Tech Sector Compliance Overview
Comprehensive guide to regulatory compliance for technology businesses - UK GDPR, data protection, online safety, cybersecurity, and sector-specific …
Technology & Digital
Which information service rules apply to your business
Information service businesses — data processing and hosting providers, web portals, news agencies, media-monitoring and other information services — share one defining regime: data protection. Beyond that, what you must do depends on what you operate: cloud, search and marketplace services above a size threshold have network-security duties, services hosting user content have Online Safety Act duties, and news agencies have copyright and press standards to manage. Work out which you are and follow the right guide.
UK-wide
On this page
UK-wide
Related guides in Digital & Technology
Information services compliance checklist
A confirmation checklist for information service businesses. Work through the cross-cutting duties every information service shares, then the …
Software licensing compliance
Understand your legal obligations when using, developing, or distributing software - including open source licensing, commercial agreements, and …
E-commerce regulations for online selling
Legal requirements for selling online - including consumer contracts, pre-contract information, cancellation rights, and digital content regulations.
Protecting Your Software Intellectual Property
Complete IP protection guide for software businesses - automatic copyright for source code, patent eligibility under the technical …
Information services are businesses built on handling information for others — processing and hosting data, running web portals and search services, supplying news, or monitoring and brokering information. Whatever you operate, the defining regime is data protection: you almost certainly process personal data both as a controller and, for client data, as a processor. Beyond the shared duties, what you must do depends on what you operate. Start with the shared duties, then follow the section for your kind of service — if you do more than one, follow each.
-
1
Put the shared duties in place
Whatever your service, start with the universal spine. Follow "Run a compliant information service business" for data protection and the ICO fee, electronic marketing and cookie rules (PECR), employers' liability insurance, health and safety, fire safety and equality.
-
2
If you process or host data, or run a cloud service
Work out whether the NIS Regulations catch what you operate — only cloud computing services at or above the size threshold are in scope from this group — and check your Online Safety Act position if users interact on your service. Your processor contract duties for client data sit in the shared-duties guide. Follow "Data processing, hosting and web portal rules".
-
3
If you run a web portal or search service
Portals that host user-generated content, and search services, are regulated services under the Online Safety Act 2023, with illegal-content and children's-safety duties phased in through Ofcom codes. Online search engines and marketplaces at or above the NIS size threshold also carry network-security duties. Follow "Data processing, hosting and web portal rules".
-
4
If you run a news agency or other information service
You own copyright in the news you create and license, must respect third-party rights when you syndicate or monitor media, and most publishers join a press self-regulator (IPSO or Impress) voluntarily. Follow "Rules for news agencies and information services".
-
5
Confirm you have covered everything
Finish with the information services compliance checklist to confirm every obligation that applies to you is in place.
Official sources
Authoritative starting points for information service businesses.
- ICO — information for organisations (opens in a new tab) Information Commissioner's Office
- Ofcom — online safety (opens in a new tab) Ofcom