Earlier this year, we updated you on the UK Online Safety Bill (OSB) and outlined a series of concerns, including an alarming threat to encryption. Since then, the OSB was passed by Parliament, and is now ready to become law. Here’s everything you need to know about what was included in the final version of the bill and what to expect during its implementation process.

What is included in the final bill?

“As developers, there is a paramount significance of using end-to-end encryption for safeguarding privacy and security. It ensures data remains confidential and protected throughout its journey, reassuring users that sensitive information is shielded from unauthorized access and potential cyber threats” – James Hanson, Layers Studio

Although the OSB is described as targeting large social media companies, its broad scope, unfortunately, means that thousands of small businesses will also be affected. The final version includes several provisions around content moderation and security, including eliminating end-to-end encryption and the required collection of children’s personally identifiable information. Below are our concerns:

Eliminating end-to-end encryption: The bill gives communications watchdog Ofcom the power to break encryption to read private messages sent in apps like WhatsApp. Breaking end-to-end encryption, even for ‘good’ actors to monitor harmful content, creates wide open access for bad actors such as cybercriminals and oppressive regimes. Without solid end-to-end encryption, users may become victims of cybercrimes, identity theft, harassment, stalking, and even persecution.

Required collection of personally identifiable information: Ensuring the online safety of tech users, especially vulnerable groups like children, is a top priority for our small business members. Minimizing data collection enhances safety and trust. While the OSB emphasises age verification to shield children from unsuitable content, its current requirements may inadvertently increase data collection — including sensitive details and even images of minors. Gathering identifiable information, such as age, can diminish user trust, a crucial element for small and medium-sized developers striving for sustainable business growth.

The new rules will be policed by Ofcom, which has been given significantly increased powers to regulate the internet. These powers include the ability to fine offenders up to £18 million or 10 per cent of their global annual revenue, whichever is higher. The bill also makes the executives of companies personally responsible in the eyes of the law, meaning they could face jail for repeated offenses.

Next steps

The bill will soon become law after the formality of royal ascent is completed, but the work is not done. Ofcom has laid out a multi-year timetable of stakeholder engagement regarding the development of its codes and guidance. ACT | The App Association will be heavily engaged with this process to ensure that the resulting regime protects individual privacy and security while maintaining the trust that currently empowers small businesses to flourish.

If you are interested in the online safety bill and want to know more, email Stephen Tulip, our UK country manager, at [email protected].