A number of countries are introducing "online safety" laws, which generally impact providers of online services. An example of these is the UK's Online Safety Act 2023.

It purports to have extra-territorial effect, applying to anyone, anywhere in the world, who provides a service to people in the UK, if certain criteria are met.

While the ostensible aim of these acts is to address concerns relating to the largest social media providers, they are not always well drafted, or else are drafted intentionally broadly, and catch all number of services which are used commonly by FOSS projects, including self-hosted projects.

For instance:

• git / code forges
• community forums
• instant messaging services
• bug trackers

I have spent far too much pro bono time this year working with FOSS projects to help them with the Online Safety Act 2023, working out whether it poses a realistic risk to them, and what, if anything, they might want to do about it.

I've also produced onlinesafetyact.co.uk, as a free, CC-licensed, resource, which has been well used as far as I can tell.

This talk will:

• raise awareness of this kind of legal framework, which is likely to be increasingly common
• cover the assessment of risk, to help projects decide which, if any, requirements might pose actual risk to them
• look at options for "doing something" which, while perhaps not compliant with each and every law, might be heading in the right direction, consistent with the generally reasonably common aims of this kind of framework
• discuss some of the benefits of thinking through these kinds of issue, so that it is not just about "legal compliance", but whether there are learnings / things to do which can actually make communities safer and give projects less work to do overall.