A recent BBC Article reports that US technology giants have warned that the economic and legal landscape in the UK is becoming less appealing for tech companies, such as Meta and Google. This is due to several developments which can be classed into two main categories: (1) Increasing UK legislative regulation, requiring tech giants to comply with an extra layer of UK regulations in addition to EU regulations and (2) the CMA's recent Microsoft/Activision decision to block their merger.

The regulation of the digital space

Online Safety Bill

Firstly, the Online Safety Bill ("OSB") purports to create a new duty of care for online platforms towards their users. Some of the clauses have received criticism from tech giants. For instance, one of the provisions would require that companies such as WhatsApp and Signal scan their encrypted services and communication technologies for child-abuse material. Where certain conditions are met, these encrypted messages will also be handed over to law enforcement. This has led WhatsApp to threaten a withdrawal of its services from the UK market, where it has 40.23 million users.

UK Digital Markets Bill

Secondly, the UK Digital Markets, Competition and Consumers Bill sets out the new powers that the CMA will have when it comes to regulating firms with 'Strategic Market Status' (i.e., Big Tech giants). Concerns have been raised by tech giants that this places too much power in the hands of one regulatory body. However, it is worth noting that this regulatory move is not UK-specific; the EU has recently introduced its own Digital Markets Act (see here for our previous article on the DMA), which in many aspects goes further than the UK's own Bill in regulating the conduct of tech giants. The EU market is nevertheless substantially larger than the UK's, which could perhaps explain why, in part, the EU has felt so emboldened in pursuing harsher regulations than the UK has done.

Investigatory Powers Act

Proposed amendments to the Investigatory Powers Act have also led to complaints from tech giants. The amendment would require companies such as Apple to release their security features for services such as FaceTime after getting clearance from the Home Office. The proposed amendment would also allow the Home Office to require the disabling of certain security features without informing the public.

The CMA

The CMA's recent decision to block the Microsoft/Activision merger has been heavily criticised by the Big Tech giants, especially given that the EU decided to approve it. In a statement published after the block, Microsoft and Activision stated that 'the UK is clearly closed for business.'

Striking a balance

The tensions between tech giants that are threatening to leave and UK regulators are the result of economic and regulatory trade-offs. There is a tension between promoting innovation and competition for smaller companies while retaining a business-friendly landscape for tech giants such as Meta and Apple. Furthermore, the current UK government has tried to place itself as a pro-innovation, pro-business market. All the while, regulatory efforts are taking place in the midst of an increasingly technically complex environment, raising concerns that the legislation being passed is not 'well-informed.'

These challenges and trade-offs are not unique to the UK; most of the prohibitions and obligations enshrined in the EU's DMA are the product of competition law decisions which were appealed consistently by Big Tech companies. Although tech giants have flagged their gripes with the UK's changing regulatory landscape in the digital arena, they are facing regulatory pushback across the globe already. Whereas the UK is hoping that 'UK versions' of the EU legislation will be more tech industry friendly and attract greater investment, it remains to be seen whether in practice, the additional layer of UK regulation will have the opposite effect and lead to a UK 'Te(ch)xodus'.

Update on the OSB

The OSB was introduced in May 2021 (see here for our initial blog on the OSB). The core objective of the Bill is to protect children from online harms and harmful content by imposing a duty of care on online platforms. Since its introduction, the Bill has almost doubled in length to 262 pages. Some of these new measures include:

  1. Stronger mechanisms to ensure that age assurance and verification mechanisms are in place to protect children from harmful content.
  2. A new taxonomy for identifying different kinds of harmful content that online platforms should prevent under 18s from accessing.
    • A distinction is drawn between 'primary priority content' (e.g. pornographic content) and 'priority content' (e.g. violent content, content which promotes abuse of substances).
  1. The introduction of four new offences relating to 'cyberflashing' (the non-consensual sharing of intimate images).
  2. Measures to improve media literacy undertaken by Ofcom.

The Bill had been in the Report Stage in the House of Lords up until July 19. There were two votes on proposed changes to the Bill:

  1. Platform categorisation - Members voted to change how an online platform is designated: move from a website's size and functionality to its size or This gives more flexibility to Ofcom in deciding how to categorise different platforms.
  2. Anti-terrorism and child abuse orders - a provision was proposed to allow online platforms to request an assessment from the ICO of the compatibility of a s111 information order1 with UK privacy legislation. This clause was not passed, however it highlights some of the faultiness between data protection legislation, privacy and online safety.

The Bill was passed to the House of Lords in January 2023 and is still being debated in Parliament as of August 2023. The Bill's Third reading in the House of Lords is scheduled for September 6.

Footnote

1 As per the draft Bill, under s110 and s111, where an information order is made, it is an offence to not comply with its requirements. S111 of the draft Bill imposes senior managers' liability for these information offences. The failed amendment would have allowed for a data protection assessment from the ICO where the information requested could have infringed an individual's data protection rights.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.