We understand today that the progress of the long-awaited UK Online Safety Bill is expected to be delayed, following Boris Johnson's resignation as prime minister.
The draft Bill was due to reach the final stages of its path through the House of Commons (Report Stage and Third Reading) next week before summer recess on 21 July. However, the Bill is now expected to be re-arranged in the parliamentary schedule to Autumn instead – which will mean it is after a new prime minister has been appointed.
Comprehensive package with international reach
The Bill sets out a comprehensive package seeking to combat both illegal and "lawful but harmful" practices online, whilst also "ushering a new era of accountability and protections for [freedom of expression and] democratic debate". Enforced by Ofcom and backed by fines of up to £18 million or 10% of annual worldwide revenue for non-compliance and potential criminal liability of corporate officers for certain breaches, the Bill provides a far more robust statutory regime than the current self-regulatory one.
The new rules apply to both "user-to-user" services (that allow users to post their content online or interact with each other) and search engines, that have "links with the UK" (whether based in the UK or not). This includes technology companies and digital platforms, among others, that provide services to a significant number of users in the UK, target the UK market or can be used in the UK by individuals.
Will the Bill continue totake the same form?
Whilst originally set out in the Conservative's Manifesto 2019 and a priority for Boris Johnson's government, the Bill has been subject to a series of delays and criticism – particularly around whether it strikes the balance between protecting online users whilst also safeguarding freedom of speech / democratic debate online or whether it gives rise to potential constraints on innovation and investment for those in scope. The scope of "lawful but harmful" content under the Bill, has also been subject to much debate in the House of Commons and amongst industry stakeholders.
With a new prime minister (and likely a new Secretary of State for Digital, Culture, Media and Sport) taking the helm in due course, it is unclear how much of the Bill will progress in its current form – with at least one of the current candidates for prime minister openly objecting to aspects of the Bill.
Delays to the roadmap ahead
Last week Ofcom set out its "roadmap to regulation" for putting online safety legislation into practice. To assist regulated services, the roadmap includes a likely timeline for implementing the Bill (including related consultations around guidance and codes of practice). Whilst Ofcom anticipates the Bill receiving Royal Assent by early 2023, this now appears optimistic and the timeline is likely to evolve further.
Much of the detail of the Bill (including the extent of applicable duties relevant to regulated service providers) will be set out in secondary legislation and codes of practice prepared by Ofcom that have not yet been published. The true impact and of the new legislation and how to comply with it is therefore still not clear at this stage and is now likely to be delayed further. It will also be key for industry stakeholders in scope to input into related consultations to ensure the regime is workable in practice.
The race to regulate: how to minimise the compliance burden?
In parallel with the Bill, the proposed European Digital Services Act (DSA) was first published by the European Commission in December 2020. It proposes new rules to increase the responsibilities of providers of online intermediary services and reinforce oversight over online platforms' content policies.
There are some key differences between the EU and UK approaches. For example, the EU proposals only explicitly cover illegal content (rather than the UK's attempt to regulate harmful content as well). In both cases, there are likely to be grey areas that will test the limits of the legislation and cause difficulties for service providers trying to interpret their obligations.
For regulated organisations operating in / targeting both a UK and EU footprint, it is worth considering how your compliance programme can be carried out in the most efficient way – given the potential overlap between the UK and EU legislative packages as well as the likely disparity in timing of the two packages. Consider whether operationally the most practical solution requires you to apply a consistent "gold standard" across both jurisdictions in respect of at least some of the regulatory obligations.
Watch this space.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.