UK’s Ofcom Prepares to Enforce Online Safety Bill

The U.K. communication regulator has laid down plans to implement a controversial regulation intended at preventing online child sexual abuse material after officially became law.

See Also: Navigating SEC Compliance: A Comprehensive Approach to Cybersecurity Resilience

The Online Safety Bill received royal assent on Thursday after it was cleared by the parliament in September. The law grants the Office of Communications or Ofcom, power to order chat apps such as WhatsApp and search engines such as Google to use “accredited technology” to identify terrorism or child sexual material.

Privacy and security experts warned the regulation could empower a surveillance regime should regulators use it to require chat apps and search engine to weaken encryption (see: UK Academics Join Critics of Proposal to Weaken Encryption ).

Following the official ratification, Ofcom on Thursday said the agency will progressively implement the law in three phases through 2024.

Melanie Dawes, Ofcom’s chief executive said the agency’s new power will “not be about taking content down,” but rather “making sure sites and apps are safer by design.”

“Ofcom is not a censor. Importantly, we’ll also take full account of people’s rights to privacy and freedom of expression,” Dawes said.

In the preliminary stage, Ofcom will open a consultation for online services on their risk assessment of content deemed illegal, such as materials related to terrorism and fraud. Based on this input, the agency will then finalize a “code of practice” on compliance measures, which will be presented to Parliament for approval.

Once approved, Ofcom will formally implement the law, which will grant the agency the power to request online intermediaries to perform content scanning and impose a fine of 18 million pounds or 10% of the annual revenue, whichever is higher, for violations.

In the second phase of implementation, the regulator will propose age verification requirements on end-to-end encrypted services and will require impacted services to run a risk assessment related to children. While in the last phase, the agency will introduce transparency requirements for service providers.

End-to-end encrypted messaging platforms such as WhatsApp, Signal, and Apple, opposed “accredited technology,” which they argued will weaken encryption, affecting the privacy of its users across the world. The companies have threatened to quit the U.K. market rather than comply.

Tory peer Stephen Parkinson during the bill’s debate in the House of Lords said that Ofcom will not be able to order online services to use government-endorsed methods of scanning to identify outlawed content so long as a technically feasible solution “accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content” does not exist (see: UK Government Seeks to Dispel Encryption Concerns).

On the use of accredited technology, Ofcom saidit will hold consultations with stakeholders and encourage them to use or develop accredited technology that meets “minimum standards of accuracy.”

Signal’s president Meredith Whittaker, a staunch critic of the law, on Thursday reiterated her previous stance. “Our position remains firm: we will continue to do whatever we can to ensure people in the U.K. can use Signal. But if the choice came down to being forced to build a backdoor, or leaving, we we’d leave,” she said.

A Meta spokesperson offered no comment on the company’s plans to ensure compliance with the new law.