Ofcom's Additional Duties for Category 1 Services: What Tech Companies Need to Know

Ofcom has published its long-awaited consultation on the Additional Duties for Category 1 Services under the Online Safety Act, alongside the Register of Categorised Services. Together, these mark the third major phase of Ofcom's implementation of the Act, moving beyond illegal content and child safety duties into a broader set of obligations around user choice, control, and platform accountability. 

This insight focuses on the Additional Duties consultation itself. Ofcom has also published a draft Fraudulent Advertising Code of Practice, covered separately on our insight , this piece deals with the wider set of duties applying to Category 1 services. 

Who's affected? 

Category 1 status is based on thresholds set by Government in secondary legislation, either 34 million UK users combined with a content recommender system, or 7 million UK users combined with a recommender system and content-forwarding functionality. The newly published Register confirms Category 1 services include Facebook, Instagram, Snapchat, TikTok, YouTube, X, WhatsApp, Roblox, Reddit, Pinterest and Quora. 

These platforms already carry duties under the Illegal Content and Protection of Children codes. The Additional Duties consultation adds a further, distinct layer on top. 

What is being proposed? 

Ofcom has structured its proposals across four volumes, totaling 19 draft Code measures. 

User empowerment and identity verification. Category 1 services will need to assess how likely adult users are to encounter certain categories of content, defined in the Act as content promoting suicide or self-harm, content promoting eating disorders, and content inciting hatred or abuse, and offer tools to manage exposure to it. Proposed measures include letting users choose not to encounter this content, choose instead to be alerted to its presence, and report it, alongside broader controls like blocking, muting and disabling comments that apply regardless of content type. Providers will also need to offer optional identity verification for adult users, guided by four principles Ofcom is calling relevance, reliability, inclusivity and clarity, and a filter tool letting verified users limit interaction with non-verified accounts. Critically, none of this requires users to verify their identity or use these tools, the duty is to offer the choice, not to mandate participation. 

News publisher content, journalism, and democratic importance. Platforms will need processes to identify recognised news publishers and their content and can't take action against that content without notifying the publisher and allowing a response first, with limited exceptions. A parallel set of measures covers journalistic content and content of democratic importance more broadly, internal moderation policies, staff and volunteer training, an expedited complaints route for journalistic content, and a requirement for providers to actively review their own appeals data for evidence of inconsistent treatment across political viewpoints. 

Terms of service and complaints. Category 1 providers will need to include specific provisions in their terms of service covering user empowerment, journalistic content, democratic content and complaints, written and presented in a genuinely clear and accessible way. Complaints systems will need to specifically handle complaints about non-compliance with these duties, not just content complaints, and be easy to find, use, and act on. 

Providers will also be required to publish assessments of how their safety measures affect freedom of expression and privacy, including impacts on news and journalistic content, as a standing transparency obligation. 

Why it matters 

For platforms already compliant with the Illegal Content and Protection of Children codes, there's a natural starting point, Ofcom has deliberately aligned definitions and risk assessment structures across all three regimes for consistency. But this is a genuinely new layer of obligation, not an extension of existing compliance to work. 

Two elements stand out as the most novel, and the most likely to generate real implementation questions: the non-verified user filter tool, and optional identity verification. 

For the filter tool, Ofcom isn't prescribing which functionalities it must apply to. Instead, providers decide for themselves, weighing user safety benefit against the risk of materially interfering with the core service. For identity verification, providers design their own schemes rather than following a single prescribed model, guided only by Ofcom's four principles. 

In both cases, Ofcom has deliberately given providers flexibility rather than a fixed rulebook. That's helpful in principle, but it also means the detail of implementation is still very much up for debate, which is exactly what this consultation is for. 

Having your say: 

The consultation closes on 2 October 2026, with final decisions expected in 2027. Given the breadth of what's proposed, engaging early, and with evidence, is likely to matter more here.  techUK members are encouraged to contact [email protected] to feed into techUK’s response.  


techUK's Policy and Public Affairs Programme activities

techUK helps our members understand, engage and influence the development of digital and tech policy in the UK and beyond. We support our members to understand some of the most complex and thorny policy questions that confront our sector. Visit the programme page here.

 

Upcoming events

Latest news and insights 

Learn more and get involved

 

Policy Pulse Newsletter

Sign-up to get the latest tech policy news and how you can get involved in techUK's policy work.

 

 

Here are the five reasons to join the Policy and Public Affairs programme

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 

Meet the team 

Antony Walker

Antony Walker

Deputy CEO, techUK

Nimmi Patel

Nimmi Patel

Associate Director - Skills & Talent Policy, techUK

Doniya Soni-Clark

Doniya Soni-Clark

Associate Director of External Affairs, techUK

Tom McGee

Tom McGee

Associate Director, Digital Economy, techUK

Dan Johnston

Dan Johnston

Head - Public Affairs, techUK

Edward Emerson

Edward Emerson

Head of Digital Economy, techUK

Samiah Anderson

Samiah Anderson

Head of Digital Regulation, techUK

Matt Robinson

Matt Robinson

Head of Nations and Regions, techUK

Jake Wall

Jake Wall

Policy Manager, Skills and Future of Work, techUK

Daniella Bennett Remington

Daniella Bennett Remington

Policy Manager - Data and AI, techUK

Luke Newcombe

Luke Newcombe

Programme Manager – Local Public Services and Nations and Regions, techUK

Stephanie Barr

Stephanie Barr

Programme Manager, SME Engagement and Nations & Regions, techUK

Oliver Alderson

Oliver Alderson

Junior Policy Manager, techUK

Tess Newton

Junior Policy Manager, techUK

 

 

Related topics