmful content during sensitive and fast-moving UK public disorder events came into sharp focus during the summer of 2025 and again in recent weeks.
Following consultation last year, Ofcom has now published amendments to its Illegal Content and Children’s Safety Codes of Practice requiring user-to-user services to implement formal crisis response protocols to address viral illegal content. These will take effect following the Parliamentary process.
What counts as a crisis?
Ofcom defines a crisis as ‘an extraordinary situation in which there is a serious threat to public safety in the UK’ resulting from a significant increase in illegal content or content harmful to children. The crisis need not affect the whole of the UK, nor originate here. Local or regional events are sufficient. Unlike the EU’s Digital Services Act, the UK framework does not extend to environmental disasters, pandemics, or misinformation campaigns.
Who is in scope?
User-to-user services of any size may be required to implement a crisis response protocol if they pose a high risk of terrorism, hate, harassment, stalking, threats, abuse or foreign interference, or if they are likely to be accessed by children. Large services (those with over 700,000 UK users) face an additional requirement to establish dedicated communication channels with law enforcement.
What a crisis response protocol must contain
Crisis indicators to identify when a crisis is occurring or imminent. These indicators should be continuously monitored using a combination of external sources (law enforcement, media reports) and internal data (content moderation, user complaints) and should be regularly updated to reflect the rapidly changing online environment.
A designated crisis response team with sufficient seniority to enable timely decision-making.
Defined systems and processes for response deployment, recognising that existing content moderation processes and capacity may need to be supplemented.
A comprehensive post-crisis analysis framework, completed at the end of the crisis (or within 90 days of commencement if the crisis remains ongoing). The output of the post-crisis analysis can be formally requested by Ofcom.
Platforms operating under both the Online Safety Act and the EU Digital Services Act should note that the two regimes’ crisis response frameworks differ in scope and procedural requirements. A single global crisis protocol may not adequately address both.
One practical question the framework leaves open is who determines when a crisis has begun. Platforms are responsible for monitoring their own indicators and making that call, but calibrating the threshold carries risk in both directions. Too slow to act, and there is regulatory and reputational exposure; too quick to activate, and there is a risk of restricting legitimate content. A clear, documented decision-making process around the trigger point is as important as the response plan itself.
What you should do now
Assess whether your service is in scope based on size and risk profile.
Audit or draft your crisis response protocol, covering crisis indicators, your response team and the systems and processes you will deploy. Existing content moderation frameworks are unlikely to be sufficient on their own.
If you are a large in-scope service, plan now for establishing a dedicated law enforcement communication channel before the Codes come into force.
Treat the protocol as an operational document: one that is genuinely followed and regularly reviewed, not filed and forgotten.
