UK Online Safety Act passes first enforcement deadline, threatening big fines

One of the main reasons regulations are not especially popular among ambitious CEOs is that they can cost money. This is certainly the case with the UK Online Safety Act, which, as of March 17 – the first deadline for enforcement of the illegal harms codes – can impose hefty fines on platforms that do not implement “robust measures” to stamp out fraud, terrorism, child sexual abuse material and other criminal activities.
A report from The Guardian says the law covers more than 100,000 services across social media, search engines and messaging apps, including Facebook, Google, X, Reddit and OnlyFans. It lists 130 “priority offences,” which come with penalties of up to £18 million (US$23M) or 10 percent of the offending firm’s worldwide revenue. Tech companies were to have completed compulsory illegal content risk assessments by March 15.
UK regulator Ofcom has published codes of conduct with reference to the act and offers a tool to help companies check if the act applies to their operations. It believes many of the riskiest sites do not currently satisfy the requirements, and says they have “a job of work” to do in order to achieve compliance.
Vance makes bid to influence UK online safety laws, protect US tech titans
Yet while the regulatory cannon is now armed, there are wrenches in the works in the form of looming trade and foreign policy threats. Specifically, Donald Trump and J.D. Vance, who have threatened to retaliate against foreign action affecting U.S. companies. Silicon Valley has been tightening its relationship with the White House since Trump’s inauguration, and will not look kindly on the threat of potentially billions of dollars in fines.
Pushback has already begun: MLex reports that last month, the Republican-led US House Judiciary Committee sent subpoenas to eight American tech companies demanding details of their communications with UK officials related to the act and content moderation.
Meanwhile, the pressure is on to drive economic growth in the UK, and there are concerns – firmly denied by the UK government – that online safety legislation could become a bargaining chip in a trade deal with an administration that is currently berserking on global trade relationships.
Is the Online Safety Act dead in the water? Ofcom says just watch
The larger concern is that Ofcom and the act could have their regulatory teeth pulled before they even get started. MLex says senior tech lawyers are questioning Ofcom’s willingness to issue large fines in the current political climate, and what enforcement is carried out could be largely perfunctory, leaving major gaps.
In a briefing regarding a letter sent to UK MPs, a coalition of rights groups, which includes the 5 Rights Foundation and the Internet Watch Foundation, says that Ofcom’s codes of pratice “set a low baseline for compliance.”
“Since the publication of the first draft code, there has been considerable concern from civil society, victims’ groups, academics, parents’ groups and parliamentarians that Ofcom’s proposals do not align with parliamentary intent and will fail to meet the Act’s objectives,” the group says. It wants the law to require services to take a safety by design approach.
Ofcom, in its defense, says that UK online safety legislation is not up for debate with foreign trade partners, that regulation and growth are not in opposition, and that it plans to carry out its enforcement duties with vim and vigor, starting with larger sites and apps that have large numbers of UK users or notably extreme content.
The Financial Times quotes Suzanne Carter, enforcement director at Ofcom, who says, “make no mistake, any provider who fails to introduce the necessary protections can expect to face the full force of our enforcement action.”
Article Topics
biometrics | children | digital identity | Ofcom | Online Safety Act | regulation | UK
Comments