I also found that one of the most difficult things to ascertain. I wasn’t sure whether we were responsible for assessing risk on Meta (as administrators of the community), or the risk of using Discourse more generally (the risk for our customers).
If the latter, I didn’t know what size category that would put us in. Turns out it was the former.
What we learned at a seminar is that Ofcom have already reached out to the platforms that they currently believe fall into a category which requires anything more than annual self-assessment and have let them know they will have to formally submit their assessment. If you have not been contacted, I think you can assume that you are required to do your self-assessment, complete any mitigation, and reassess annually or when there are significant changes to scope. You will need to be able to show your assessment work if asked, but you don’t need to submit it anywhere.
But note that I am as new to this as the rest of you so please consider this my opinion, rather than compliance advice. You will need to do your own research.