Knowledge Hub
for Growth


What is the UK’s Online Safety Act? Your business guide

Despite the endless knowledge it offers, the internet (and social media particularly) can also be a place of great harm, particularly for young and vulnerable people. The extremely tragic cases of child suicides have been widely reported, sometimes largely because of harmful content children found online. To tackle this critical issue, a new Online Safety Act has come into force. This is an extremely ambitious and wide-reaching law which aims to make the UK the safest place in the world to be online.

The Online Safety Bill received Royal Assent on 26 October 2023 and is now the Online Safety Act 2023. This law designed to protect both children and adults online. The law had faced numerous debates and many rounds of changes, given how critical the issues it covers are. The Online Safety Act had difficult journey – as the Online Safety Bill had been in debate for years and subject to various amendments and scrutiny.

The duties under the Online Safety Act are unprecedented and the fines for breaching these laws are exceptionally high.

Whilst it’s extremely important that action is taken quickly to target online harm and this concern globally, this new UK law will have huge implications for businesses, by introducing extremely stringent new rules and very heavy fines for failing to comply with them. The Online Safety Act has ‘teeth’ since the enforcement powers for non-compliance are similar to those under the stringent UK GDPR law.

In this article, our data protection solicitors set out what the Online Safety Bill is and what it will means for businesses.

What is the Online Safety Act?

The Online Safety Act is a new law designed to protect children and adults online. One of the key purposes of the law is to make social media companies act more responsibility when it comes to user safety on their platforms. The new law places several obligations on online service providers.

A key aim of the Online Safety Act is to make the internet safe and it places (amongst other obligations) a duty of care on certain online platforms, requiring them to carefully protect users and act against harmful content. This is particularly important for children and builds upon the ICO’s Age-Appropriate Design Code.

A fundamental intention of this law is to safeguard against potentially very harmful types of internet content, for example illegal pornography and trolling.

The new law is extremely complex and businesses who fall under its scope need to comply with various obligations including conducting risk assessments, taking steps to mitigate the risk of harm to their users, tackling illegal content on their services and increasing user control.

After years of debate and discussion, Technology Secretary Michelle Donelan explained the following about the Online Safety Bill in the government’s press release.

'Today will go down as an historic moment that ensures the online safety of British society not only now, but for decades to come.

I am immensely proud of the work that has gone into the Online Safety Act from its very inception to it becoming law today.

The Bill protects free speech, empowers adults and will ensure that platforms remove illegal content. At the heart of this Bill, however, is the protection of children.

I would like to thank the campaigners, parliamentarians, survivors of abuse and charities that have worked tirelessly, not only to get this Act over the finishing line, but to ensure that it will make the UK the safest place to be online in the world.'

The government’s press release mentions that if technology companies do not comply with the rules, they could be fined, and fines handed down to the biggest platforms could reach billions of pounds.

The Online Safety Act will protect children by making social media platforms:

  • Remove illegal content quickly or prevent it from appearing in the first place. This includes removing content promoting self-harm.
  • Prevent children from accessing harmful and age-inappropriate content.
  • Enforce age limits and age-checking measures.
  • Ensure the risks and dangers posed to children on the largest social media platforms are more transparent, including by publishing risk assessments.
  • Provide parents and children with clear and accessible ways to report problems online when they do arise.

In addition, adults alike will be protected. The Online Safety Act will provide protection for internet users that will:

  • Make sure illegal content must be removed.
  • Place a legal responsibility on social media platforms to enforce the promises they make to users when they sign up, through terms and conditions.
  • Offer users the option to filter out harmful content, such as bullying, that they do not want to see online

The Online Safety Act also requires pornography websites to use age verification or estimation.

What does the Online Safety Act mean for businesses in the UK?

The new law specifies different categories of ‘in-scope’ services, meaning different providers will have different responsibilities depending upon their categorisation.

Some of the key features of the new law include (amongst other obligations) the following:

  • Online service providers will need to remove illegal content.
  • Online service providers will need to work to prevent illegal content from appearing.
  • Children will need to be prevented from accessing harmful and age-inappropriate content.
  • Online service providers will need to implement age-verification measures and undertake risk assessments.

The Online Safety Bill Act applies to businesses who provide online ‘user-to-user services’ and online search services. It is expected that the social media, messaging, search and online advertising services businesses will face the most impact as a result of the Online Safety Act. That being said, it won’t just be very large social media companies who will fall under these rules. Various companies (for example search engines, online gaming platforms, advertising services, e-commerce platforms and marketplaces) will need to put new systems in place to protect users and comply with this new law. The law will regulate services which target UK consumers, even if the services are not based in the UK. The legislation will therefore have huge consequences on many businesses both in the UK and internationally.  

Enforcement Powers

In terms of enforcement, the new law will empower regulators to take control and will be enforced and monitored by Ofcom.

Ofcom will have responsibility to ensure that platforms have processes in place to comply with these rules and the power to fine businesses who do not comply.

The fines which could be imposed will be up to £18 million or 10% of a business’ annual turnover, whichever is higher. Failure to comply could also result in criminal prosecution. The Online Safety Act has created various offences for companies, senior executives and employees. Clearly, particularly given the fines and criminal offences, the implications of getting this wrong could be catastrophic for businesses.

What can you do now to prepare for the Online Safety Act?

Bringing in new regulation to address illegal and harmful content online is a huge step forward, but we expect it will also be very difficult for companies to comply with in practice.

Now is the time for businesses to carefully consider the Online Safety Act and start working towards compliance. This is particularly important for businesses providing online content, who should take legal advice on the rules.

The stringent rules of the Online Safety Act may mean businesses have to seriously change the way in which they operate, for example, businesses may need to start putting in place new age verification systems and monitoring and reviewing potentially harmful content. A government press release noted that the largest social media companies have already started to take action– Snapchat has begun to remove accounts of underage users and TikTok has begun to implement stronger age verification.

Whilst it has been brought into law, the substantive provisions of the Online Safety Act will not come into force immediately. Ofcom, as regulator under the Online Safety Act, will need to publish several codes of practice and guidance regarding the details on how organisations will need to comply with the new law. The Secretary of State will also need to produce secondary legislation around the Online Safety Act. As such, businesses should watch this space carefully as new guidance emergences.

The following are some key steps to help you start preparing for compliance:

  • Consider whether your business will need to comply with the Online Safety Act rules.
  • Consider which content on your platforms will fall within the scope of the Online Safety Act.
  • Review your platforms and policies and check your systems and processes.
  • Check if you can monitor and remove content.
  • Check if your platforms have appropriate age verification mechanisms and if you can enforce them.
  • Carry out risk assessments of your platforms and check if they are designed to ensure the safety of users (particularly children).
  • Consider if you have systems in place to prevent illegal and harmful content.
  • Consider if you will need to update your internal policies and procedures or carry out staff training on the Online Safety Act rules.
  • Consider if you promote a culture around safeguarding and protection on your platforms.
  • Monitor developments in the law and Ofcom’s guidance and codes of practices around compliance.

However, note that the Online Safety Acts extremely vast and complex legislation. To fully understand the rules and what you need to do to comply, you should seek specialist legal advice to understand your obligations (particularly if you are unsure).

Conclusion

The new rules brought in by the Online Safety Act are  significant and businesses are going to need to put a lot of extra time, money, and resources into making sure they comply, particularly given the grave implications for breaching these laws.

Due to the severe enforcement powers and repercussions for breaching these laws, it is crucial that providers of internet services quickly act to steps to understand their responsibilities under the Online Safety Act and change their processes to comply with them.

Please contact our IT and data protection team if you would like advice on this topic and how you can prepare for the implications when the Online Safety Bill comes into force.


What next?

Please leave us your details and we’ll contact you to discuss your situation and legal requirements. There’s no charge for your initial consultation, and no-obligation to instruct us. We aim to respond to all messages received within 24 hours.

Your data will only be used by Harper James Solicitors. We will never sell your data and promise to keep it secure. You can find further information in our Privacy Policy.


Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Head Office

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Regional Spaces

Capital Tower Business Centre, 3rd Floor, Capital Tower, Greyfriars Road, Cardiff, CF10 3AG
Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
1st Floor, Dearing House, 1 Young St, Sheffield, S1 4UP
White Building Studios, 1-4 Cumberland Place, Southampton, SO15 2NP
A national law firm

Like what you’re reading?

Get new articles delivered to your inbox

Join 8,153 entrepreneurs reading our latest news, guides and insights.

Subscribe


To access legal support from just £145 per hour arrange your no-obligation initial consultation to discuss your business requirements.

Make an enquiry