The Online Safety Act received Royal Assent on 26 October 2023. Keep up to date with developments on the Act at our Online Safety Act hub.
Six years since the Online Safety Bill emerged by way of a Green Paper commitment to internet safety, after intense parliamentary scrutiny, it will soon become law. The baton will then pass to Ofcom, the new online safety regulator, which will receive its powers two months after Royal Assent. It will then, in line with its roadmap to regulation start implementing the Bill, consulting first on a set of standards relating to illegal online harms, including child sexual exploitation, fraud and terrorism. All of the necessary secondary regulation is due to be passed by Autumn 2024, when Ofcom will publish its register of categorised services, i.e., those subject to additional obligations.
The Bill has been characterised, and propelled, by cross-party support. It has rightly been hailed by the Government as a "major milestone", notably in relation to protecting children online, where it promises a zero-tolerance approach. It also ends the era of self-regulation by tech firms with huge reach and impact, although in relation to "legal but harmful" content for adults, there remains a question mark as to how proactive they will be in refining and enforcing their terms and conditions. Similarly, there are concerns about the cliff edge, as users turn 18, from guaranteed, higher protections to mere "user empowerment", especially for vulnerable users. Others, such as lawyer and author Graham Smith, have throughout described the Bill as "deeply misconceived" and a threat to freedom of speech: "If the road to hell is paved with good intentions, this is a motorway," he told the BBC.
Key concerns
Two features have been identified as of particular concern, and are areas to watch.
Age verification
The new law requires certain businesses to check the age of their online visitors, using age verification or estimation software. Critics, including Executive Director of the Open Rights Group, Jim Killock, have dismissed these systems as unreliable, while at the same time threatening users' privacy. Meanwhile, The Wikimedia Foundation, which operates Wikipedia, said in April 2023 that it would refuse to perform any age checks.
End-to-end encryption
End-to-end encryption, relied on by messaging services such as WhatsApp and Signal to keep messages private and secure, but undermined, they say, by requirements in the Bill to scan proactively for illegal content. Although the Government promised it would not require such scanning until it becomes "technically feasible", this wording does not appear in the final version of the Bill, leading privacy advocates and industry bodies to worry that the can has simply been kicked down the road.
Professor Lorna Woods who, together with William Perrin of the charitable foundation Carnegie UK, was instrumental in its development, has published a summary of the key changes heralded by the Bill. Professor Woods has also stressed that we should not expect perfection. The Bill will be a success if social media companies and others are more responsive to user concerns, and "maybe we won't have to see quite so much of the stuff we don't want to see in the first place."
The Bill, if it succeeds in its primary aim of protecting children online, and more broadly in tackling the most dangerous of online harms, will be worth celebrating. As with any check on free speech, the question is whether the law, and its implementation, are proportionate, and whether the price for businesses, as well as users, is too high. Clearly, we also need to give the regime time to bed in, and to hear feedback, before judging its success. We will continue to monitor its progress, as Ofcom takes on the considerable task of implementing and enforcing the Bill.
Learn more about the Online Safety Bill
For more information, including our previous instalments, visit our Online Safety Bill Hub.
If you have any feedback or questions, contact us.
To receive further updates, please sign-up to our Online Safety Bill mailing list.