Global menu

Our global pages


Online Safety Bill proposing new criminal offences – potential impact on TMT companies

  • United Kingdom
  • ESG
  • Financial services disputes and investigations


The Government has agreed to a number of changes to the Online Safety Bill proposed by a Joint Committee late last year, including a series of new criminal offences. The Bill will now be considered by Parliament. 

In this briefing we consider some of the key regulatory duties and criminal offences envisaged by the Bill and their potential impact on TMT companies.

What is the Online Safety Bill?

The Bill seeks to regulate online content by placing responsibilities on the providers of online services in relation to illegal or otherwise harmful material. It sets out new duties on companies – specifically on providers of ‘user-to-user services’ and ‘search services’ – to keep their users safe online. If passed by Parliament, it will apply to companies whose online platforms allow users to generate and share their own content (such as social media sites, video communications platforms and search engines) whose services are capable of being used in the UK or of harming individuals located in the UK. The Bill designates Ofcom, the UK’s telecommunications regulator, to oversee and enforce the new regime.

Duties on tech companies to tackle illegal content

The Bill would place a duty of care on tech companies to limit the spread of illegal content on their platforms. It designates a number of “priority offences” – such as hate crime, harassment and stalking – which companies will have a proactive duty to seek out and minimise if the Bill is passed. In-scope companies would therefore need to design and operate their services to be safe by design and prevent users from encountering this content. The approach is similar to that required under the General Data Protection Regulation to ensure privacy by design and default is built into systems and processes, such as by avoiding free text options, to prevent the input by users of unnecessary/unwanted data.

This proactive duty can be contrasted with those proposed in respect of other forms of illegal content under the Bill, which companies would only be required to mitigate and/or remove upon them being reported. In-scope companies would also owe a host of other obligations under the Bill, including duties to carry out illegal content risk assessments (sections 8 and 23) and specific duties to protect children’s online safety (sections 11 and 26).

Ofcom would monitor compliance with this regulatory regime through new enforcement powers, including powers to issue Provisional Notices of Contravention to companies which it has reasonable grounds to believe are non-compliant and to issue Confirmation Notices to companies which fail to take the remediation steps it prescribes. Companies which still refuse to comply would face financial penalties. Ofcom could also appoint ‘skilled persons’ to produce reports into companies’ suspected breaches (section 88), mirroring equivalent powers granted to the Financial Conduct Authority under the Financial Services and Markets Act 2000.

Potential communications criminal offences for users

The latest additions to the Bill include several ‘communications offences’, including offences for (i) sending communications which pose a real and substantial risk of causing harm to a “likely audience” (meaning a reasonably foreseeable recipient), (ii) sending knowingly false communications which are intended to cause harm to a likely audience and (iii) sending communications which convey a threat of death or serious harm (sections 150-152).

These offences would apply to users of online platforms and aim to capture a wide range of harms which arise across different types of private and public online communications including abusive emails, social media posts and messages sent on instant messaging services. Where one of these offences is committed by a body corporate, the responsible corporate officers of that company would be held criminally liable as well as the company itself, where the officer has consented, connived or been neglectful (section 155).

Potential criminal offences for senior managers

The Bill additionally suggests new powers for Ofcom to issue ‘information notices’ demanding information and data from companies, including the role of their algorithms in selecting and displaying content (section 85). In issuing these notices, Ofcom could require companies to name the relevant senior manager with responsibility for its compliance. Where companies fail to comply with information notices (for example by providing false information), these senior managers could face individual criminal liability and, potentially, imprisonment for up to two years (section 93).

The previous draft of the Bill proposed commencement of these information offences following a post-legislative review at least two years after the Bill obtains Royal Assent. The Government now intends to accelerate this timeline to only two months.

Other notable information powers for the regulator envisaged by the Bill include powers to request interviews with company employees (section 90) and to enter and inspect tech companies’ premises (section 91).

What does this mean for online platform providers?

We are now one step closer to a major change to the regulatory landscape in respect of content published online, although further changes to this hotly debated Bill seem inevitable. Its passage through Parliament will be of keen interest to online users and platform providers alike.