The OSB is the UK’s draft legislation for regulating online content. The OSB was reintroduced to Parliament last year with substantive amendments since its origins in May 2021. So far in 2023 we have seen further amendments proposed by Conservative peers, another government reshuffle, and the second reading of the OSB in the House of Lords. The OSB is currently in the committee stages in the House of Lords. The OSB was due to obtain Royal Assent by April 2023. With the UK Government running out of time to deliver, and the ongoing scrutiny around its amendments, an extension has been agreed so it can receive Royal Assent by July 2023.
The Framework
The proposed legal framework seeks to introduce robust new measures to protect the safety of its online users, including granting Ofcom the power to impose significant fines of up to £18m or 10% of global annual turnover, whichever is the higher, should companies fail to comply with the new rules. The OSB covers a wide range of content which may cause harm, including terrorism, racism, child sexual exploitation, suicide, eating disorders, misogyny and revenge porn.
The OSB imposes extensive duties of care on providers of internet services that allow users to share user-generated content (user-to-user services) and providers of search engines (search services) (together, “regulated services”). It also imposes duties on senior managers of regulated providers, being individuals who play a significant role in either “(a) the making of decisions about how the entity’s relevant activities are to be managed or organised, or (b) the actual managing or organising of the entity’s relevant activities.”
Examples of companies in scope are as follows:
- providers of internet services which allow users to encounter content generated, uploaded or shared by other users (this is wider than the Tech giants / social media companies and will apply to all companies irrespective of their size);
- providers of search engines which enable users to search multiple websites and databases; and
- providers of internet services which publish or display pornographic content (meaning pornographic content published by a provider).
Companies will be categorised into two tiers according to the size of their online presence and the level of risk posed on the platform. Those companies falling within the scope of the regime will have a duty of care towards users of their platform with those duties taking a multi-layered approach.
Notably, the OSB also applies to providers of regulated services which are based outside the UK as long as it impacts users based in the UK, which will no doubt mean that the content of the draft OSB will have been brought to the attention of Silicon Valley.
Companies should carefully consider if they come within the scope of the OSB, bearing in mind its wide scope of application. As currently drafted, most companies that provide online content are likely to be caught by its provisions. Insurers should also start considering whether this poses a material risk for a policyholder that requires specific underwriting.
Recent Updates
At the end of January 2023, nearly fifty Conservative MP’s supported back-bench proposals which lead to further amendments to the OSB. These changes focused on stronger enforcement action for those who fail to protect children, in particular, from damaging content online. The new amendment introduces criminal liability sanctions of up to two years imprisonment for senior managers who fail to protect users online. In the OSB’s previous iteration, senior managers were criminally liable only if they failed to respond to information requests from Ofcom.
The amendments have also had a clear focus on children and misogyny faced by women and girls online. Ofcom has published a call for evidence on protecting children from content that is legal, but harmful to them. Following the findings of Molly Russell’s inquest that social media has “contributed to her death in more than a minimal way” the Government has been under pressure to protect children from the risks of online harms. Assisting or encouraging self-harm online has been made a criminal offence following the findings of Molly Russell’s inquest.
Ofcom has also been given the power to fine digital platforms 10% of their global revenue if they fail to comply with a code prohibiting online misogyny with a clear focus on abuse faced by women and girls online.
Impact to the Insurance Market
The OSB does not expressly prohibit insurers offering cover for fines issued by Ofcom under the new regulatory regime. These could be significant - £18million or 10% of a company’s annual global turnover. Given the size of possible fines, the potential exposure for insurers is significant.
So could this trigger a new D&O exposure for companies? In short, yes. The recent amendment regarding Ofcom’s power to impose criminal sanctions for failing to protect children is a material change for the OSB. Previously, enforcement would have been dealt with by civil fines only. The current draft sets the bar high for personal criminal liability as it focuses on ‘deliberate’, rather than negligent, conduct of senior managers. Where an offence is committed with the ‘consent or connivance’ of a senior manager or other officer of the company, or is ‘attributable to their neglect’, the officer and the company, will be guilty of the offence. The risk to senior managers’ personal liability is imprisonment for up to two years.
What happens next?
The OSB will continue to be debated. In terms of the timetable, the OSB is expected to receive Royal Assent this summer. However, when the provisions will come into force remains unclear. Once the OSB has received Royal Assent, the OSB will need secondary legislation to implement it, and it is understood that Ofcom will publish codes of practice. We will keep you updated on the progress made of what is undoubtedly one of the most significant legislative initiatives currently affecting the digital technology sector.
