Topic
Digital tools, cyber security, and technology adoption
How to protect your business from cyber threats and comply with UK cyber security requirements. Includes Cyber Essentials certification, data breach notification rules, and sector-specific obligations for financial services and healthcare.
Read guideComprehensive guide to regulatory compliance for technology businesses - UK GDPR, data protection, online safety, cybersecurity, and sector-specific requirements.
Read guideHow to comply with the Network and Information Systems (NIS) Regulations 2018 as an operator of essential services. Covers OES designation, the NCSC Cyber Assessment Framework (CAF), incident notification requirements, and sector competent authorities.
Read guidePractical, low-cost steps to protect your small business from cyber attacks. Covers the five Cyber Essentials controls, free security tools, staff awareness, and how to respond if something goes wrong.
Read guideQuick-check verification of your Online Safety Act compliance status. Covers scope assessment, risk assessments, content moderation, terms of service, complaints, age assurance, Ofcom registration, and record-keeping.
Read guideHow to comply with the Product Security and Telecommunications Infrastructure Act 2022 if you manufacture, import, or distribute consumer connectable products in the UK. Covers the three mandatory security requirements, supply chain duties, products in scope, and OPSS enforcement powers.
Read guideHow to comply with the Online Safety Act 2023 if you operate a user-to-user service or search service. Covers service categories, illegal content duties, children's safety duties, implementation dates, and Ofcom enforcement.
Read guidePractical guide to implementing age assurance on your online platform. Covers choosing between age verification and estimation, evaluating providers, privacy-preserving approaches, the specific requirements for pornographic content, and ensuring compliance with both the Online Safety Act and UK GDPR.
Read guideA confirmation checklist for information service businesses. Work through the cross-cutting duties every information service shares, then the section for what you operate — data processing, hosting and web portals, or news agency and other information services.
Read guideHow to comply with the Computer Misuse Act 1990 when conducting security testing, developing security tools, or running bug bounty programmes. Includes the four criminal offences, penalties up to life imprisonment for serious cases, and requirements for legitimate security research.
Read guideHow to achieve Cyber Essentials certification for your business. Covers the five technical controls, certification levels and costs, the assessment process, and requirements for government contracts.
Read guideIf you process or host data, run a cloud service, or operate a web portal or search service, two regimes may apply on top of the rules every information service shares — and both scope by what you operate, not by your sector. The NIS Regulations 2018 put security and incident-reporting duties on cloud computing, online search and online marketplace services at or above a size threshold. The Online Safety Act 2023 puts illegal-content and children's-safety duties on services that host user-generated content or provide search.
Read guideInformation service businesses — data processing and hosting providers, web portals, news agencies, media-monitoring and other information services — share one defining regime: data protection. Beyond that, what you must do depends on what you operate: cloud, search and marketplace services above a size threshold have network-security duties, services hosting user content have Online Safety Act duties, and news agencies have copyright and press standards to manage. Work out which you are and follow the right guide.
Read guideStep-by-step guide to assessing whether children are likely to access your online service under the Online Safety Act 2023. Covers the legal test, Ofcom's April 2025 guidance, factors to consider, and what additional duties are triggered if children can access your service.
Read guideStep-by-step guide to conducting the mandatory illegal content risk assessment under the Online Safety Act 2023. Covers how to identify risks from Schedule 7 priority offences, assess your service's features, document safety measures, and produce the required written record.
Read guideComprehensive guide to the children's safety duties under the Online Safety Act 2023. Covers what triggers the duties, risk assessment by age group, the categories of harmful content affecting children, age assurance requirements, Ofcom's children's codes of practice, and how the OSA intersects with the ICO's Children's Code.
Read guideHow to build a content moderation system that meets Online Safety Act 2023 duties. Covers automated detection tools, human moderation teams, user reporting mechanisms, content review workflows, removal timelines, record-keeping, and moderator wellbeing.
Read guideHow to draft or update your platform's terms of service to comply with Online Safety Act 2023 duties. Covers required content, prohibited content policies, enforcement, accessibility, and Category 1 additional obligations.
Read guideQuick reference to Ofcom's enforcement powers, penalty calculations, and senior manager criminal liability under the Online Safety Act 2023.
Read guideA strategic overview of the Online Safety Act 2023, explaining what it is, who it affects, how the regulatory framework operates, and where it sits within the broader UK digital regulation landscape. Essential reading for any business operating an online platform or service with user interaction.
Read guideHow to register with Ofcom as a regulated online service and understand fee requirements under the Online Safety Act 2023. Covers scope, the registration portal, qualifying worldwide revenue thresholds, and annual fee obligations.
Read guideHow the Digital Markets Act and CMA regulation affects large digital platforms and app store operators. Covers Strategic Market Status, conduct requirements, and developer rights.
Read guideLegal requirements for selling online - including consumer contracts, pre-contract information, cancellation rights, and digital content regulations.
Read guideSelling internationally through online marketplaces, understanding distance selling regulations, and VAT obligations.
Read guideRights and obligations for communications network operators to install and maintain electronic communications apparatus on public and private land.
Read guideAny provider of electronic communications services or networks in the UK operates under a general authorisation regime. No individual licence required, but providers must comply with general conditions.
Read guideComprehensive guide to licences and regulatory authorisations required for technology businesses - telecommunications, financial services, intellectual property, export controls, and product safety.
Read guideThe UK takes a principles-based, sector-specific approach to AI regulation. There is no single AI law. Instead, existing regulators — including the ICO, FCA, MHRA, CMA, Ofcom, and EHRC — apply five cross-cutting principles within their own domains. The AI Security Institute (formerly AI Safety Institute) provides guidance on frontier models. A comprehensive government AI Bill is expected in the second half of 2026.
Read guideExport of goods, software, and technology with both civil and military applications requires licensing. Particularly relevant for encryption, advanced computing, AI, and surveillance technologies.
Read guideThe NIS Regulations 2018 (as amended in 2022) require operators of essential services and relevant digital service providers to implement appropriate security measures, report significant incidents within 72 hours, and cooperate with sector-specific competent authorities. The Cyber Security and Resilience Bill (introduced November 2025) will further expand scope to managed service providers, data centres, and critical suppliers.
Read guideUnderstand your legal obligations when using, developing, or distributing software - including open source licensing, commercial agreements, and intellectual property protection.
Read guideGovernment-backed scheme helping organisations guard against common cyber attacks. Required for many government contracts involving handling of sensitive information.
Read guideWhatever information service you run — data processing, hosting, a web portal, a news agency or media monitoring — the same core duties apply. Data protection comes first: you are usually both a controller of your own records and a processor of client data, and unless exempt you must pay the ICO data protection fee. Add the electronic marketing and cookie rules, insure your employees, and keep your workplace safe, fire-safe and free of discrimination.
Read guideComputer programming, consultancy and IT services work is office- and screen-intensive, with display screen equipment, mental health and — in data centres — electrical and environmental risks. This is the universal spine. It takes you through your core workplace health and safety duties, fire safety, employers' liability insurance, equality, data protection and, where it applies, NIS digital service provider duties.
Read guideHow to implement age verification to comply with the Online Safety Act and ICO Children's Code. Covers verification methods, pornography requirements, privacy considerations, and gaming/gambling rules.
Read guideRegulatory requirements for cryptoasset businesses in the UK - how token classification determines whether you need full FCA authorisation or Money Laundering Regulations registration only.
Read guideUse this checklist to confirm your IT, programming or consultancy business (SIC division 62) meets its obligations. Work through the universal workplace items every employer shares, then the data protection and NIS items that bite harder in this sector. If you answer no to any item, follow the linked guide before you proceed.
Read guideComplete IP protection guide for software businesses - automatic copyright for source code, patent eligibility under the technical contribution test, UK and international patent fees, and trademark registration for software and services.
Read guideYour legal obligations under the Consumer Rights Act 2015 and Consumer Contracts Regulations 2013 when selling software, apps, games, music, video, e-books, or other digital content to consumers.
Read guidePECR sits alongside UK GDPR and gives specific privacy rights relating to electronic communications, including marketing calls, emails, texts, cookies, and traffic data.
Read guideIf you run a news agency, a media-monitoring or press-clipping service, or another information service, your specific rules centre on copyright — in both directions. You own copyright in the news you create and license to subscribers, and you must license what you copy from other publishers. Most news publishers also join a press self-regulator (IPSO or Impress) voluntarily — there is no statutory press licensing in the UK — and a news agency's own website is generally outside the Online Safety Act.
Read guideEquipment that intentionally transmits or receives radio waves for communication or radio determination must comply with Radio Equipment Regulations, including IoT devices, WiFi equipment, and Bluetooth products.
Read guideComputer programming, consultancy and IT service businesses share workplace-safety duties with every employer, then carry data protection duties that bite harder given the volume of personal data you handle, and — if you provide a relevant digital service above the NIS threshold — network and information systems security duties.
Read guide