DUA

logo
logo

From Digital Safety to Data Access: How New UK Laws Are Shaping Business Responsibilities

In June–July 2025, two landmark pieces of legislation were enacted that significantly affect UK businesses handling data and online operations

  1. The Online Safety Act, enforced from 25 July 2025, mandates platforms implement safety measures, age verification, and content oversight.
  2. The Data (Use and Access) Act 2025, receiving Royal Assent on 19 June 2025, enables new data-sharing frameworks, smart data services, and updated privacy obligations.

What Online Safety Means for Businesses

Although primarily aimed at major platforms, the Online Safety Act affects:

  • Content-hosting businesses, including forums, marketplaces, and service platforms.
  • All firms must run risk assessments, apply user protections, and comply with Ofcom’s codes or face fines up to £18 million or 10% of global turnover.

Smaller tech firms express concern about unclear definitions of “reasonable measures” and potential censorship obligations. However, compliance is mandatory and delays risk penalties.

Data Act Changes: Access & Responsibility

The Data (Use and Access) Act introduces:

  • Statutory frameworks for smart data sharing, akin to open banking;
  • The establishment of an Information Commission and data standards for health and infrastructure;
  • Expanded rules for biometric retention, trust services, and public data usability.

This creates both opportunities and responsibilities for businesses that collect or transact with consumer data.

Business Implications

Risk and Governance

All businesses must revisit data governance policies, embedding safe-by-design and privacy-by-default principles. Auditing and documenting compliance will be vital.

Customer Trust and Competitive Edge

Organisations adopting transparent data practices and high safety standards can differentiate themselves. Ethical data usage and compliance frameworks can build customer trust.

Liability Exposure

Under both acts, poorly-managed platforms or data handling systems could face enforcement or reputational harm. Firms must integrate compliance checks into digital product lifecycles.

Action Steps for Businesses

  1. Conduct comprehensive risk audits under the Online Safety Act: identify harmful content vectors and assess moderation capacity.
  2. Review privacy and data-sharing processes: align with new smart data frameworks and register under relevant trusts or standards.
  3. Train staff and embed policies: ensure employees understand their obligations under both acts and can escalate issues.
  4. Engage legal and tech specialists: ensure design, contracts, APIs, and third-party providers comply with the new laws.
  5. Monitor Ofcom and ICO guidance: both regulators are publishing codes, standards, and enforcement guidance through late 2025.

What to Watch for in the coming Months

  • Ofcom’s detailed codes for small and medium platforms under the Online Safety Act.
  • Standard formats and APIs under the Data Use Act, particularly for health, energy and infrastructure sectors.
  • Government-funded support or transition grants for high-risk SMEs in tech or digital media.

These laws are reshaping how businesses operate in data and digital safety. Firms that act decisively to embed responsible protocols now will not only avoid penalties but gain a credibility edge in an increasingly regulated digital economy.

logo
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.