‘What is illegal offline, must be illegal online’: Cyberflashing and the Online Safety Act

Technology Secretary Liz Kendall has announced that cyberflashing will be categorised as a ‘priority offence’ under the Online Safety Act (OSA) in a push to protect women and girls online, where 1 in 3 teenage girls report having received unsolicited pictures at least once.

This is not the first time that the Secretary of State has used its powers to amend the list of priority offences under the OSA via secondary legislation. In November 2024, this power was exercised, making the non-consensual sharing or threat of sharing intimate images or film a priority offence.

Liz Kendall makes it clear, ‘what is illegal offline, must be illegal online’ – this could mean more changes are on the horizon. 

Cyberflashing 

Cyberflashing is the unsolicited sending of explicit images or videos to an individual via digital means. This can occur over social media, dating apps, or even Bluetooth channels. Cyberflashing became a criminal offence in January 2024 and has been classified as a non-priority offence since the OSA was implemented.

Priority vs Non-Priority Offences

Platforms are mandated by the OSA to conduct risk assessments for each type of priority offence (also known as illegal harms) and ensure users are protected from such illegal harm. As a non-priority offence, platforms are required to take proportionate measures to mitigate the risk of harm and to swiftly remove content relating to such an offence.

However, the designation of cyberflashing as a priority offence will mean platforms have additional requirements to protect users from illegal harms arising from it, such as: 

• Assess the risk of harm arising from the priority offence as a standalone risk in the illegal harms risk assessment;
• Take proportionate measures to prevent the risk of harm;
• Minimise the length of time such priority content is present on the service; and
• To meet the same requirements for non-priority offences.

What does this mean for services

In line with the process in November 2024, platforms should expect to have 21 days after cyberflashing is designated as a priority offence for the requirements to take effect. Platforms should:

• Update their illegal harms risk assessments;
• Amend the necessary policies and procedures to ensure cyberflashing is taken into account on how a platform protects its users;
• Ensure its measures are effective in preventing (rather than mitigating) the risk of harm from cyberflashing;
• Ensure measures are in place to minimise the time cyberflashing content is present on its service; and
• Ensure the relevant nominated person or accountable stakeholders are aware of the additional designation. 

Failure to do so could lead to fines of up to £18 million or 10% of global turnover and services being blocked in the UK. 

This designation may not result in substantial changes for platforms that have identified an existing risk of cyberflashing, as it is a risk they should have already taken into account. However, it signals the need for platforms to continue to track new types of illegal harms and priority offences (as already required under the Illegal Content Code of Practice).

The importance

This is an important step in the government’s plan to protect women and girls against violence. Studies show that 58% of girls and women aged 15-25 have experienced online harassment, and less than 50% of women feel that social media is a safe space. These experiences online demonstrate the critical need to keep women and girls safe online.

As Ofcom enters into the next stage of OSA implementation, the protection of women and girls online is next up as the industry anticipates publication of the finalised guidance by Ofcom for ‘A safer life online for women and girls’. 

--

Katten can advise on your Online Safety Act requirements, assist you in conducting risk assessments, and advise on the implementation of measures to ensure you are compliant. If you would like more information, please contact Terry Green (terry.green@katten.co.uk) and Larry Wong (larry.wong@katten.co.uk).