This submission welcomes the review of the Online Safety Act, including its comprehensive and broad nature and the apparent movement towards a systemic approach to managing digital risks rather than addressing specific online harms. The submission notes that there are some tensions in relation to a systemic approach:

• A systemic model cannot neatly rest on a bedrock of 3C and 4C typologies (content, conduct, contact, contract), which foreground risks that are not systemic in nature.
• Drafters should be wary of relying on defined content types and conduct risks, which sets up protracted battles with platforms over what’s in and out of scope. 

The submission calls for systemic and comprehensive model, comprising five key building blocks:

1. An overarching duty of care.
2. Requirements for risk assessments, including content risks and broader societal risks.
3. Requirements for risk mitigations, where platforms must identify their mitigation measures and regulators have the power to review and investigate them.
4. Requirements for meaningful public transparency alongside strong investigatory powers for regulators.
5. Requirements for strong enforcement.