Despite using “Senior Manager” as a term of art and obliging in-scope companies to perform extensive reporting, the Online Safety Bill (the Bill”) has no connection with the SM&CR. It is therefore important that market participants do not confuse the two regimes. While it is theoretically possible that there may some overlap between the two Regulated constituencies, e.g. a web app that grants credit, in practice such instances are likely to be rare. To further underline the clear distinction, a brief summary of the key features of the Bill follows.
In an attempt to make the UK “the safest place in the online world”, the Government introduced the Online Safety Bill. This is a significant, and depending on one’s degree of trust a slightly ominous, development. The factsheet referenced above proclaims the UK as the first country in the world to monitor online safety, regulating how technology companies deal with users’ content on internet platforms (most people regard China as an earier pioneer in this area). The new draft of the Bill, adds a nu,mber of signicant features such as Category 1 and provides at least an element of clarity.
Despite its above average length at 225 pages, the Bill, being extensive and thorough, focuses on generating a new era of regularization over online service providers. In essence, it applies to what are dubbed as “service providers” that offer “user-to-user services” and “search services” with connections to the UK. Social networks, online gaming platforms, or such companies that are occupied with content creation are some of the examples to which the Bill will be applied. They are required to provide pornographic-free content, and content free from child sex exploitation or terrorism.
The current state of The Bill
Following an initial draft, subsequently much-extended, the Government introduced the Online Safety Bill to Parliament on 17 March, 2022 for legislative scrutiny and it is likely to receive Royal Assent during 2023.
- Regulates services accessible by UK consumers (even if the service is not based in the UK)
- Imposes a duty of care on user-to-user services and search engines to improve user safety
- Preserves freedom of speech, “democratic importance” and “journalistic content”
- Aims to protect users from harmful content with a particular focus on children
- Penalties for non-compliance up to the higher of £18m. or 10% of global revenue
- OfCom has been appointed as the sole Regulator in this regard
Duties for Regulated Services
The Bill introduces a number of ‘duties of care’ which all user-to-user services and search services are required to comply with. The scope of these duties changes depending on the nature of the service and content. Some of the significant duties of The Bill include the following:
Duty to address Illegal content
- Identifying priority illegal content and preventing users from seeing it
- Taking proportionate steps to mitigate and manage the risks of harm caused by illegal content
- Designing processes (i.e. automated or human content moderation, banning illegal search terms, spotting suspicious users) to restrain people from experiencing illegal content and promptly taking down such content if occurs
Duty to address illegal and legal but harmful content
- Adopting and maintaining risk assessments and taking measures with regards to illegal and legal but harmful content
- Creating and applying transparent and accessible terms of service or a policy statement regarding how illegal but harmful content is to be handled and how people are protected
- Protecting freedom of speech, privacy and democratic content through safety measures and policies
- Being in compliant with ‘the three Rs’ framework: reporting, record-keeping and review
- Tackling any anonymous online abuse by verifying the identity of the user and taking appropriate measure
Duty to address legal but harmful content
- Using proportionate systems and processes to prevent users from experiencing harmful content even if it is legal and meets the Ofcom content requirements
- Providing tools to enable adult users to opt-out of harmful content “that might otherwise be tolerated by the service”
Under the Bill, a number of different criminal offences might be committed where an individual does not comply with the regulations, with a range of applicable penalties.
The Bill for Senior Managers
Senior Manager is defined as anyone who is responsible for the management and organization of the content being released in their platform/service in the context of online safety. The Bill proposes this role, requiring the service providers to give a name of a Senior Manager, thereby ensuring the accountability of that individual for the entity. In this context, a Senior Manager is responsible for complying with Ofcom’s information requests. If found to be In breach of these regulations, the Senior Manager may be faced with prosecution within two months of said breach.
Senior Manager’s Criminal Liability
OfCom has the authority to require information from service providers, inclusive of their algorithmic approach to showcasing content, for the assessment purposes. They also have power to visit entity premises for data collection, interviews, and assessment of that entity. Noting that The Bill requires to name a senior manager for the management and quality of content being shared, the senior manager gets help responsible in the breach of laws and regulations. As such, they are under the tight information-related offences. They include:
- Offences when OfCom requests to excercise its authority to enter, audit and inspect are not complied with
- Offences when employees fail to join required interviews or provide false information
- Offences when companies suppress, eliminate or change information
The Bill is estimated to apply to approximately 25,000 entities, although far from the 47,000 regulated by the SM&CR, this still represents a large constituency. The reporting burden amounts to some 435 data points for larger Category 1 providers; again extensive, if markedly less so than the SM&CR. While vendors are unlikely to market software solutions ahead of the Bill’s final approval, even if you are not directly affected, the long list of obligations imposed along with stringent penalties for non-compliance, once again underline the need to deploy effective and cost-effective solutions.