Tech Sector Compliance Overview
Comprehensive guide to regulatory compliance for technology businesses - UK GDPR, data protection, online safety, cybersecurity, and sector-specific …
Technology & Digital
Information services compliance checklist
A confirmation checklist for information service businesses. Work through the cross-cutting duties every information service shares, then the section for what you operate — data processing, hosting and web portals, or news agency and other information services.
UK-wide
On this page
UK-wide
Related guides in Digital & Technology
Which information service rules apply to your business
Information service businesses — data processing and hosting providers, web portals, news agencies, media-monitoring and other information services …
Software licensing compliance
Understand your legal obligations when using, developing, or distributing software - including open source licensing, commercial agreements, and …
E-commerce regulations for online selling
Legal requirements for selling online - including consumer contracts, pre-contract information, cancellation rights, and digital content regulations.
Protecting Your Software Intellectual Property
Complete IP protection guide for software businesses - automatic copyright for source code, patent eligibility under the technical …
Confirm the obligations that apply to your information service business are in place. Start with section 1, which applies to every information service, then complete the section for what you operate — answer only the items for the services you actually run. Where a duty differs by nation, the item says so.
Section 1 — Every information service business
-
1
Map your controller and processor roles
Identify which datasets you hold as a controller and which you process for clients, hold a lawful basis for each purpose, and put UK GDPR Article 28 contracts in place with every controller you process for. UK-wide.
-
2
Register with the ICO and pay the data protection fee
Unless a narrow exemption applies, register with the Information Commissioner's Office and pay the annual data protection fee. UK-wide.
-
3
Follow the electronic marketing and cookie rules
Meet PECR consent rules for cookies and tracking technologies on your services, and for email, SMS and telephone marketing. Enforced by the ICO. UK-wide.
-
4
Insure your employees
At least £5 million employers' liability cover from an authorised insurer if you employ anyone (Great Britain; equivalent rules in Northern Ireland).
-
5
Manage workplace health and safety
Protect employees and others in your offices, server rooms and data centres under the Health and Safety at Work etc. Act 1974 (Great Britain; corresponding order in Northern Ireland).
-
6
Assess fire safety
Carry out and maintain a fire risk assessment of your non-domestic premises (Fire Safety Order in England and Wales; separate regimes in Scotland and Northern Ireland).
-
7
Avoid discrimination
Comply with the Equality Act 2010 (Great Britain) or Northern Ireland equality law in employment and in services to the public — including the accessibility of your customer-facing digital services.
Section 2 — Data processing, hosting and web portals
-
1
Check whether you are an RDSP under the NIS Regulations
Only cloud computing services, online search engines and online marketplaces qualify — and only at or above 50 staff or more than €10 million turnover or balance sheet. If in scope, register with the ICO, implement security measures and confirm your incident-reporting arrangements against the NIS Regulations guide. UK-wide.
-
2
Check your Online Safety Act scope per service
A service hosting user-generated content is likely a user-to-user service; search services carry a lighter duty set; pure data-feed or directory portals with no user interaction are generally out of scope. If in scope, work through the Online Safety Act compliance checklist. UK-wide.
-
3
Evidence your security posture
Consider voluntary Cyber Essentials certification — it maps onto the technical measures the UK GDPR and NIS Regulations expect, and many public-sector contracts require it.
Section 3 — News agencies and other information services
-
1
Manage copyright in your output
Record authorship and ownership of articles, photographs and footage, set clear syndication licence terms, respect third-party rights in material you syndicate onward, and consider any database right in compiled feeds. UK-wide.
-
2
License what you copy from other publishers
Hold the collective licences your monitoring or clipping work needs (NLA Media Access for newspapers and many news websites; CLA for books, journals and magazines) and make clear in client contracts who licenses what.
-
3
Decide your press self-regulation position
Joining IPSO or Impress is voluntary — there is no statutory press licensing — but editorial liability still arises under defamation, contempt and data protection law.
-
4
Check your Online Safety Act position
Recognised news publisher content and below-the-line comments are exempt, but a separate user-to-user platform you operate is in scope — check per service.
Related guides
The guides this checklist confirms, and the onward checklists it routes to.
- Which information service rules apply to your business (opens in a new tab) Guvnor
- Run a compliant information service business (opens in a new tab) Guvnor
- Data processing, hosting and web portal rules (opens in a new tab) Guvnor
- Rules for news agencies and information services (opens in a new tab) Guvnor
- Network and Information Systems (NIS) Regulations (opens in a new tab) Guvnor
- Online Safety Act compliance checklist (opens in a new tab) Guvnor
- Data protection annual compliance checklist (opens in a new tab) Guvnor