MEF CEO Dario Betti examines the new consultation from Ofcom on online safety, and how it looks to protect the most vulnerable internet users.
The United Kingdom telecom regulator, Ofcom, has released its consultation on the fees and penalties regime for the new Online Safety Act (OSA). The OSA represents a significant step towards a safer online environment in the UK. By holding platforms accountable for user safety, it aims to foster a more secure digital landscape, particularly for vulnerable users.
The Ofcom consultation invites opinions on the regulated services fees and exemptions, as well as penalties (by January 2025). The primary goal is to ensure that Ofcom recovers the costs of its online safety functions without exceeding them. As other regulators are considering the OSA model, the UK example is an important precedent, and interested companies should respond to the consultation. In summary:
- Qualifying Worldwide Revenue (QWR): Providers with a QWR of £250 million or more will be subject to fees.
- Fee Structure: The proposed fee is 0.02% of QWR, with invoices expected in 2026.
- Administrative Challenges: Issues include revenue attribution, avoiding double-counting, and the impact on global providers.
- Consultation Deadline: Responses are due by January 9, 2025.
The primary goal is to ensure that Ofcom recovers the costs of its online safety functions without exceeding them. As other regulators are considering the OSA model, the UK example is an important precedent, and interested companies should respond to the consultation.”
Online Safety Act, what does it cover?
The Online Safety Act aims to regulate online platforms to enhance user safety, particularly for children and vulnerable users. It establishes “Duty of Care”: platforms are required to implement measures to protect users from harmful content, including hate speech, child exploitation, and misinformation. OSA imposes a legal responsibility on companies to shield users, particularly children, from: just
- sexual exploitation and abuse,
- suicide and self-harm content, and
- terrorist and hateful content
In short, the Act required companies to act on the following areas:
- Risk Assessments: Companies must conduct risk assessments to identify and mitigate potential harms, especially those affecting children.
- Content Moderation: They need to implement robust content moderation practices to prevent the spread of illegal and harmful content.
- Transparency Reporting: Companies are required to provide transparency reports detailing their efforts to comply with the OSA.
- User Reporting Mechanisms: The Act mandates that platforms provide effective reporting tools for users to flag harmful content or behaviour.
- Protection for Children: Enhanced protections are put in place specifically for children, including age verification measures and tailored content moderation.
The draft illegal-harms codes include more than 2,000 pages of comprehensive guidance on what data should be considered, how product functionalities play into the risk of illegal harms and how measures should be implemented to mitigate those risks.
Companies included OSA regulation.
The Online Safety Act (OSA) impacts a wide range of companies that provide online services, particularly those with significant user bases in the UK. According to Ofcom, there are more than 100,000 companies that would be impacted by the OSA, mostly user-to-user and search-services providers that target the U.K. market.
Here are some key points about the types of companies affected:
- Social Media Platforms
- Search Engines
- Video Sharing and Streaming Services
- Messaging and Chat Services
- Online Gaming Services
- Dating Services
- Ecommerce platforms (that host 3rd party sellers)
The Online Safety Act: Navigating the New Fees
A crucial component of this legislation is the fees and penalties regime, which Ofcom is currently consulting on. Let’s review what are the key aspects of this regime, its implications for service providers, and the challenges it presents.
The OSA mandates that providers of regulated services pay fees to cover the costs of Ofcom’s online safety functions. This requirement is designed to ensure that the regulatory body can effectively oversee and enforce the regulation set up by the state without financial constraints. It assumes a running cost of about GBP 5 million per year. The fees are calculated based on the Qualifying Worldwide Revenue (QWR) of the providers, with a threshold set at £250 million. Providers meeting this threshold will be subject to a fee of 0.02% of their QWR, which translates to approximately £50,000. The regulator would expect to have at least 20 players to contribute to the cost of the service. Smaller players, charging less than £250 million would not pay the cost.
One of the primary challenges highlighted in the consultation is the attribution of revenue. Providers must distinguish between revenue generated from regulated services and other revenue streams. This task is complicated for businesses operating across multiple jurisdictions, as they must avoid double-counting revenue. Additionally, the regime may disproportionately affect global service providers with significant international operations, adding to their administrative burden.
The consultation also addresses the potential impact on small and medium-sized enterprises (SMEs). While a higher QWR threshold would simplify administration and reduce the burden on smaller providers, it would also narrow the contribution base. Conversely, a lower threshold would increase the number of contributing providers but add to the complexity and administrative load.
Ofcom’s approach to the fee regime aims to balance inclusivity and complexity. The proposed single percentage fee structure, without differentiation between service types, seeks to maintain simplicity and transparency. However, this approach may not fully account for the varying levels of regulatory effort required for different services.
The consultation period, ending on January 9, 2025, provides an opportunity for stakeholders to influence the final structure of the fees and penalties regime. Providers are encouraged to engage with Ofcom, offering insights and feedback to ensure that the regime is fair, proportionate, and effective.
Penalties Regime in the OSA framework
The OSA outlines significant penalties for non-compliance with its regulations. These penalties are designed to ensure that providers of regulated services adhere to the safety standards set by Ofcom. Here are the key points on penalties:
- Maximum Penalty Cap: The OSA sets a maximum penalty cap for non-compliance. This cap is substantial to deter violations and ensure compliance. Under the Online Safety Act (OSA) in the UK, the maximum penalty for non-compliance can be substantial. As of the latest information, the maximum penalty cap for fines is set at £18 million or 10% of a company’s annual global revenue, whichever is higher. This approach emphasizes the severity of penalties for larger companies, aiming to ensure significant consequences for non-compliance.
- Joint and Several Liability: If a provider is part of a group and found to be in breach of the Act, the Qualifying Worldwide Revenue (QWR) includes all revenue from all members of the group. This means that all entities within the group can be held jointly and severally liable for the breach.
- Revenue Attribution: Penalties are calculated based on the QWR, which includes revenue from user interactions with the service, advertising, and the sale of goods and services. If it is not possible to disaggregate revenue between qualifying and non-qualifying sources, it will be apportioned on a just and reasonable basis.
- Currency Conversion: To calculating penalties, revenue would be converted into sterling using a just and reasonable exchange rate.
- Qualifying Period: The qualifying period for calculating revenue is the second calendar year preceding the charging year. For example, revenue from January 1 to December 31, 2024, would be used for the charging year 2026/27.