The Online Safety Bill

As the Online Safety Bill progresses on its journey through Parliament, we consider the wide online scope of the Bill, some key duties and criminal offences under the Bill, and tips to help prepare your business, pursuant to application of the Bill.

The Bill looks to protect children and adults online and make social media companies more responsible for their users’ safety on their platforms.

The Bill is expected to receive Royal Assent sometime during 2023. As part of our guidance series, Weightmans will release updates as the Bill progresses. Under the Bill, companies in scope will have to put in place systems and processes to improve user safety.

You can sign up to stay up to date with the Bill’s key developments and other commercial law topics.

Scope of the Bill

The scope of the Bill is far reaching and as well as applying to the big social media platforms and search engines, is likely to encompass thousands of smaller platforms, including messaging services, websites, platforms and online forums where information can be shared, where advertising is served, or where users might interact with other users.

Legal requirements

The Bill imposes legal requirements on:

• providers of internet services which allow users to encounter content generated, uploaded or shared by other users;
• providers of search engines which enable users to search multiple websites and databases; and
• providers of internet services which publish or display pornographic content (meaning pornographic content published by a provider).

Regulator

Ofcom will be the appointed regulator in the UK to enforce the Bill.

Platforms will have to show they have processes in place to meet the requirements set out by the Bill. Ofcom will check how effective those processes are at protecting internet users from harm.

Ofcom will have powers to take action against companies which do not follow their new duties. Companies will be fined up to £18 million or 10 percent of their annual global turnover, whichever is greater. Criminal action will also be taken against senior managers who fail to follow information requests from Ofcom.

In the most extreme cases, with the agreement of the courts, Ofcom will be able to require payment providers, advertisers and internet service providers to stop working with a site, preventing it from generating money or being accessed from the UK.

Jurisdiction

As well as UK service providers, the Bill applies to providers of regulated services based outside the UK where they fall within scope of the Bill, for example, because such services target the UK or they have a significant number of UK users.

Duties to tackle illegal content

The Bill places a duty of care on tech companies to limit the spread of illegal content on their platforms. It designates a number of “priority offences” – such as hate crime, harassment and stalking – which companies will have a proactive duty to seek out and minimise if the Bill is passed. In-scope companies would consequently need to design and operate their services to be safe by design and prevent users from encountering this content.

In-scope companies will also be required to carry out illegal content risk assessments (sections 8 and 23) and undertake specific duties to protect children’s online safety (sections 11 and 26).

Ofcom is set to monitor compliance with this regulatory regime through new enforcement powers, including powers to issue Provisional Notices of Contravention to companies, reasonably believed to be non-compliant and to issue Confirmation Notices to companies which fail to take the remediation steps it prescribes. Companies which still refuse to comply, are set to face heavy financial penalties.

Criminal offences under the Bill

The Bill also includes a number of ‘communications offences’, encompassing offences for (i) sending communications which pose a real and substantial risk of causing harm to a “likely audience” (meaning a reasonably foreseeable recipient), (ii) sending knowingly false communications which are intended to cause harm to a likely audience and (iii) sending communications which convey a threat of death or serious harm (sections 150-152).

These offences would apply to users of online platforms and aim to capture a wide range of harms which arise across different types of private and public online communications including abusive emails, social media posts and messages sent on instant messaging services. Where one of these offences is committed by a body corporate, the responsible corporate officers of that company would be held criminally liable as well as the company itself, where the officer has consented, connived or been neglectful (section 155).

The Bill also details new powers for Ofcom to issue ‘information notices’ demanding information and data from companies, including the role of their algorithms in selecting and displaying content (section 85). In issuing these notices, Ofcom could require companies to name the relevant senior manager with responsibility for its compliance. Where companies fail to comply with information notices (for example by providing false information), these senior managers could face individual criminal liability and, potentially, imprisonment for up to two years (section 93).

Notably, the previous draft of the Bill proposed commencement of these information offences following a post-legislative review at least two years after the Bill obtains Royal Assent. The Government now intends to accelerate this timeline to only two months. Additional powers for Ofcom envisaged by the Bill, include powers to request interviews with company employees (section 90) and to enter and inspect tech companies’ premises (section 91).

Tips to help prepare your business

Appreciating the wide scope of the Bill, most businesses that provide online content are likely to be caught by its provisions, and accordingly may wish to take the following initial steps:

• consider your operations and conduct risk assessments of your platforms and websites;
• review your complaints procedures and terms of service;
• consider improvements to your systems for monitoring content, and how to balance freedom of expression with the need to protect users from harm;
• evaluate if you might be classified as a Category 1 service and therefore be required to comply with the extra obligations imposed;
• review internal systems for spotting and reporting potential harm;
• keep up to date with Ofcom’s position, as it prepares to regulate the Bill and consults on various aspects;
• be attentive to the passage of the Bill through Parliament and seek legal guidance and support.

How Weightmans can help

As a leading, award-winning UK law firm, we are focused on insight, expertise and putting people first. It is this that drives our specialist team to achieve the best results for you.