Online Safety Bill: A compliance headache for tech firms

The UK government published its draft Online Safety Bill in May this year, setting out its ambitious new framework to protect users against harmful content online. Much of the Bill reflects the Government’s previously announced position but it does include new obligations applicable to services with the widest reach (‘Category 1’), adding to their already substantial compliance burden.

Wide range of duties applicable to all

Broadly, all search engines and services which allow user interaction will need to:

• Conduct risk assessments to understand the risk of harm to users from illegal content and implement systems and processes to protect users against illegal content; 
• Conduct regular compliance reviews, and keep records of all risk assessments and steps taken to comply with their obligations; 
• Have regard to freedom of expression and user privacy when designing systems and processes;
• Have effective user reporting and complaints mechanisms; and
• Have clear and accessible T&Cs and apply those consistently.

All services will need to determine if they are likely to be accessed by children and, if so, conduct risk assessments to understand the risk of harm to children from harmful content and implement systems and processes to protect children against such content.

Services whose worldwide revenue is at least equal to a threshold set by Ofcom (and approved by the Secretary of State) will need to notify Ofcom and pay an annual fee.

Additional duties for Category 1 services

Category 1 services will also be required to conduct risk assessments to understand the risk of harm to adult users from lawful but harmful content and specify in T&Cs how they will deal with such content. They will also be required to produce an annual transparency report that meets criteria set by Ofcom.

The Bill introduced duties for Category 1 services that had not previously been detailed, requiring them to: 

• Periodically assess the impact of new and existing policies on the protection of freedom of expression and user privacy;
• Design systems and processes to ensure free expression of content of ‘democratic importance’ and journalistic content is given due consideration when deciding how to treat content and users; and
• Have a dedicated and expedited complaints procedure for journalistic content.

Possible senior management liability

The Bill includes a criminal offence for senior managers, but this will not be introduced for at least two years after the regime is fully operational and only if services do not ‘step up their efforts to improve safety’. Even if individual liability is introduced, it will only apply if companies do not comply with Ofcom’s information requests.

However, the Bill does introduce a criminal offence for ‘officers’ (who are, or purport to be, a director, manager, secretary or other officer) where the officer has consented or connived with a service’s failure to comply with Ofcom’s information requests.

Be ready, act now

Complying with this regime alone would be a major undertaking for many services. Yet this is just one of many regulatory regimes either in effect or being developed across the globe. Putting in place systems and processes that can comply with each regime, while maintaining a broadly consistent user experience, is a challenge that services will need to begin tackling sooner rather than later.

While preparation is key, lack of detail in the Bill in key areas - such as what constitutes harmful content and the thresholds for category 1 services – means that platforms will not be able to fully prepare until the legislation is in final form. Services will therefore need to maintain some flexibility when planning their compliance regimes at this stage.

Authors: Ben Packer (Partner) and Jemma Purslow (Managing Associate), Linklaters

techUK - Building a Thriving Digital Society

Visit our Digital Society Hub to learn more or to register for regular updates.

techUK is in constant dialogue with Government and policy makers to provide the perspective of the tech industry on a wide range of policy issues. Current policy engagement includes online safety, data protection, competition in digital markets, and online fraud. Get in touch to see how we can support your policy work. Visit our Digital Society Hub and complete the ‘contact us’ form.