Having been passed in October of 2023, the UK’s Online Safety Act seeks to implement greater levels of regulation surrounding social media and search engine companies – understanding the possible implications and potential ways businesses can ensure compliance is vital. In this article, we outline the main provisions of the Act and key considerations for businesses operating in the UK. 

What does the Act cover?

Through the legislation, the UK government aims to tackle issues surrounding online platform liability and accountability while increasing user safety at all levels of online business. The Act seeks to address company point-of-contact regulations, general terms and conditions, protection of minors as well as transparency and reporting obligations. 

Ofcom will be granted greater powers to regulate the fulfilment of duties and obligations by companies under the Act to empower the users’ ability to control access to content.

Who is affected?

Online business operating in the UK are expected to comply with the new legislation. Focus is placed on user-to-user (U2U) platforms on which users encounter and engage with content either created on or uploaded to the platform by another user. Non-UK based providers of certain regulated services including U2U platforms and search services are also expected to comply with the Act’s requirements. This applies to services with clear links to the UK, for instance, with large numbers of UK-based users. The application of the Act is especially complex for online news publishers and advertising providers, requiring careful and expert legal guidance.

Defining ‘Legal but Harmful’

As part of this effort to expand online regulatory control, the Act has introduced a key new legal definition: ‘legal but harmful’. Some commentators have expressed concerns that the definition could have a limiting effect on freedom of speech for online users.

Data protection and privacy

Any changes to legislation governing online businesses will impact on data protection and privacy responsibilities. The Act places particular emphasis on online platforms’ website terms of use and terms and conditions. Companies are expected to include within terms of use and terms and conditions the handling of ‘legal but harmful’ content, including the removal, restricted access, or promotion of content. Also, companies are required to provide a reporting and complaints process within their terms of use. The Act will affect companies’ privacy policies to explain the new obligations towards user data.

Disclosure and reporting obligations

To improve user safety, the Act places administrative duties of care on service providers. Businesses – especially social media platforms – are expected to conduct reporting and disclosure tasks to protect users. This includes illegal content risk assessments, content reports, mitigation protocols if data is deemed ‘harmful’, and transparency reports to ensure continued understanding of how data is processed and ordered on platforms.

Additional technical functionalities

The Act imposes new technical function requirements on companies to improve security and control harmful content. Implementing new features on your platform will require appropriate adjustments to internal policies. For instance, the Act requires a process of identity verification and blocking for users seeking to upload and interact with online content potentially falling within the ‘legal but harmful’ definition. Also, businesses are expected to provide a notification feature in the event content is moderated or removed from your platform or service alongside a function enabling users to report and determine preferences as to whether they wish to access particular content.

The bigger picture: what has changed with EU data protection?

While impacting directly upon UK-based companies, the UK legislation came just as the EU passed the Digital Services Act and Digital Markets Act in July 2022. These two pieces of legislation implement a stricter regime of data protection, transparency, and management. As online platforms and businesses frequently operate beyond the UK, in the EU and around the world, the combined new online safety legislation creates a compliance challenge requiring expert legal guidance. 

The Online Safety Act has wider-ranging impacts on how online service providers and platforms engage with users and uphold greater levels of protection. Understanding the implications of Act enables companies to prepare the necessary legal documents and control mechanisms to navigate legislative boundaries, protect user safety, and facilitate commercial interests. 

At Maybrook Law, we advise businesses on all aspects of compliance with the UK Online Safety Act, including content moderation policies, reporting obligations, and privacy and data protection requirements. If your business is operating in the UK, or providing services to UK users, and would like guidance on complying with the Online Safety Act, or to discuss any of the issues raised in this article, we would be pleased to advise on your position.

Our insights, articles and guides do not, and are not intended to, constitute legal advice or be an exhaustive review of all legal developments. Although every effort is made to ensure that the information provided in this article is accurate as of the publication date, please be aware that this is area of law may be subject to change. Please seek legal advice before applying the information provided to any specific circumstances, transactions or legal issues.