Xavier Lorenzo - stock.adobe.com

Self-harm and cyberflashing added to online safety offences list

The Online Safety Act has been updated to include ‘self-harm’ and ‘cyberflashing’ as ‘priority offences’, meaning online service providers will need to update their risk assessments of both categories

Ofcom has updated its Illegal Harms Codes and guidance for how online service providers can protect their users from “self-harm” and “cyberflashing” content, after the Online Safety Act (OSA) was updated to include both as new “priority” offences.

Added to the OSA by the government in December 2025, these two new categories will sit alongside a list of over 130 priority offences – including terrorism, selling illegal drugs or weapons, and child sexual abuse – which are considered “the most serious and prevalent illegal content and activity, against which companies must take proactive measures”.

The priority offences sit within 17 groups of illegal harms. The update means that “promoting or facilitating suicide” will be combined with “encouraging or assisting serious self-harm”, which was formerly a non-priority offence. As a result, self-harm content will be assessed at the same risk level as suicide content.

Cyberflashing is classified as a new category of illegal harm, expanding Ofcom’s list to 18 separate groups.

Online service providers are now required to assess the risks of the new categories to ensure their safety measures are within “priority offence” regulations, then apply Ofcom’s safety measures to “protect users from illegal content and activity”.

The measures mainly involve administrative updates, such as ensuring that tracking and analysis can capture cyberflashing and self-harm, and confirming that moderation policies and prioritisation criteria are in place that include the two new categories.

Providers are required to integrate these safety measures into existing compliance cycles, but are free to choose how to implement measures depending on their services.

Ofcom’s amendments to the codes are now subject to parliamentary approval, and will therefore come into force once that process is complete sometime in autumn 2026.

Impact on service providers

In March 2026, Ofcom held a formal consultation on how best to update its Codes of Practice and regulatory guidance after the two priority offences were added.

Outlining its consultation, Ofcom said self-harm and suicide content manifest similarly online, with common risk factors between the two categories.

Announcing the OSA changes, Ofcom added that exposure to self-harm content online could increase the likelihood of self-harm or suicidal behaviour, while repeated exposure “contributes to the normalisation of self-harm as an acceptable coping mechanism”. 

Service providers, including Microsoft, LinkedIn and the Middle Tech Coalition, reported during the consultation that combining the two categories is expected to lead to “clearer, more effective and comprehensive risk assessment process and consistency in the deployment of mitigations”.

The measures are expected to result in some additional costs and operational impacts for service providers, although Ofcom’s report said it expects these impacts to be limited.

With cyberflashing, “survivors and victims describe the experience of cyberflashing as aggressive, intimidating and violating”, with women three times more likely than men to be on the receiving end of cyberflashing.

Microsoft commented in the March consultation that introducing cyberflashing as a separate category may “add complexity and duplication to risk assessments”.

The End Violence Against Women Coalition additionally highlighted that “algorithms can drive content relating to cyberflashing, which in turn normalises this harmful behaviour”, therefore user blocking and muting measures were extended to reduce risks of cyberflashing.

However, some consultation responders – including West Grid for Learning, End Violence Against Women Coalition and Iris Anticipa – expressed concern that the proposal “would not have a significant impact on service providers” and called for additional measures in tackling cyberflashing.

Ofcom, in response to such feedback, said: “We remain of the view that the changes to the Illegal Harms regulatory products will have a significant impact on user safety.

“Taken together, these updates form a package that strengthens protections for users from the risks of harm arising from suicide and self-harm and cyberflashing. They are designed to improve how services identify, assess and mitigate risks, and to support safer user experiences across a wider range of online services.”

Codes of Practice as a ‘safe harbour’

Introduced in October 2023, the OSA aims to enhance online safety for all internet users, particularly children.

Services that provide user-to-user or search services must operate within the OSA, which is enforced by fines up to £18m or 10% of a company’s qualifying worldwide revenue, whichever is greater.

Failure to comply with Ofcom’s regulations can lead to companies or senior managers being held criminally liable.

Companies are required to “keep up to date illegal content risk assessments” and “implement proportionate measures to mitigate risks and protect users from encountering illegal content”.

Ofcom’s Illegal Content Codes of Practice apply to “the design, operation and use of services” that either operate within the UK or affect UK users. The codes are a “safe harbour” set out in the OSA – service providers that implement the codes’ measures are considered compliant.

Measures to tackle priority offences include tools that disable comments, block or mute users; on-platform testing of recommender systems; and features that allow users to report search suggestions and prevent the harmful content from being further recommended to other users.

Alternative measures are also allowed under the OSA – providers must keep a record of their decisions, explain how their safety duties are met, and take into consideration the user’s rights to freedom of expression and privacy.

Read more about online safety

Read more on Content management