A new era for online regulation awaits as the long-anticipated Online Safety Act ("OSA") finally received Royal Assent today. This follows significant delays and intense Parliamentary scrutiny on its long journey to becoming law. Please click on our interactive timeline to find out more about the path to Royal Assent and the ongoing trajectory of the Act, along with our related commentary.
The Act sets out a comprehensive legislative package which focuses, in particular, on combating illegal content online and "lawful but harmful" content to children online, as well as measures empowering adult users to avoid "lawful but harmful" content. This sits alongside greater accountability for online platforms and search engines and protections for freedom of speech.
Much like its EU counterpart (the Digital Services Act), the OSA establishes a tiered, risk-based approach to obligations, with larger / higher risk online platforms and services being subject to greater regulation. In doing so, it sets out a statutory framework that imposes a variety of legal duties of care on those in-scope organisations, namely (i) user-to-user intermediary services; (ii) search engines; and (iii) those falling in (i) or (ii) that themselves publish certain online pornographic content.
The OSA will be enforced by the regulator, Ofcom, and is backed by fines of up to £18 million or 10% of annual worldwide for non-compliance and potential criminal liability for corporate officers for certain breaches. As such, the Act provides a far more robust and pro-active statutory regime than the current self-regulatory one. For further detail on the OSA please refer to our previous pieces here.
Consultation phase: A shift in focus to implementation
As part of its Impact Assessment, the Government estimated that 25,000 platforms are likely to be in scope of the OSA's online safety regime in the UK alone, in addition to many more located outside the UK who may be caught under its extra-territorial reach.
Whilst the OSA itself stands at just over 300 pages long, it is not yet clear what compliance will mean practically for in-scope services, since there is at present little detail on what the high level legal duties of care entail. Instead, the OSA envisages the creation of a range of Codes of Practice and guidance to be put together by Ofcom, to provide further detail for in-scope businesses.
Now that the OSA has received Royal Assent, it is anticipated that Ofcom will imminently kickstart a phased process of consultations during which in-scope service providers should engage with the regulator on the shape of its Codes of Practice and guidance. Ofcom's Chief Executive, Dame Melanie Dawes, has suggested that the consultation(s) could commence within a couple of days of the Kings Speech (which is due to take place on 7 November 2023). This will be a vital opportunity to potentially influence the regulator on what compliance with the OSA requires at an operational and practical level, as well as shape market practice. Those potentially impacted should therefore also be aware of how they can leverage public law principles to influence the implementation of the OSA.
What can in-scope organisations do now to prepare?
In the first part of our series Online Safety: Explore what is below focusing on the OSA, we provide practical tips on how best to prepare for these consultations and engage with Ofcom in respect of the Act. Our briefing can be found here and includes:
- An explanation of what Ofcom has said about its plans for consultation
- An overview of the anticipated timing and content of upcoming consultations that in-scope services should plan for
- Public law tips for engaging with Ofcom in consultation and other interactions such as responses to information requests or other opportunities to engage with the regulator.
These tips are designed to help in-scope businesses frame their consultation responses and engage with the regulator in the most effective way possible, before key Codes of Practice and guidance are finalised. In addition, these public law principles are important to bear in mind at all stages of engaging with the regulator in the context of the OSA, as they govern the parameters within which a regulator may act and how it engages and takes its decisions.
Our Online Safety Series
In the second part of our Online Safety Series focusing on the OSA, we will provide some practical tips on what in-scope organisations can be doing now to support compliance with the OSA (in parallel with the consultation phase referenced above).
"Online safety" requires a holistic approach. It does not comprise a single legal practice area. As such, compliance requires consideration of a range of (often intersecting) cross-practice issues, across the fields of platform regulation, data privacy, public law, human rights (particularly freedom of speech), emerging technology regulation (particularly artificial intelligence), contract law, disputes and competition, among others. As well as keeping one eye on regulatory developments in other jurisdictions overseas, given the challenges of global compliance in a fragmented international legislative framework.
As such, we will touch on the key issues for organisations to navigate in these areas in subsequent pieces as part of our series Online Safety Series focusing on the OSA.
We will also be releasing our guide to the OSA "The Online Safety Act: A deeper dive" in due course, which will distil the key aspects of the lengthy OSA for easier and more practical consumption.
In the meantime, to stay up to date on all the latest global developments in the field of online safety, please click here.
Watch this space.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.