The UK's Online Safety Act (OSA) 2023, which became law on 26 October 2023, imposes extensive new obligations on certain types of online service providers, requiring them to protect their users by identifying, mitigating, and managing risks relating to illegal and harmful content. Due to its extraterritorial reach, the OSA is expected to regulate approximately 100,000 organisations worldwide.

However, the full implementation of the OSA will not be immediate. Ofcom, the UK's communications regulator, has set out a phased implementation plan that is expected to span about three years, allowing in-scope providers time to adjust to and comply with their new obligations. Ofcom's first consultation with affected services, regarding 'illegal harms', has already opened and will close on 23 February 2024. Its second consultation, on child safety, is due to open before the end of 2023.

Certain provisions in the OSA have given rise to privacy concerns. In particular, Section 121 empowers Ofcom to mandate services to use 'accredited technology' to identify, remove or prevent users from encountering certain types of content, including terrorism and child sexual exploitation and abuse (CSEA) material. Ofcom also may require services to use their 'best endeavours' to develop or source new technology to achieve this. Certain services, such as end-to-end encrypted messaging applications, may find this difficult to comply with because any scanning of private messages required by Ofcom could conflict with the principles of user privacy inherent in such services. However, it remains to be seen how Ofcom will interpret and apply this part of the legislation, given the delicate balance between ensuring online safety and preserving user privacy.

In our November 2023 Cooley client alert, we tackled the OSA in more depth, including the following topics:

  1. The types of services that are subject to the OSA.
  2. The law's impact on in-scope services, including obligations and duties of care.
  3. Key practical implications for in-scope services.
  4. Enforcement by Ofcom, including fines and service restriction orders.
  5. Compliance tips.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.