XR-018: User Generated Content *

Version 1.6, 03/01/2025

User generated content (UGC) refers to any in-game digital content produced by a player and made visible or accessible to one or more other people in an online state.

If your product contains UGC, you must:

• Provide an in-product means for users to report inappropriate or harmful UGC to the developer for review and removal/disablement (if in violation of content guidelines) and/or implement a method for proactive detection of inappropriate or harmful UGC (for example, text filtering).
• Publish content guidelines for user generated content (such as a terms of use or code of conduct), available to users either in-product or on the title's website.
• Be prepared to remove/disable high-risk illegal content at the request of Microsoft in the unlikely event that Microsoft becomes aware of illegal material on the Xbox network that has not been addressed via standard action mechanisms or processes.
• Respect player UGC settings and gracefully handle scenarios in which a user does not have access to UGC in-game due to restricted privileges.

Additionally, if your product is integrated with a third-party game mod platform, you must:

• Integrate with the platform’s report/complaint API (if available) and moderate content if required by contractual agreement with the third party.
• Present a disclaimer, dialog, or visual indicator to users when content is not sourced from the developer.

More Information

User Generated Content (UGC)

At a high level, UGC includes (but is not limited to):

• Player-entered text, such as player nicknames and profile information, character names, weapon names, clan tags, and text posted on signs/boards
• Player-created or uploaded images, videos, and GIFs
• Player-created screenshots and videos (excluding screenshots and game clips captured using the Xbox platform-managed capture feature)
• Player-created maps, terrains, worlds, player emblems, textures, models, assets, liveries, skins, drawings, sounds, and character content (custom emotes, animated gestures or actions, etc.)

Titles that leverage UGC as a core gameplay mechanic (such as drawing games and sandbox games with customizable worlds) remain in-scope for this XR. Take care to examine what qualifies as UGC and what scenarios are exempt.

Game modifications (“mods”) are also considered UGC. In-scope mods include any offered via developer-controlled distribution methods, such as:

• An official developer/publisher-managed store
• A designated upload/share area controlled by the developer
• Mods created and shared via in-game experiences
• Mods enabled through 3rd party mod platforms that require moderation by the developer due to contractual agreement

Proactive Detection of Harmful or Inappropriate Text

Titles that use the StringService API meet the proactive detection requirement (for text scenarios) automatically. Titles should default to leveraging the StringService API for names and other short static text strings. If titles have other text scenarios that allow lengthier text input, or if there are technical or other limiting circumstances, titles can choose to implement their own variant of text filtering by restricting a set of terms from being displayed to another player on Xbox services. See the list of core words that must be leveraged as a minimum baseline for blocking or obfuscation from non-local players on Xbox services.

Graceful Handling of UGC Restrictions

If a player has a restricted UGC privilege (XPRIVILEGE_USER_CREATED_CONTENT) they should not be exposed to in-scope UGC created by other users. Adherence to other requirements (e.g., proactive detection and/or reporting) does not nullify the need to respect player settings.

Static UGC such as text and imagery may be replaced with default content (e.g., a string/image defined by the developer) or obfuscated entirely, depending on preferred implementation. When replacing or obfuscating content, consider implementations that maintain clarity with impacted users.

Interactive UGC, such as player-created maps, should not be accessible to impacted users. If a user cannot engage with content or features due to a restricted UGC setting, any error messaging should clearly inform the user of the restriction and why it has occurred.

Blocking entire game modes or experiences for users with restricted settings is not a preferred solution and less-restrictive means of respecting user settings should be used whenever feasible. If UGC is fundamental to an experience and there’s no viable way to respect blocked UGC settings while maintaining the integrity of the mode, blocking the mode may be approved via an exception, but must be clearly communicated in-game to impacted players.

If large portions of a game require UGC and are blocked for players with restricted settings, it should be communicated proactively via the game’s Product Details Page (PDP) in the Store.

Note

Additional Related Xbox Requirements (XRs)

• XR-045: Xbox network and Account Privileges: Ensure proper privilege checks occur.
• Console game only, XR-007: Cross-Network play, Data Usage, and Companion App Interactions: If your title supports cross-network play, ensure the title is compliant with UGC requirements outlined in XR-007.

Exemptions

Scenarios that are not considered UGC or are otherwise out-of-scope include:

• Xbox Gamertags (see Guidance and Best Practices for details)
• Prefabricated in-game player responses managed by the developer (e.g. "Hi", "GG").
• Character emotes managed by the developer.
• Recordings or 'ghosts' of a player's game activity.
• Scenarios in which players can minimally customize developer-managed content within strictly established parameters.
  • Exempt example:
    • Changing the color of a player emblem within a range of provided options that do not substantively modify the image. 
  • Non-exempt example:
    • Layering, rotating, cropping, or otherwise modifying a player emblem in a way that enables the creation of new imagery.
• Content created and shared in local/LAN scenarios, including via a connected companion app, and not shared to players beyond that local group.
• Content created offline and not shared to an online service. Note that offline content that is subsequently shared online is not exempt.
• Content created in an online setting that is transient, does not produce a tangible UGC artifact (photo, text, custom save file, mod package file, etc.), and is not intended by the developer to function as player content.
  • Exempt examples:
    • Drawings or words made from bullet holes.
    • Using game physics to nudge objects in a particular formation.
  • Non-exempt example:
    • Placing objects through a map editor or other developer-supported customization feature.
• Game mods distributed via channels outside of the developer's control, such as 3rd party websites (e.g. Nexus Mods) or stores (e.g. Steam), unless the 3rd party channel requires developer moderation due to contractual agreements.
• Game mods obtained through 3rd party servers not managed by the developer.
• Game mods that only alter game mechanics and not content, such as player stats, weapon stats, gravity, hitboxes, and weather conditions.
• Real-time transient text communications (such as lobby text chat or an in-match text overlay) are exempt from proactive text filtration.
• UGC shared between friends is exempt from proactive filtration.

Implementation Guidance and Best Practices

Best Practices for UGC Moderation

• Titles that implement their own text filtration solution should commit to a regular cadence of updating and maintaining their terms list (while maintaining strings included in Microsoft's core forbidden terms list).
• Titles that leverage UGC as their core gameplay mechanic (e.g. drawing, sandbox games, etc.) should implement a mechanism for players to capture screenshots for evidence associated with reports.
• Titles that implement in-game capture features (e.g. photos and videos) should consider whether the feature may enable objectionable content that requires moderation.
• Players should be provided with categorical options (e.g. player emblem, clan tag, map, etc.) to indicate why they’re reporting the UGC and should have an option to provide more context via a text field.
• If shared/duplicated UGC is removed or disabled, steps should be taken to remove the original offending content.
• Players should receive a notification that their UGC report was successfully received.
• If a player's UGC is removed/disabled, a reason behind the removal should be provided to them.
• The title or title's website should have a link to its takedown process for copyright material.
• When a player reports UGC they should no longer see that content on their devices and should be given an option to block all content from that creator.
• UGC reporting and moderation requires fundamental attributes to make UGC actionable. The minimum data for successful moderation generally consists of:
  • Unique Target User ID
  • UGC report type (player nickname, player emblem, texture, etc.)
  • UGC evidence (text, image, in-game metadata, etc.)
  • Date and time of report
  • Comments (more info) from report submitter
  • Origin location of report (web page, in-game view)
• Titles are empowered to implement systems that enable mitigations for repeat or egregious offenders, such as suspending a player's UGC sharing capability, and informing them why they cannot share UGC.
• For repeat or egregious offenders, titles are empowered to implement systems that enable preventative capabilities, such as disallowing UGC sharing on a per user basis.

Guidance for Usernames

Xbox gamertags are exempt from UGC requirements and should not be subject to text filtration, title-managed report options, or obfuscation due to a restricted UGC privilege. Players can report Gamertags to Xbox directly by accessing the user’s gamercard XR-047: User-Profile Access.

Other usernames are subject to proactive filtration and/or reporting requirements, but to maintain consistent and cohesive player identification do not need to be obfuscated to users with a restricted UGC privilege. This includes:

• Cross-network usernames
• Publisher-managed usernames
• Custom character names
• Clan/squad/guild names

For consistency, it’s recommended that to the extent feasible publisher-managed cross-network usernames undergo filtration at the point of creation and leverage a common terms list across supported platforms.

Additional Guidance for Game Mods

Local disabling of user generated content

If your game could become unresponsive when using different combinations of UGC you should consider providing a way to disable all UGC at the title screen. This will prevent your game from becoming permanently unplayable.

Device security & scripting

Format

• Console games only: UGC may not contain standalone executables or be constructed in such a way that an intermediary step (JIT, script compilation etc) would output an executable file.

Network access

• Console games only: Mods must not have any form of direct network access. If you intend to make game-internal functions available to UGC (e.g., "auto-join server"), please seek approval from your Microsoft contact before proceeding with implementation.

File system access

• Console games only: Mods must not have direct file system access. Game-internal functions like "auto-save" may allow file access but must enforce limits as per XR-133: Local Storage Write Limitations.
• Mods should be stored in an appropriate location on disk and not be mixed in with system/game locations/files.

Peripheral access

• PC/mobile games only: Mods should not be allowed access to HID units (cameras, microphones etc.) without the user first being notified and approval requested and granted.

Malicious software detection

• PC/Mobile games only: In order to avoid spread of malware from content creator to player, mods that are created outside of the console should be run through automatic malware detection systems on submission and should not be published before it passes those checks.

Certification Test Cases

018-01 Reporting Inappropriate Content and UGC Text-String Verification

Test Steps

1. Identify any areas of the title where text can be entered between non friends and is then viewable by users on another device.

2. Verify the title provides an in-product way to report other users' inappropriate or harmful UGC to the developer.

3. If there is no way to report inappropriate content, in each area, enter a string, sub string, etc. that is in the published list of banned words.

   • Enter the banned word directly (i.e. "BannedWord").
   • Enter a banned word with another non-banned word separated by a space i.e. ("Good BannedWord").

4. If the title allows UGC to be created in an offline state, e.g. character names, disconnect the device from the network, enter banned word combinations and reconnect to the network.

5. Verify that the inappropriate string is not visible to any other user on another device.

6. Repeat Steps 3-5 in each language supported by the title using banned words from the matching locale.

Expected Result
The title must provide an in-product way for users to report inappropriate or harmful UGC to the developer and/or implement a method for proactive detection of inappropriate or harmful UGC (for example, text filtering using the StringService API). Inappropriate or harmful content must either be blocked or obfuscated from non-local players on Xbox services.

Xbox gamertags are exempt from UGC requirements and should not be subject to text filtration, title-managed report options, or obfuscation due to a restricted UGC privilege.

Guidelines for UGC, such as a terms of use or code of conduct, are available to users either in-product or on the title's website.

Titles must not block entire game modes or experiences for users with restricted UGC privileges.

Pass Examples

1. Xbox gamertags are not filtered, obfuscated or subject to in-title reporting.
2. Cross-network usernames, publisher-managed usernames, custom character names or clan/squad/guild names are not obfuscated.
3. The title provides an in-product way for users to report inappropriate or harmful UGC to the developer.
4. The title prevents posting of inappropriate or harmful UGC and notifies the user for the reason the posting failed.
5. The title replaces inappropriate or harmful text with words or characters, such as Content Blocked, or $!*#&.
6. User entered text which is shared real time in game, such as a lobby or in-game text overlay, or only between friends is not filtered.
7. Inappropriate or harmful text strings are visible to users on the local console but are not transmitted to other non-friends beyond the local console.
8. Guidelines for UGC, such as a terms of use or code of conduct, are available to users either in-product or on the title's website.
9. The title does not block entire game modes or experiences for users with restricted UGC privileges.

Fail Examples

1. Xbox gamertags are filtered or obfuscated.
2. The title does not provide a way for users to report inappropriate or harmful UGC to the developer or allows inappropriate or harmful UGC to be visible to non-friends on other devices.
3. The title allows the user to circumvent inappropriate or harmful UGC filtering by creating UGC in an offline state and subsequently sharing it online.
4. Guidelines for UGC (such as a terms of use or code of conduct), are not available to users either in-product or on the title's website.
5. The title blocks entire game modes or experiences for users with restricted UGC privileges.