Decoding the world of cybersecurity

Ofcom presses platforms on crisis content controls

The regulator has warned online services after Belfast unrest, placing crisis protocols, law enforcement channels, and illegal content controls under operational scrutiny.

Ofcom presses platforms on crisis content controls
Summary
  • Ofcom has written to UK online service providers following civil unrest in Belfast.
  • The regulator has confirmed crisis protocol measures for services facing spikes in illegal content or content harmful to children.
  • Platforms need operating procedures for exceptional public safety events, not only routine moderation workflows.

Ofcom has warned UK online service providers that ordinary content moderation processes may not be sufficient during crisis events, after civil unrest in Belfast showed how illegal content and online incitement can move rapidly into public safety risk.

The regulator issued an open letter to online service providers on 10 June, following unrest linked to a knife attack in the city. Reuters reported that technology minister Liz Kendall asked Ofcom to engage urgently with X and other platforms about compliance with the Online Safety Act, and that Ofcom had warned providers of possible legal consequences if services are used to incite violence and spread hatred.

Ofcom’s letter says previous crises have shown that sudden increases in illegal content online can manifest in hate crime and violence in the real world. Crisis situations are exceptional, and normal moderation systems and processes may not be enough. The regulator urged providers to have plans for crisis situations and to act before formal parliamentary implementation of newly confirmed measures.

Those measures were set out the previous day in Ofcom’s crisis response protocol statement. Ofcom defines a crisis as an extraordinary situation involving a serious threat to public safety in the United Kingdom, likely to have resulted from a significant increase in relevant content. Certain services should prepare and apply crisis protocols and maintain dedicated law enforcement communication channels for crisis-related matters.

The intervention is not a conventional cybersecurity incident, but it belongs within digital risk and operational governance. Large online platforms are infrastructure for public communication, mobilisation, media distribution, advertising, identity, and political speech. When content systems, recommendation mechanisms, reporting channels, and enforcement processes fail during a fast-moving event, the consequence can move beyond platform policy into policing, community safety, public trust, and regulatory exposure.

The Online Safety Act has already created a compliance architecture for illegal content duties. Ofcom’s crisis protocol work adds an operational layer. Platforms need to recognise exceptional events, activate temporary escalation processes, coordinate with law enforcement, remove illegal content quickly enough, and preserve evidence while managing separate concerns around rights, transparency, and over-removal.

Moderation capacity alone will not meet that standard. Effective crisis response depends on incident management, executive escalation, regional context, language and cultural competence, policy clarity, audit trails, trust and safety tooling, user reporting flows, and external communications. Platforms need to know who can declare a crisis internally, what thresholds apply, which teams are activated, how decisions are documented, and how post-event reviews feed back into risk assessments.

The regulatory pressure also lands at a difficult point for online services. Platforms have cut trust and safety teams in recent years, expanded automation, and grown more reliant on outsourced moderation. At the same time, they face increasingly complex rules covering illegal content, child safety, terrorism, hate crime, fraud, age assurance, privacy, and freedom of expression. Crisis response measures force those competing pressures into real time.

Businesses and public bodies face a related dependency. Digital platforms are now part of the information environment in which incidents unfold. A physical event can become a platform risk within minutes, while a platform failure can become a public-order issue just as quickly. Crisis plans that ignore online amplification, impersonation, threats, misinformation, or abuse are incomplete.

Ofcom’s intervention also increases the importance of evidence. If the regulator later investigates a provider’s response, the service will need records showing what it knew, when it knew it, what measures it activated, how it engaged with law enforcement, and how it assessed risk to UK users. Crisis governance becomes auditable.

The Belfast unrest has given Ofcom a live context for measures that were already moving through the regulatory process. The open letter turns that framework into a near-term expectation. Online services do not have to wait for procedural completion to prepare crisis controls, and exceptional events now sit inside the operational resilience demands placed on major digital platforms.

×