FTI Consulting Public Affairs Snapshot: Tackling online harms – what the Online Safety Bill means for UK businesses

What is the Online Safety Bill?

The Online Safety Bill establishes a single regulatory framework to tackle a wide range of online “harms”, ranging from illegal material to explicit or hateful content. The Bill places a duty of care on internet firms and services to put in place effective systems and processes, including effective reporting and redress mechanisms, under the regulatory oversight of Ofcom.

The legislation takes a tiered approach to the obligations of in-scope services- all companies will be required to tackle illegal content and those likely to be accessed by children will be required to protect them from content which may be “legal but harmful”.

The highest level of obligation sits with the largest and highest-risk platforms, dubbed “Category 1 Services” by the Bill. These services will need to enforce their terms and conditions more strictly, as well as clearly outlining what sort of potentially “harmful” content is allowed on their sites and balancing the removal of harmful or hateful content with a statutory responsibility to protect freedom of expression, democratic debate, and journalistic content.

Under the Bill’s provisions, those who fail to live up to their duty of care could face fines of up to £18m or ten per cent of global annual turnover (whichever is higher), and in the most serious cases face being blocked altogether.

What’s new?

The scope of the Bill has widened significantly since May 2021, with the government announcing changes in the lead up to publication last week. One fundamental change was to the controversial obligation on Category 1 Services to protect users against “legal but harmful” content where the broad definition of harm led to concern that it could be overzealously enforced by social media companies. To narrow the scope, the Government will define the types of harmful content that Category 1 services must address, such as self-harm or eating disorder content, in secondary legislation subject to approval by Parliament.

Significantly, the Government brought forward the Bill’s senior management liability provisions, which had previously been a deferred power. Under the updated Bill, criminal sanctions (up to and including custodial sentences) for failures to comply with Ofcom’s request for information notices will be introduced within two months of the Bill coming into effect, rather than within two years as previously planned.

The revised bill also saw the government add an obligation for companies to report child sexual exploitation and abuse content detected on their platforms to the National Crime Agency, as well as adding provisions to allow Ofcom to set expectations for the use of proactive technologies to tackle harms.

In the weeks leading up to the publication, the Government announced that it would be introducing several changes to the legislation, in response some of the scrutiny that the draft bill had received. This included a standalone duty requiring Category 1 services to combat paid-for fraudulent advertising online, compulsory age verification checks for adult websites, and a requirement for users to be able to better control who can interact with them on social media.

Similarly, the Government had already confirmed that it would include a new list of priority offences in the Bill, designed to reflect the most prevalent and impactful illegal content and activity. Companies will be legally required to take proactive measures to ensure these offences are not taking place on their platforms or through their services. The list will include revenge pornography, fraud, the sale of illegal drugs or weapons, the promotion or facilitation of suicide, people smuggling, and sexual exploitation.

Response and criticisms

Since its inception, the Online Safety Bill concept has drawn significant political attention and criticism and this latest iteration is no exception. Labour criticised the delay in bringing forward the Bill, with the Shadow Culture Secretary, Lucy Powell MP, saying that these delays “allowed the Russian regime’s disinformation to spread like wildfire online”. Additionally, Labour rejected the claim that the Bill is world-leading as seven countries have introduced online safety laws since the Government first announced its intention to regulate online spaces four years ago.

The changes to the Bill aim to address a number of prevalent criticisms, with the Government taking forward 66 of the Joint Committee on the Draft Online Safety Bill’s recommendations. However, campaigners have still criticised the impact of the Bill on privacy grounds, with a long-standing concern being the impact its provisions could have on freedom of speech online. The civil liberties think tank Big Brother Watch responded to the publication of the Bill by saying: “The Online Safety Bill is set to rip up the rule book as far as traditional British free speech standards are concerned. This is a censor’s charter that will give state backing to big tech censorship on a scale that we have never seen before”.

The Government have rejected this criticism, claiming that the Bill safeguards freedom of expression online by introducing a new statutory duty for both Ofcom and in-scope companies to protect freedom of speech online, as well as banning Category 1 Services from “arbitrarily” removing harmful content. The Government argues that services need to be clearer and more consistent about their processes, with additional safeguards in place for democratic or journalistic content.

Contrastingly, while mental health charities and children’s organisations have welcomed the Bill, some are asking the bill to go further. The Molly Rose Foundation, a suicide prevention charity targeted at young people, welcomed the new draft Bill saying in a statement: “The Molly Rose Foundation and Molly’s family urge Parliamentarians to deliver a safer internet for all, especially our young. The first reading of the Online Safety Bill in Parliament is another important step towards ending the damaging era of tech self-regulation. Increasingly, we are all reminded of the appalling consequences created by harmful online content.”

The National Society for the Prevention of Cruelty to Children (NSPCC) called for the Bill to be strengthened further, with NSPCC CEO Peter Wanless saying: “The Online Safety Bill is a landmark piece of legislation that must act as a key pillar of the child protection system for generations to come.” The NSPCC want provisions added to the Bill that will hold a senior manager liable for children’s safety on every platform, place duties on platforms to tackle grooming pathways, disrupt child abusers using social media, and to provide a legal advocate for children funded by an industry tax.

What does this mean for businesses?

The Government has described the Online Safety Bill as a “milestone in the fight for a new digital age which is safer for users and holds tech giants to account”, delivering on its 2017 promise to make Britain “the safest place in the world to be online”. Given the broad scope of the updated Bill and the wide variety of the included provisions, it is fair to say that it heralds a new era of responsibility for the industry- the end of self-regulation and the internet’s “Wild West”.

As the Conservative Government has a significant majority in the House of Commons, the Bill is almost certain to become law, though it remains to be seen how it may develop between its introduction and receiving Royal Assent. Given the number of times the Bill has already changed since the original Online Harms White Paper, we can expect a healthy debate and number of amendments as the Bill progresses through the House of Commons and the House of Lords reflecting the wide range of interests in the Bill.

The shortening of the period between the Bill receiving Royal Assent and the introduction of criminal sanctions for failure to comply with information notices, is illustrative of the government’s ambitions and desire for the legislation to start making an impact rapidly. While there will be an implementation period, not least so Ofcom can develop its Codes of Practice, companies within scope will need to move quickly to ensure that their businesses are fully compliant with the new regulations.

What is clear is that this is only the beginning of a new era of post-Brexit digital regulation in the UK. The Government published its Plan for Digital Regulation in July 2021, where it set it agenda to balance the dual ambitions of both unlocking the enormous benefits of digital technologies, while minimising the risks they present both now and in the future. With this legislative agenda progressing, it is more important than ever that businesses operating online are informed about, and engaged in, the debate surrounding digital regulation and are able to rapidly adapt to the new regulatory environment thereafter.