Ofcom implementation delays trigger pressure from DSIT, pushback from Wikipedia

Months after it began enforcing the UK Online Safety Act and its related codes, British regulator Ofcom finds itself in a bit of a pickle. On November 12, it published an update on the remaining implementation steps for the regime, which pushes to Summer 2026 the implementation of key provisions on categorization rules. The delays have drawn the ire of the Department for Science, Technology & Innovation (DSIT), which wants the law rolled out on schedule. They have also given fresh fuel to Wikipedia as it argues for an exemption; the Wikimedia Foundation is now calling for reforms to the OSA.

The regulator has thus become a stress point for the online safety laws reshaping the biometrics and digital identity sectors: pushed at by one party to be more aggressive, while an opposing force attempts to pull its case apart.

Tech secretary’s statement expresses ‘deep disappointment’ in Ofcom

None of that has stopped its momentum, as it lays out its key milestones for the next year in a blog post. Ofcom’s categorization register and consultation on the additional duties that will apply to categorized services is not set to be released in Summer 2026, following “a representations process in early 2026, which will give the services that we believe meet the threshold conditions an opportunity to comment on our provisional decisions before we finalize the register.”

The consultation will cover “duties relating to fraudulent advertising, terms of service, user empowerment, ID verification, news publisher content, journalistic content and content of democratic importance.” Ofcom says it will publish final policy statements as soon as possible, which is to say by mid-2027. “Where we can, we will bring forward final statements ahead of the main package to maintain pace. We are already planning on publishing our final statement on the terms of service guidance in early 2027.”

That’s a significant delay, and stakeholders have taken notice. A letter to Ofcom head Dame Melanie Dawes from Secretary of State for Science, Innovation and Technology Liz Kendall says DSIT’s not mad, per se – just disappointed.

“While I understand the need to ensure the regime is robust, I would like to express my deep disappointment in the delays to the overall implementation of additional duties on categorized services that have been set out in Ofcom’s roadmap,” Daes writes. “As I made clear when we met and in my subsequent letter of 27 October, we should not be willing to accept delay: the Online Safety Act was a long time coming and people across the country have been waiting too long for the protections it brings.”

“Regardless of the timetable I trust that Ofcom will set clear expectations for services that do not need to wait and should be implementing these important protections for their users as quickly as possible.”

Huge platforms upset about having to pay online fees

Secretary Kendal is also unhappy about the fee regime Ofcom has slated to kick in at the end of 2025. Ofcom will impose a duty to pay fees on providers whose “qualifying worldwide revenue” is above a threshold to be set by Kendal. Per Ofcom’s update, “once in force, there will be a 4-month notification window for relevant platforms to submit their revenue data to Ofcom for the 2026/27 charging year.”

The Secretary says that, while she intends to confirm her position on the revenue threshold and Ofcom’s proposed exemption separately, she welcomes the regulator’s “willingness to engage in a review of the fee regime to ensure the regime does not place undue burdens on safe and responsible businesses.”

“It is imperative that the fee regime is implemented in a proportionate manner.”

A further note in her letter expresses concerns over the spread of antisemitic content, and urges the regulator to be firm in cracking down on hate speech.

“As noted in my letter of 27 October, Ofcom should do everything possible under the Act to tackle antisemitic content and hate speech online,” Kendall says. “Further to this, I want to emphasise the vital role of effective enforcement in supporting this aim. We need to see progress in tackling this egregious, divisive and hateful content online.”

Ofcom statutory reports on age assurance, app stores on the way 

Ofcom, meanwhile, is making it clear that the implementation of the Online Safety Act was not the conclusion of work on online safety, but merely the beginning. Finalized rules still to come in 2025 include Ofcom’s guidance on a safer life online for women and girls, as well as “a consultation on our draft guidance for categorized services concerning the disclosure of information about a deceased child’s use of their platform.”

Final guidance on the regulator’s super-complaints process is slated for publication in February 2026. A  final statement of recommendations on how online platforms should promote media literacy is due in the spring. Summer will see the publication of the categorization register, as well as the release of an age assurance statutory report “assessing how services have used age assurance and how effective it has been for the purpose of complying with their duties under the Act.” For the age assurance report, Ofcom is soliciting input and evidence on the topic.

Statutory reports on content harmful to children and app stores are due in October 2026 and January 2027, respectively. Another note says “the government has announced that it will amend ‘priority’ offences under the Act to include content encouraging or assisting serious self-harm, cyberflashing, and online porn showing strangulation or suffocation.

Wikipedia says OSA’s categorization rules put public interest at risk

Meanwhile, the Wikimedia Foundation is arguing that delays to the categorized services rules prove the framework is flawed. Wikipedia has a major stake in the issue: it fears that if the categorization rules apply the strictest rules (Category 1) to its service, which include requirements for identity verification, it could choke contributions.

A report from MLex quotes Phil Bradley-Schmieg, the Wikimedia Foundation’s lawyer, who says “it is clear from these latest changes and delays that the Online Safety Act’s categorized services framework – although well-intentioned – remains flawed and requires significant changes if it is to be effective without harming public interest projects such as Wikipedia.”

The foundation lost a previous court challenge to the Categorization Regulations, although the dismissal from the UK High Court included a proviso that its ruling should not be read as a green light to bring down the hammer on Wikipedia.

Article Topics

Department for Science Innovation and Technology (DSIT)  |  identity verification  |  Ofcom  |  Online Safety Act  |  regulation  |  UK age verification  |  UK digital ID  |  Wikipedia