UK’s top tech cop tells platforms how to comply with tough new online safety rules

British media watchdog Ofcom on Wednesday issued new guidance to technology platforms requiring them to take tougher action against harmful and illegal content.

Ofcom is hoping to get digital giants like Google, Apple, Meta, Amazon and Microsoft on board with its guidelines after King Charles III gave the final green light for tough new laws, known as the Online Safety Act.

Ofcom is the chief regulator under Britain’s Online Safety Act, with powers to enforce the regulation and levy fines against tech companies. The law gives the watchdog powers to levy fines of as much as 6% of companies’ global annual revenues for breaches, and even threaten potential jail time for executives over repeat breaches.

Ofcom outlined what it called new codes of practice for digital platforms, which it wants them to follow in order to limit the harmful and toxic content users — particularly children — encounter online.

However, the codes of practice are nonbinding and merely act as a “safe harbor,” meaning that services can take a different approach to meet their duties if they wish.

In the codes, Ofcom recommends that services put in place a series of measures, including ensuring that content moderation teams are appropriately resourced and trained, and that content-flagging systems are easy to use.

Ofcom also wants platforms to ensure that users can block other users, and to put in place risk assessments for when platforms make changes to their recommendation algorithms.

Beyond this, Ofcom also wants online platforms to take a series of steps to combat child sexual exploitation and abuse, fraud, and terrorism.

This includes using a technology called “hash matching” to detect and remove such material — in other words, companies would be required to pair up digital fingerprints for individual pieces of content called “hashes” against a database of known illegal and harmful content.

Crucially, Ofcom said that it was not looking to break end-to-end encryption, a mechanism that platforms like Meta-owned WhatsApp and Signal use to allow users to send messages securely from one person to the other. This is a big point of contention for those platforms, which had warned they may leave the U.K. if forced to weaken encryption.

Google, Apple, Meta, Amazon and Microsoft did not immediately return requests for comment.

Consumer rights group Which said it hopes that Ofcom does not water down its enforcement actions under the scope of the laws.

“Social media firms and search engines need to be held to a high standard and Ofcom cannot shy away from taking strong enforcement action, including fines, against firms if they break the law,” Rocio Concha, Which’s director of policy and advocacy, said in a statement.

The regulator will seek comments from stakeholders in response to the proposals. The consultation period will close on Feb. 23, 2024, after which Ofcom plans to publish the final versions of its guidance and codes of practice no later than winter 2024. After that statement is issued, services will have three months to conduct risk assessments.

The U.K.’s Online Safety Act has been in the works for the last four years. It originated in the form of the Online Harms White Paper, and sought to clamp down on harms found on social media, such as content promoting illegal drug taking, terrorism, self-harm or suicide.

The European Union has its own law, called the Digital Services Act, while several lawmakers in the U.S. are looking to reform a law called Section 230 which provides platforms with an exemption to liability for what their users post.