A new era for online regulation awaits as the long-anticipated Online Safety Act (“OSA“) finally received Royal Assent today. This follows significant delays and intense Parliamentary scrutiny on its long journey to becoming law. Please click on our interactive timeline to find out more about the path to Royal Assent and the ongoing trajectory of the Act, along with our related commentary.
The OSA sets out a comprehensive legislative package which focuses, in particular, on combating illegal content online and “lawful but harmful” content to children online, as well as measures empowering adult users to avoid “lawful but harmful” content. This sits alongside greater accountability for online platforms and search engines and protections for freedom of speech.
The OSA will be enforced by the regulator, Ofcom, and is backed by fines of up to £18 million or 10% of annual worldwide for non-compliance and potential criminal liability for corporate officers for certain breaches. As such, the OSA provides a far more robust and pro-active statutory regime than the current self-regulatory one. For further detail on the OSA please refer to our previous pieces here.
Consultation phase: A shift in focus to implementation
As part of Ofcom’s Report “Ofcom’s approach to Implementing the Online Safety Act (26 October 2023)” it estimated that 100,000 platforms or services are likely to be in scope of the OSA’s online safety regime in the UK alone, in addition to many more located outside the UK who may be caught under its extra-territorial reach.
Whilst the OSA itself stands at just over 300 pages long, it is not yet clear what compliance will mean practically for in-scope services, since there is at present little detail on what the high level legal duties of care entail. Instead, the OSA envisages the creation of a range of Codes of Practice and guidance to be put together by Ofcom, to provide further detail for in-scope businesses.
Now that the OSA has received Royal Assent, it is anticipated that Ofcom will imminently kickstart a phased process of consultations during which in-scope service providers should engage with the regulator on the shape of its Codes of Practice and guidance. Ofcom’s Chief Executive, Dame Melanie Dawes, has suggested that the consultation(s) could commence within a couple of days of the Kings Speech (which is due to take place on 7 November 2023). This will be a vital opportunity to potentially influence the regulator on what compliance with the OSA requires at an operational and practical level, as well as shape market practice. Those potentially impacted should, therefore, also be aware of how they can leverage public law principles to influence the implementation of the OSA.
What can in-scope organisations do now to prepare?
In the first part of our series focusing on the OSA, we provide practical tips on how best to prepare for these consultations and engage with Ofcom in respect of the OSA. Our briefing can be found here and includes:
- An explanation of what Ofcom has said about its plans for consultation;
- An overview of the anticipated timing and content of upcoming consultations that in-scope services should plan for; and
- Public law tips for engaging with Ofcom in consultation and other interactions such as responses to information requests or other opportunities to engage with the regulator. This includes public law tips on the questions below:
- Is the consultation you have been asked to respond to adequate and fair?
- Are the proposed Codes of Practice or guidance within the scope of Ofcom’s statutory duties and statutory objectives?
- Are there potential human rights arguments which may be engaged by the proposed Codes of Practice or guidance?
- Are there aspects of the proposed Codes of Practice or guidance being consulted upon which are irrational or disproportionate?
- Are there any aspects of the process or procedure undertaken which raise questions of procedural unfairness?
These tips are designed to help in-scope businesses frame their consultation responses and engage with the regulator in the most effective way possible, before key Codes of Practice and guidance are finalised. In addition, these public law principles are important to bear in mind at all stages of engaging with the regulator in the context of the OSA, as they govern the parameters within which a regulator may act and how it engages and takes its decisions.
Online Safety Series
In the second part of our series focusing on the OSA, we will provide some practical tips on what in-scope organisations can be doing now to support compliance with the OSA (in parallel with the consultation phase referenced above).
“Online safety” requires a holistic approach. It does not comprise a single legal practice area. As such, compliance requires consideration of a range of (often intersecting) cross-practice issues, across the fields of platform regulation, data privacy, public law, human rights (particularly freedom of speech), emerging technology regulation (particularly artificial intelligence), contract law, disputes and competition, to name a few. It also requires keeping an eye on regulatory developments in other jurisdictions overseas, given the challenges of global compliance in a fragmented international legislative framework.
As such, we will touch on the key issues for organisations to navigate in these areas in subsequent pieces as part of our series focusing on the OSA.
We will also be releasing our guide to the OSA “The Online Safety Act: A deeper dive“ in due course, which will distil the key aspects of the lengthy OSA for easier and more practical consumption.
In the meantime, to stay up to date on all the latest global developments in the field of online safety, please click here.
Watch this space.
To read our briefing “The Online Safety Act: Part I: Preparing for consultations and engaging with Ofcom” please click here.