Skip to main content
Compliance

Online Safety Act: Must-Have or Risky Weakness?

Online Safety Act: Must-Have or Risky Weakness?

Online Safety Act: Is Ofcom’s Approach Too Lenient?

Is Britain’s Online Safety Act being enforced forcefully enough to protect the most vulnerable, or has Ofcom been given a blunt instrument that won’t bite? That debate resurfaced in Parliament this week as charities, technologists and lawmakers pressed ministers for clarity about whether the regulator’s current stance will deliver real-world protection or merely the appearance of action.

The Online Safety Act was designed to shift responsibility onto major platforms to tackle illegal and harmful content — from child sexual exploitation and terrorism to the amplification of self-harm material and widespread misinformation. Parliament intended the law to be a robust, flexible tool for governing a fast-moving digital landscape: giving Ofcom powers to require change, impose fines and set codes of practice that platforms must follow. But turning that legislative ambition into effective enforcement has proven far more contentious than the statute’s backers anticipated.

Why charities and campaigners are worried

Several charities and child protection organisations have told MPs they fear Ofcom’s enforcement style is too cautious. One senior civil society figure described the regulator’s approach as “too lenient,” warning that a soft-touch oversight model risks letting high-risk practices persist on platforms without meaningful sanction. Their concern centres on delays, procedural hurdles and high evidentiary thresholds that could blunt deterrence and leave victims waiting for redress.

For these groups, enforcement is the hinge between a law on paper and safety in practice. If Ofcom shies away from decisive action, charities argue, children’s safety, the wellbeing of harassment victims, and broader public trust in online governance will suffer. They want faster interim measures — such as temporary takedowns — clearer escalation rules, and more transparent reporting so the public can see when and how the regulator acts.

Ofcom’s defense: balance and legal prudence

Ofcom contends it must strike a careful balance. Enforcing the Online Safety Act robustly, the regulator says, cannot come at the cost of procedural fairness, legal certainty or technical feasibility. Content moderation at scale is complex: proving systemic failures often requires detailed audits, technical forensics and large evidence sets. Ofcom officials insist on staged enforcement — consultation on codes of practice, graduated sanctions, and only applying penalties where breaches are clear and remediable — to reduce the risk of costly legal reversals.

This emphasis on process reflects real constraints. Judicial review risks, appeals and the cross-border nature of platforms can lengthen timelines. Decisions by Ofcom may cascade globally or conflict with other jurisdictions’ rules, creating practical limits on how quickly and aggressively the regulator can act.

Diverse stakeholder perspectives

– Technologists: Many engineers and safety teams caution that prescriptive rules can produce perverse outcomes if regulators demand rigid technical solutions. They favour outcomes-focused regulation that allows adaptive, evidence-based responses and want Ofcom to appreciate engineering trade-offs.

– Policymakers: MPs are split. Some demand swift, visible enforcement to demonstrate accountability; others warn against overreach that could chill innovation or raise free-speech concerns. Several parliamentary committees have urged clearer benchmarks and faster escalation when platforms fail to comply.

– Charities and civil society: Child protection and digital-rights groups push for tougher enforcement and speedier remedies, fearing that procedural delays will blunt deterrence and perpetuate harm.

– Platforms and industry: Major firms accept the need for regulation but highlight compliance complexity, conflicting international laws and the sheer volume of user-generated content. They typically prefer graduated sanctions and a collaborative approach with regulators.

Operational and legal frictions

Proving systemic, not isolated, breaches is resource-intensive. Regulators need access to internal platform data, engineering logs and audit trails — which can be contested in legal proceedings. Platforms operating across borders complicate enforcement: an Ofcom ruling on a global service could bump up against other legal regimes, and firms often respond by applying changes globally to avoid fragmentation. All this slows down the timeline from identification of harm to effective sanction.

Signs of compromise and remaining gaps

There are early signs of pragmatic compromise. Ofcom has published guidance, consulted on codes of practice and signalled a readiness to use its fining powers where breaches are manifest. It has also emphasised cooperation with industry to develop technical standards and reporting practices. But critics argue these measures are incremental and call for clearer escalation timelines, more robust interim powers — including temporary takedowns or rapid injunctions — and much greater transparency about enforcement outcomes.

What’s at stake

This is about more than one statute’s success or failure. If the Online Safety Act becomes a law that looks weighty but lacks follow-through, public confidence in regulation will erode and political pressure will build for either stronger mandates or an overhaul of enforcement powers. Conversely, overly aggressive enforcement that fails to account for technical constraints risks legal setbacks and unintended damage to online expression.

The core of the debate rests on judgment calls: how much deference should a regulator give to platforms’ technical assessments, and how forcefully should it demand rapid remedial change when harms are evident? The balance Ofcom strikes will determine whether the Online Safety Act becomes a model for modern tech governance or a cautionary tale of legislative ambitions unmet by enforcement.

As Parliament continues to scrutinise stakeholders, the central question remains urgent: will Ofcom lean into muscular enforcement to honor the promises of the Online Safety Act, or will prudence and procedural constraints produce outcomes that satisfy neither rights advocates nor the public they aim to protect?