Online Safety

Online Safety Bill: changes to watch out for

Published on 26th Jan 2022

Potential amendments could mean that the Bill is about to get even more complex and controversial

The Online Safety Bill could be introduced into Parliament any day. While publication of a Draft Bill for pre-legislative scrutiny has allowed market participants to familiarise themselves with the future regulatory regime, there are increasing signs from the government that the Bill it introduces into Parliament could contain significant changes.

The aim of this new piece of legislation is to protect users of online content-sharing platforms from harmful material (see our OSB in focus series for more in-depth analysis).

The Bill's status

On 4 November 2021, the government appeared in the final session of the Joint Committee on the draft Online Safety Bill  and used the opportunity to flag a number of amendments it was likely to make to the legislation. 

The joint committee's report followed shortly after on 14 December 2021, suggesting a number of changes itself. The committee's report was itself debated in the House of Commons on 13 January 2022, at which members of the government highlighted changes that were currently being made to the draft before introduction.

The official government response to the committee's report is still due, but it is feasible that the government could publish its response and introduce the Bill on the same day (which could now be any day). 

Possible changes 

What possible changes could a new version of the Bill feature when eventually introduced? 

  • A restructured Bill that is arranged around Ofcom's objectives of ensuring that service providers: 

(a)    comply with UK law and do not endanger public health or national security; 

(b)    provide a higher level of protection for children than for adults; 

(c)    identify and mitigate the risk of reasonably foreseeable harm arising from the operation and design of their platforms; 

(d)    recognise and respond to the disproportionate level of harms experienced by people on the basis of protected characteristics; 

(e)    apply the overarching principle that systems should be safe by design whilst complying with the Bill; 

(f)    safeguard freedom of expression and privacy; and 

(g)    operate with transparency and accountability in respect of online safety. 

  • The offence applicable to a named "senior manager" for failing to take reasonable steps to stop their employer from committing an information offence (that is, not providing information requested by Ofcom) is likely to be entrenched in the Bill, and may be supplemented by an additional offence of "repeated and systemic failings that result in a significant risk of serious harm to users".
  • The Bill is amended so that the information offences (applicable both on a corporate and senior manager level) are brought into force within three to six months of the Bill becoming law (which is likely to be in 2023).
  • There is a potential amendment to clause 41(4) to add an offence of fraud and, similarly, that related clauses be introduced or amended so that companies are required to address it proactively.
  • Paid-for advertising could be included within the scope of the Bill (due to accepted cross-party consensus on this); although no specifics have yet been provided, and it seems that there will be no opportunity to review these new provisions before the Bill is introduced.
  • It could include the new individual criminal offences (cyber-flashing, inducing epileptic reactions, etc.) that were recommended in the July 2021 Law Commission report into the Online Safety Bill. This would considerably broaden the scope and purpose of the OSB by creating offences for individual users as well as service providers.  
  • Amendments are made to enable Ofcom to take enforcement action if it identifies a breach of the safety duties in an area that a provider had not identified in its initial risk assessment, without the risk assessment needing to be re-done.
  • The Bill is changed so that "priority content that is harmful to adults" is no longer based on what companies themselves decide they think is harmful to an "adult of ordinary sensibilities" along with types of harm to be designated by the secretary of state (see clauses 11 and 46), but is rather based on "established offences that this Parliament has already created, which are known and understood and (…) enforced, [which] are mandatory and clear".
  • There is potential for an extension of scope to cover non-user-generated content that may be accessible (and harmful) to children (for example, pornography websites), so as to align with the age appropriate design code.
  • The categorisation approach, which differentiates platforms that present greater harm from those that present lesser harm, could be replaced by more nuanced "risk profiles", which would aim to regulate based on risk rather than size, recognizing that small platforms can become influential very quickly. 

Next steps 

The report will be reviewed by the Department for Digital, Culture, Media and Sport for a final decision on what recommendations to include, with the apparent plan of formally introducing the Bill into Parliament before the end of the current session in March 2022.

OC comment

These potential amendments could result in marked changes to the Bill, and extend the scope of compliance to be required under the new UK regulatory regime. There are a number of significant changes to come, including the likely inclusion of entirely new provisions relating to fraud and paid-for advertising.

Although the directors' liability offences already present in the Bill could be expanded to include an offence of "continuous failure to comply", as currently drafted, they are similar to existing offences elsewhere in UK legislation, but given the relative novelty of such offences in an online safety context, we will be closely monitoring any extension to their scope. It is also worth noting the specific requirement to name and identify a "senior manager".

The replacement of "categories" with "risk profiles" is likely to provide a more detailed structure for enforcement. We will be carefully reviewing the new version of the Bill to see how the "risk profiles" have been designed, and what factors might result in lower risk profile categorisation. 

Overall, a complex and controversial Bill might be about to get even more complex and controversial.


* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?