Issue There are a number of concerns in relation to the definition of illegal content and the Illegal Content Judgements Guidance (Annex 10) proposed by Ofcom in its consultation on the Online Safety Act Illegal Harms duties which in effect define the scope of the regime relating to illegal content: how Ofcom’s approach fits with “safety by design” principles; the degree to which the Guidance is focussing on identification of criminal conduct rather than content associated with a criminal offence; standards of proof should be civil not criminal – the regime is regulatory; impact on protection of human rights. Of course, Ofcom is constrained by the provisions of the Act, but as we set out below, those provisions are open to a number of interpretations. Ofcom’s chosen interpretation and the proposals that flow from it in the draft Guidance will lead to a restrictive focus on takedown of content rather than a more systemic approach.

(A PDF version of this analysis piece is available to download at the end of the page.) Issue The Online Safety Act directs Ofcom to consider freedom of expression (Article 10 ECHR) and privacy (Article 8 ECHR), but these are not the only relevant rights – as indeed Ofcom notes. All the rights protected by the European Convention on Human Rights should be considered when considering the impact of the regime – or the lack of it. So, as well as the qualified rights of freedom of expression, the right to private life and rights noted by Ofcom – e.g. the right to association – we should consider other rights including the unqualified rights – the right to life, freedom from torture and inhuman and degrading treatment as well as the prohibition on slavery and forced labour (e.g people trafficking). Note also that rights can include positive obligations as well as an obligation to refrain from action; a public body can infringe human rights by failing to protect as well as by interfering itself in an individual’s rights. 

Alongside the hefty consultations launched since the Online Safety Act achieved Royal Assent, Ofcom have also recently been asking for views on proposed principles for “media literacy by design”. Under the Communications Act 2003, the regulator has an ongoing duty to promote media literacy. This consultation sets out some media literacy design principles to guide the interventions that online platforms might make to “help internet users engage with online services critically, safely and effectively”. These are grouped under three themes, focusing on how services can: 

Recent discussions with members of the OSA Network have focused on the approach to risk management being proposed by Ofcom in its consultation on the Online Safety Act illegal harms duties. Volume 3 of the suite of Ofcom documents covers this topic, including some initial proposals and evidence on governance and accountability. Governance structures, along with robust risk assessment processes, are fundamental to influencing product design choices with a view to reducing the risk of harm. So Ofcom’s proposals here are crucial to the overall effectiveness of the Online Safety Act regime.

On 9 November, Ofcom published its illegal harms consultation - 1700 pages of it - the first of three main phases of consultations to get the Online Safety Act regime up and running. Inevitably, the length of the consultation has provoked much commentary and some angst amongst those with an interest in this agenda. It is - undoubtedly - long. It will require time-consuming and detailed analysis by those who wish to respond to it. Nearly two weeks on, anyone with a hot take on what it means and whether it works is most likely chancing their arm based on a cursory speed-read. As some commentators have suggested (for example, here and here), the impact on smaller and less experienced stakeholders - who will need to engage as much as the big platforms do - could well be negative.

The Online Safety Act received Royal Assent last week (Thursday 26 October) and with that Ofcom picked up the reins from the Department for Science, Innovation and Technology and this new network was born. The aims of the Online Safety Act Network are simple: building on the work of Carnegie UK, we hope to help coordinate and support civil society engagement to secure the effective implementation of the Act. There is much to do on that score. To coincide with Royal Assent, Ofcom last week published a revised roadmap setting out the phases of work they will undertake as the regulatory framework takes shape: the headlines are here and the first swathe of consultations, focusing on the illegal harms duties, are due to be published on 9 November. 

The online safety regime splits in-scope regulated services into categories: Category 1, Category 2A and Category 2A. Category 1 services, the largest user-to-user services with certain ‘functionality’ (defined in cl. 234), receive the toughest risk mitigation duties: having to provide ‘user empowerment tools’ (cls 15-16) and effective terms and conditions in relation to content that would have formerly been referred to as content ‘harmful to adults’. Category 1 services are also under obligations regarding fraudulent advertising (as are Category 2A search services), and more detailed obligations generally. For an overview of the different requirements on services in each category, you can refer to this comparison table.

A Bill becomes an Act when it receives Royal Assent and that assent is notified to both Houses of Parliament. It becomes part of the law at this point. This does not mean, however, that the Act comes into force at that point. While an Act can come into force on Royal Assent, increasingly an Act will state when it comes into force, or – more usually – state that the Secretary of State will bring provisions into force through secondary legislation. This delay is usually to allow those affected by the law to prepare for it. In this sort of situation, the provisions giving the Secretary of State power will come into force on Royal Assent, often together with provisions that provide for definitions, the name of the Act. This process is known as commencement.

Codes and guidance, even if made under legislation, are not legislation; the question then arises as to their status. To what extent must addressees of any such code or guidance comply with them, and is there a difference in status between codes and guidance? Quasi-legislation is either statutory or non-statutory. While statutory and non-statutory quasi-legislation may have a similar effect, the fact that the code/guidance is a statutory requirement means the issuing of it in the first place would lie beyond challenge. So, the fact that Ofcom introduces guidance about women and girls cannot be challenged.