The updated guidance is particularly relevant for charities that engage with beneficiaries, supporters, service users or vulnerable individuals online. It gives charities clearer expectations around online safety and highlights the importance of having appropriate systems and safeguards in place.
While many charities think of social media primarily as a tool for broadcasting updates or fundraising campaigns, the Act goes further. The key question is whether a charity is operating a ‘user-to-user service’. This could include forums, community platforms, online groups, messaging functions or any digital space where individuals can post content or communicate with one another.
Where a charity falls within scope, it will need to consider its duties under the Act, particularly in relation to illegal content, harmful material and the systems and processes required to reduce associated risks. This is not simply a technical compliance issue; it goes directly to governance, safeguarding and risk management.
The wider regulatory landscape is also evolving rapidly, with increasing expectations that organisations operating digital services should build safety and accountability into platforms by design. Although much of the regulatory focus has been directed at larger online platforms, many of the principles are equally relevant to charities operating online services, campaigns and interactive communities.
The recent guidance emphasises the importance of effective moderation tools, clear community standards and transparent procedures for handling online safety concerns. There is also a growing focus on harmful content, misinformation, fraud and the wider reputational risks associated with digital engagement.
Recommendations for charities
The updated guidance encourages charities to take a proactive approach to managing online spaces and digital engagement. In practice, charities should consider whether they have:
- clear and regularly reviewed social media, online engagement and digital governance policies;
- appropriate guidance and training for staff and volunteers managing online activity;
- effective moderation and escalation procedures for harmful, inappropriate or safeguarding-related content;
- robust safeguarding processes that extend to digital engagement and online interactions;
- regular risk assessments covering online platforms, together with appropriate data protection and privacy controls;
- a clear and accessible complaints policy, including processes for handling complaints relating to online conduct, moderation and data protection issues (particularly in light of evolving GDPR-related complaints requirements). Please find below a recent article by David Gourlay outlining the requirements organisations will need to have in place by June 2026: Data Protection Complaints: New Requirements | MFMac;
- clear internal responsibility for online safety and oversight of third-party providers or external platforms used to engage with supporters and beneficiaries; and
- active trustee oversight of digital risk, online safeguarding and reputational issues.
Although much of this reflects existing good governance practice, the Online Safety Act 2023 brings increased focus to how organisations manage online harm, user interactions and digital accountability. For trustees, these issues tie directly into their wider duties to act with reasonable care and diligence, protect the charity’s reputation and assets and ensure appropriate risk management and safeguarding arrangements are in place.
Even where a charity is not directly caught by the Act, the overall direction of travel is clear. Regulators increasingly expect organisations to take a proactive and structured approach to online safety, governance and safeguarding. For charities, online safety should now be viewed as a core governance and risk management issue rather than simply a communications concern.
Charities seeking advice and assistance on how to navigate this evolving area should contact our Commercial Team.