The United Kingdom's regulatory system for digital services has entered a new phase. The Online Safety Act (the UK's primary legislation governing digital services) has moved from designation to active enforcement, and the Financial Conduct Authority (FCA) has issued supplementary guidance on algorithmic accountability for regulated technology firms. For international businesses offering digital services into or from the UK, the window to achieve compliance is narrowing.
Digital services regulation in the United Kingdom now imposes binding obligations on technology companies that provide user-to-user content platforms, search services, and algorithmic decision-making systems to UK users. Affected businesses must complete risk assessments, appoint a named UK-responsible person, and implement algorithmic accountability measures. The primary compliance deadline for designated services passed in early 2025, with enforcement by Ofcom (the Office of Communications, the UK's independent communications regulator) now active.
This alert sets out which business categories fall within scope, the threshold criteria that determine regulatory exposure, and the immediate actions international companies must take to avoid enforcement action.
What changed – the regulatory development and effective dates
The UK's digital services regulatory regime has developed along two parallel tracks. The first is the Online Safety Act, which imposes safety duties on platforms hosting user-generated content. The second is a growing body of technology legislation governing software liability, AI Act compliance obligations, and algorithmic accountability across financial and consumer-facing services.
Ofcom's enforcement powers are now live. Designated services – those meeting the statutory thresholds – face potential fines calculated as a share of qualifying global turnover. The High Court and, on appeal, the Supreme Court of the United Kingdom serve as the primary judicial venues for challenging Ofcom decisions.
Separately, the FCA has reinforced its expectations for financial technology firms. Technology companies providing digital services that touch regulated financial activity must now demonstrate algorithmic accountability to FCA supervisors. HMRC (His Majesty's Revenue and Customs) has also updated its guidance on technology licensing arrangements, affecting how cross-border software licensing revenue is characterised for tax purposes.
For companies registered at Companies House (the UK's official registrar of companies), the regulatory position is particularly direct: UK-registered technology businesses have no grace period. Non-UK businesses targeting UK users are subject to the same obligations once they cross the applicable thresholds.
Who is affected – threshold criteria and business categories
The legislation applies broadly. The principal affected categories are:
- User-to-user platforms – services where users can publish, share, or interact with content generated by other users
- Search services – services that index and return results from content published across third-party websites
- Regulated financial technology firms – those providing digital services under FCA or Financial Services Authority (FSA) legacy authorisation
- AI-driven decision systems – companies deploying automated or algorithmic systems that affect UK users' access to goods, services, or information
- Technology licensing and software distribution businesses – where software liability questions arise under UK consumer and commercial legislation
Threshold criteria determine the intensity of obligations. Services with a significant number of UK users, or those designated by Ofcom as posing a higher risk, face Category 1 or Category 2A duties. These include mandatory transparency reports, algorithmic accountability documentation, and senior-manager certification of compliance.
Smaller services below the designation thresholds still face baseline illegal-content duties. There is no complete exemption for low-traffic services if illegal content or child safety risks are present.
For a detailed assessment of how these obligations interact with AI Act compliance and technology licensing requirements specific to your business. Our team advises on the full range of AI and technology law matters in the United Kingdom.
To receive an expert assessment of your digital services exposure in the United Kingdom, contact us at info@ferrazwhitmore.com.
What to do now – immediate actions and compliance timeline
International companies serving UK users should treat the following as time-sensitive priorities.
First, conduct a threshold assessment. Determine whether your service meets the designation criteria. This requires an honest review of UK user numbers, content types hosted, and whether any algorithmic decision-making affects user experience. Do not assume a non-UK corporate seat provides insulation – the legislation reaches outward to services accessible in the UK.
Second, complete a risk assessment. All services within scope must document the risks of illegal content and – for Category 1 services – risks to freedom of expression and privacy. This document must be retained and made available to Ofcom on request. Gaps in this record are among the most common enforcement triggers identified by practitioners in the UK market.
Third, appoint a named responsible person. The legislation requires that a senior individual be identified as accountable for compliance. For non-UK businesses, this may require a UK-resident representative or a formal corporate presence. Companies House records may need updating.
Fourth, review software liability and technology licensing arrangements. UK contract and consumer legislation imposes implied terms on software products and digital services. Technology licensing structures that were adequate before the current regulatory cycle may no longer satisfy statutory requirements. Algorithmic accountability documentation should be reviewed in parallel.
Fifth, assess FCA and HMRC exposure. If your digital service touches regulated financial activity, the FCA's algorithmic accountability expectations now form part of the supervisory assessment. HMRC's updated guidance on technology licensing revenue affects how cross-border software arrangements are taxed. Both regulators have signalled active monitoring of the sector.
Companies with parallel operations in other European markets should also review how their UK compliance posture interacts with EU requirements. For businesses with intellectual property registered or enforced in the UK, related obligations arise under intellectual property law in the United Kingdom, particularly where software or platform-related IP rights are in scope.
Businesses navigating the intersection of UK digital services rules and EU digital regulation – including the EU's Digital Services Act – face a dual compliance burden. Our alert on digital services regulation in Portugal provides a comparative perspective useful for businesses operating across both regimes.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising technology companies, institutional investors, and in-house legal teams on digital services regulation, AI Act compliance, algorithmic accountability, and technology licensing across 46 jurisdictions. As a law firm advising international companies on United Kingdom technology law, our team combines English common law expertise with cross-border regulatory experience to deliver practical compliance strategies. We work with companies at every stage – from threshold assessment through to regulatory investigation – and support clients before Ofcom, the FCA, and the courts. Engaging a lawyer in the United Kingdom with genuine cross-border technology experience is critical when regulatory timelines are tight. To discuss your digital services exposure in the UK, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.