back to article Why UK Online Safety Act may not be safe for bloggers

Individuals who run their own website could be held liable for, weirdly enough, off-topic visitor-posted comments that break the UK's Online Safety Act. According to Neil Brown, director of British law firm decoded.legal, it's a possibility under the wording of the law, though clear direction has not been provided. The Online …

  1. Diogenes8080

    I am the ghost of Demon past

    So a UK company has to fend off shoals of hungry landsharks, but post the same content on a US web site and it is effectively unactionable (unless some vested interest such as a publisher is offended)?

    1. Anonymous Coward
      Anonymous Coward

      Re: I am the ghost of Demon past

      But would a UK Blogger be liable in the UK if they hosted their Blog on a US web server?

      1. collinsl Silver badge

        Re: I am the ghost of Demon past

        My reading as not-a-lawyer-or-legal-professional suggests that the location of the hosting makes no difference, to whit:

        Online Safety Act 2023 section 4:

        (2)A user-to-user service is a “regulated user-to-user service”, and a search service is a “regulated search service”, if the service—

        (a)has links with the United Kingdom (see subsections (5) and (6)), and

        (b)is not—

        (i)a service of a description that is exempt as provided for by Schedule 1, or

        (ii)a service of a kind described in Schedule 2 (services combining user-generated content or search content not regulated by this Act with pornographic content that is regulated).

        ...

        (5)For the purposes of subsection (2), a user-to-user service or a search service “has links with the United Kingdom” if—

        (a)the service has a significant number of United Kingdom users, or

        (b)United Kingdom users form one of the target markets for the service (or the only target market).

        (6)For the purposes of subsection (2), a user-to-user service or a search service also “has links with the United Kingdom” if—

        (a)the service is capable of being used in the United Kingdom by individuals, and

        (b)there are reasonable grounds to believe that there is a material risk of significant harm to individuals in the United Kingdom presented by—

        (i)in the case of a user-to-user service, user-generated content present on the service or (if the service includes a search engine) search content of the service;

        (ii)in the case of a search service, search content of the service.

        So a UK blogger could not use the defence of "I posted it abroad" - they could only have a defence of "Well it was targeted at Americans not UK users and hardly any UK users looked at it" (for example if it was a blog dedicated to assisting Americans to move to the UK).

        1. Anonymous Coward
          Anonymous Coward

          Re: I am the ghost of Demon past

          IF

          "(a)has links with the United Kingdom (see subsections (5) and (6)), and" means anywhere a UK citizen posts is now policed potentially by the authorities then it behoves us all to

          1 - use a reliable non-logging VPN

          2 - not reveal we're from the UK whilst online at any time

          3 - host ones blog on a secure, non-logging out of jurisdiction host

          Many could be swept up in all this hand wringing legislation, but the truth is most wont because the authorities don't have close to the resources to enforce the existing laws.

          Anonymous, because fuck em.

          1. jpennycook

            Re: I am the ghost of Demon past

            The practical answer to that is that the Government will probably encourage ISPs to block VPN providers that do not provide backdoors

        2. Outski

          Re: I am the ghost of Demon past

          That would chime with laws on defamation and whether UK courts are an appropriate venue for libel/slander hearings, i.e., if there's a significant proportion of the defendant's audience in the UK. This is what's given rise to "libel tourism", although, to be fair, some judges do throw some cases out, reasoning that, just because a piece is viewable from the UK, it does not mean that UK courts are the appropriate place to seek redress.

  2. Neil Brown

    Brown said he intends to put this question directly to Ofcom

    I put the question.

    I did not get an answer, straight or otherwise.

    Nor did Ofcom provide answers to other questions I asked about some of the other exemptions in Schedule 1 which could be valuable to people running small hobbyist sites, including:

    1) how Ofcom will interpret "email" for the purposes of Schedule 1, paragraph 1. Ofcom said that there is a "common definition", but despite prompting, it did not provide it.

    2) how Ofcom will apply the "or other concern" wording in Schedule 1 paragraph 7, and whether closed groups, like a forum run solely for members of a cub pack, with no external access, could take advantage of it.

    3) how Ofcom will apply s227(3), the effect of which is intended to be that the "provider" of a service cannot also be a "user" of it (a sensible position). But the opening words appear to limit it to "when acting in the course of the provider’s business", and so it may not be applicable in the context of hobbyists, and so understanding Ofcom's intent here would be valuable.

    1. Fonant Silver badge

      Re: Brown said he intends to put this question directly to Ofcom

      Thank you for the time you've spent trying to make sense of this legislation and Ofcom's "guidance" from the point of view of small service providers, Neil.

      It's all so vague, and reliant on the service provider's own personal assessment of risk. Risks that cannot ever be quantified.

      1. Tron Silver badge

        Re: Brown said he intends to put this question directly to Ofcom

        This is the UK. So the government are exempt (ie. above the law). Everyone else is likely to become liable. They will only prosecute the ones they want to - due to lack of staff time/funding as much as anything. It's not about the law, it is about politics and the mechanics of implementation.

        If you want to stay safe, end all web 2.0 functionality on your site before this kicks off. Otherwise you may become a crash test dummy for who is and who is not liable. And in the UK, any brush with the legal system will empty your bank account and ruin several years of your life, even if you are not ultimately found guilty. Sometimes you have to accept that the government are in control and can screw with your life if they are minded to. To keep clear blue water between their persecution and yourself, pull back, withdraw services and stay safe. The model for life in the UK today is the same as it was for colonial subjects of the British Empire. Keep your head down and do not invite the wrath of those in charge. Because you won't win.

        1. Missing Semicolon Silver badge
          Unhappy

          Re: Brown said he intends to put this question directly to Ofcom

          Yep. In other words, it depends on whether *Ofcom* are offended by the content. We know where that is going....

          1. cyberdemon Silver badge
            Big Brother

            Re: Brown said he intends to put this question directly to Ofcom

            Wrong icon.

            Off to the Gulag with you!

    2. Neil Brown

      Many thanks to Thomas

      The power of journalism: Thomas has been able to get clearer (if not *entirely* clear) answers on this point than I (and others) have managed.

      Thank you Thomas and El Reg!

      1. cyberdemon Silver badge
        IT Angle

        Re: Many thanks to Thomas

        A heroic effort indeed. However the response received from minitru^W ofcom is hardly comforting..

        > The Act makes no mention of how closely connected to the provider content the comment or review must be to benefit from this exemption

        So.. This is an IT forum and we are (in the main) discussing IT related matters, with the occasional bootnote. The Act still leaves it in the hands of ofcom to decide if we have deviated from our remit, essentially giving ofcom the potential power and remit of "Roskomnadzor".

        1. tiggity Silver badge

          Re: Many thanks to Thomas

          Indeed - though there do seem to be lots of US politics comments now, & a move to US English etc.... Maybe el Reg can claim it's not primarily aimed at UK readers any more just in case a commentard causes grief.

          Personally I think its pointless, UK already has laws to prosecute people who post CSAM or whatever, that should be sufficient... not going after some hobbyist who gets their site spammed with CSAM by bots (lots of potential for digital swatting as we are doing US parlance these days).

          All the web sites I maintain for groups do not have user posted comments (JS free zones! they are just used for information, mailing lists for discussions, all very old school) so I am unaffected. Do believe though if UK gov is trying to put onus on hobbyist individuals then UK gov should provide free of charge a tool* that people can use to be compliant as not financially viable for small sites to buy (piss poor waste of money IMHO) anyway as full of false positivises and yet manage to miss subtly worded but deeply offensive content) commercial solutions.

          * there is no such useful tool** (obv), but it should be a legit argument as with unclear guidelines then only way to be sure is to run a govt provided free tool on your site

  3. that one in the corner Silver badge

    Specifically says that user-generated content is not provider content

    > "posting comments or reviews relating to provider content" (eg, comments about bikes posted to a bike blog)

    So if a comment section veers off-topic from its TFA, in particular starts discussing other comments, it stops being related to provider content and then *does* become the responsibility of the website?

    This gets a bit silly and meta, but especially if comments are plucked from the web page and presented out of context...

    1. Paul Herber Silver badge

      Re: Specifically says that user-generated content is not provider content

      "comments are plucked"

      Plucking is to covered by separate legislation yet to be written (however badly).

  4. Mockup1974

    The root cause of the issue is that the UK* doesn't have freedom of speech

    Probably best to do all your Internet communication through a VPN server in the US and give them an American phone number if needed - that way authoritarian governments will by default assume you're enjoying your First Amendment rights even if you don't actually have them.

    * (nor any other European country)

    1. Anonymous Coward
      Anonymous Coward

      Re: First amendment ?

      Er, is this in a country that is busy passing laws that you can't criticise DOGE ? And where several state legislatures are debating banning criticising the president ?

      With a Supine court that takes a very narrow view of the constitution.

      1. Anonymous Coward
        Anonymous Coward

        Re: First amendment ?

        Don't forget they're *also* now telling academics that they can't publish papers which contain certain words

        1. SundogUK Silver badge

          Re: First amendment ?

          Citation?

          1. Anonymous Coward
            Anonymous Coward

            Re: First amendment ?

            Here's Reuters covering it: https://www.reuters.com/world/us/us-cdc-orders-pullback-new-scientific-papers-involving-its-researchers-source-2025-02-02/

            >The U.S. Centers for Disease Control and Prevention is seeking to withdraw all papers involving its researchers that are being considered for publication by external scientific journals to allow for a review by the Trump administration, a federal official told Reuters.

            > ...

            >

            > The review is aimed at removing language to comply with President Donald Trump’s executive order saying the federal government will only recognize two sexes, male and female.

            >

            > Inside Medicine published a list of specific words targeted for removal in the communications review, including gender, transgender, LGBT (lesbian, gay, bisexual and transgender) and nonbinary. The federal official said that such a list went out from CDC to its divisions.

            1. Yet Another Anonymous coward Silver badge

              Re: First amendment ?

              Waiting for chemistry depts to be banned from using cis or trans

              1. Paul Herber Silver badge

                Re: First amendment ?

                What about that Gay-Lussac's law then?

                1. Yet Another Anonymous coward Silver badge

                  Re: First amendment ?

                  He was French, it's now Freedom Law

                  1. Ken Shabby Silver badge
                    Big Brother

                    Re: First amendment ?

                    Seems the days of Faggot cells are numbered.

              2. DuchessofDukeStreet

                Re: First amendment ?

                Never mind chemistry depts - you already cannot post on X using the word "cisgender", regardless of context. You think he's not going to want to apply the same rules to the rest of the US?

                1. Outski

                  Re: First amendment ?

                  WTF?? "cisgender"? OK, so X now won't allow any discussion of gender identity?

                  So I, as a declared cisgender male, can't now discuss gender issues with a (presumed now former-) correspondent on X who happens to be a trans woman (and priest)?

                  Seriously, is it that bad? I'll admit I use it much less than I used to*, but Xitter shutting down discussion of major themes of social policy and mental health is more than head-up-the-arse backwards.

                  *and I mostly use it to talk about cricket.

                  1. tiggity Silver badge

                    Re: First amendment ?

                    No need to use the word "cisgender" - a recently coined pointless word, just use male or female depending on your chromosomes..

                    For men that like to do woman face (or flipside, women that like to try & pretend to be men) then they can use whatever trans descriptions they like. Personally for a "trans woman" then the old school "transvestite" still does the job.

                    One of my degrees was biology based so I'm quite keen on the concept of biological sex and the fact that you are either male or female (even factoring in various odd chromosomal syndromes such as Kleinfelter etc. & DSDs (external genitalia appearance with some DSDs may mislead, chromosome test may be needed when ambiguous ))

                    1. Outski

                      Re: First amendment ?

                      sex is not necessarily equal to gender

                    2. teebie

                      Re: First amendment ?

                      'needed'?

              3. Jimmy2Cows Silver badge
                Big Brother

                Re: Waiting for chemistry depts to be banned from using cis or trans

                Anyone in the space industry should also look out. NASA and astrophysicists for instance... No "cis-lunar operations" "or trans-Neptunian orbit" naughtiness for you. Off to the re-education centres for you.

                That said I half expect NASA to be shut down, or become a wholy-owned subsidiary of SpaceX, so Musk can bury SLS once and for all, and divert NASA's entire budget to his own goals. And I'm not sure it's only a half-expectation.

            2. Neil Barnes Silver badge
              Big Brother

              Re: First amendment ?

              Why on this green earth does the content of a scientific paper need to care about what the government recognises? At worst, the government might care to disagree with such a paper.

              And doesn't the USA proudly have the first amendment to the constitution, in which we learn that 'Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.'

              Oh, sorry, I forgot. They've always been at war with Eastasia, right? This week?

              1. Yet Another Anonymous coward Silver badge

                Re: First amendment ?

                >Congress shall make no law

                See, doesn't say anything about a President making a law

              2. collinsl Silver badge

                Re: First amendment ?

                Unfortunately US government employees don't have freedom of speech for official matters, and Trump is interpreting the definition of "official matters" very widely.

                The problem stems from the fact that the USA is not one big country, it's a federation of states. And because the founding fathers (quite rightly for the time they lived in) wanted a political system which did not allow a central government to unduly restrict the rights of the individual states, they explicitly said that any rights not reserved to the US government by the constitution (or amendments thereto) were reserved to the states, which in turn restricts what and how much the US government can do or say, since they cannot invade the rights of either their citizens or the states.

                Therefore the Federal government must be so disposed and set up such that it only deals with or has official positions on things which are explicitly within it's jurisdiction, which means that Presents or Congresses must be equipped to restrict the activities of the various government departments so that they can't stray into areas which aren't reserved to them to work in.

                Therefore the President has broad executive power to restrict what official Government publications can say or what positions they take - hence his executive order that there are only two genders and that all DE&I language must be removed from all Federal Government publications, hiring practices etc.

                1. Herring`

                  Re: First amendment ?

                  Pedant: The 10th Amendment wasn't a founding fathers' thing. Some of them opposed it.

                  O/T: I am a little surprised that Musk hasn't yet sued to be listed as one of the founding fathers.

              3. Yet Another Anonymous coward Silver badge

                Re: First amendment ?

                > scientific paper need to care about what the government recognises

                You know the country that discovered nuclear fission and then tried to make a bomb without using any science from people whose ethnicity they disapproved of. Well they only got a silver medal in WWII

                Or the country that based it's agriculture on genetics where the seeds would naturally improve by being properly educated in political economics, and then had a famine that killed 20M people

                1. Anonymous Coward
                  Anonymous Coward

                  Re: First amendment ?

                  I hadn't made that connection between Trofim Lysenko and Robert Kennedy Jr before, but it's a very apt one. Charlatans who havr the ear of an authoritarian leader.

              4. jpennycook

                Re: First amendment ?

                The President isn't Congress, maybe he can make his own laws

            3. Missing Semicolon Silver badge

              Re: First amendment ?

              I suspect this is a bit of malicious compliance.

      2. Anonymous Coward
        Anonymous Coward

        Re: First amendment ?

        Link to law that says you can't criticise DOGE?

        1. Steve Davies 3 Silver badge

          Re: Link to law that says you can't criticise DOGE?

          There isn't one BUT

          Musk can afford to hire every lawyer in the USA. They will tie you up in bogus law suits from here to eternity if you dare criticise him or DOGE(Y).

          Face it people. Musk has learned from Trump how to game the legal system and drag it out for years with motions and appeals that have no merit but they all need to be briefed and ruled on. That costs a whole heap of money which most people don't have.

          Rule 1 of Trump 2.0.

          Don't slag off Trump or President Felon Musk.

          1. Outski

            Re: Link to law that says you can't criticise DOGE?

            Musk can afford to hire every lawyer in the USA. They will tie you up in bogus law suits from here to eternity if you dare criticise him or DOGE(Y).

            And not every state has anti-SLAPP laws.

    2. Jamie Jones Silver badge

      Re: The root cause of the issue is that the UK* doesn't have freedom of speech

      I hope you aren't American, seeing as you have no clue what the First Amendment actually says or means.

      You realise that US ISPs can legally log your traffic and sell it to ad companies?

      https://www.theregister.com/2017/03/23/senate_votes_to_let_isps_sell_browser_histories/

      "In 2017, Trump repealed Federal Communications Commission regulations which protected online privacy. The rules, established under the Obama administration, required internet service providers to obtain consent from customers before sharing their personal data."
      - https://www.tomsguide.com/computing/online-security/what-does-a-second-trump-presidency-mean-for-data-privacy

      https://www.google.com/search?q=trump+us+isps+log+traffic+legal

      1. Mockup1974

        Re: The root cause of the issue is that the UK* doesn't have freedom of speech

        Privacy laws are nice, but what does that have to do with freedom of speech?

        1. Jamie Jones Silver badge
          Facepalm

          Re: The root cause of the issue is that the UK* doesn't have freedom of speech

          Nothing. I didn't say it did.

          I said:

          1) Your "solution" to "save freedom of speech" shows that you don't understand what the first amendment means. Do you really need it broken down even further? Look it up.

          2) I pointed out that in addition to that fallacy, the USA is so owned by corporations that your internet connection via there will leak like a sieve.

  5. elsergiovolador Silver badge

    Bet

    I bet when this happens on a big corporation's website, there will be dinners, meetings, perhaps champagne, some "sweeteners" and matter will go away.

    When it happens on a small site, there will be penalties, hounding, harassment, bankruptcy and site closure.

    Just appears to be systematic lawfare from many angles to finish off small businesses and working class initiatives.

    1. Doctor Syntax Silver badge

      Re: Bet

      The quickest response will be when OT comments start being posted to MPs' particularly Labour MPs' blogs, ministers' personal blogs or government sites.

      1. Yet Another Anonymous coward Silver badge

        Re: Bet

        They will just move them to Facebook, which is the point of the legislation.

        Want to message your MP? Need to join Facebook

        1. Lon24 Silver badge

          Re: Bet

          On the average Wordpress blog surely all you need to do is make comments subject to admin approval. Bots, malicious actors etc can't post anything directly to the blog. If you then approve it you are then effectively the publisher and should be rightly held liable if it contravenes the law. If you keep to on topic approvals you are exempt.

          It's sensible to do it anyway merely to thwart the spammers.

    2. collinsl Silver badge

      Re: Bet

      They've exempted themselves, as you would have expected them to.

      Online Safety Act 2023 schedule 1 paragraph 9 (1) (b):

      (b)the provider of the service is Parliament, either House of Parliament, the Scottish Parliament, Senedd Cymru, the Northern Ireland Assembly or a person acting on behalf of any of those institutions,
      (bold mine)

      1. amanfromMars 1 Silver badge

        Re: a Bet Best Not to Wager

        Methinks any prospective provision successfully weedling its way into legislation to try to exempt themselves .... https://www.legislation.gov.uk/ukpga/2023/50/schedule/1/paragraph/9 ...... would quite understandably and quite righteously provoke legitimate resistance and be easily perceived and prosecuted as being solely responsible for inciting communal riot and societal revolution very likely to be extremely violent against that and those thinking to make themselves exempt and exceptional.

        And such would be evil .... so it would be best to avoid entertaining that dark and dangerous self-destructive path to ruin and rebellion.

  6. that one in the corner Silver badge

    VPN to connect the family "intranet"[1]

    Cursory reading followed by a run through the online checklist, really hoping I missed a paragraph...

    But what constitutes an "online" service or website? Is it explicitly defined somewhere as something on an IP address that is exposed to the Internet and can be accessed (at least to a login page) by anyone with a just web browser?

    What if the service is only accessible via a VPN - and that has been set up already such that the various households see no functional difference between it and, say, The Register? That is, they just put in the URL and off they go, as it ought to work. Second cousin Timmy (who I don't actually know other from his posts) is letting his school chum Doug post from Timmy's room as Doug has the photos of their garage band[2]

    Note that there are exclusions if the site is only providing access to your businesses Intranet-type stuff (CRM etc) but there is nothing about if you are not a business! And that still leaves a Doug as a problem.

    [1] sorry for using that word

    [2] trying to come up with a reasonable scenario that includes a wider group of people

    1. Fonant Silver badge

      Re: VPN to connect the family "intranet"[1]

      Yes, the "business intranet" exemption should really be extended to "services limited to a small specific group of people" or something like that. My family NextCloud instance is technically covered by the Online Safety Act, it's a file sharing and messaging user-to-user service and not internal to a business.

      For now I think the best thing is to carry on as before, the chances of Ofcom even discovering small user-to-user services (within the entire internet!) is minuscule. And they promise to "work with" services and to "be constructive". Fines and criminal sanctions only follow if they think you're obstructing their aims. They do like saying "£18 million maximum fine!" though - I think it makes them feel they have some power that doesn't exist in the real world.

      1. elsergiovolador Silver badge

        Re: VPN to connect the family "intranet"[1]

        How do you define small and specific?

        1. Fonant Silver badge

          Re: VPN to connect the family "intranet"[1]

          The same way you define "significant number of UK users", and "low risk of illegal content being posted", and even what is "email" (since for some reason "email-only" user-to-user communication services are exempt from the Online Safety Act).

          This is the problem with laws. The only way to find out what the law means is to ask a judge in a court of law.

      2. Captain Hogwash Silver badge
        Alert

        Re: ...chances of Ofcom even discovering...

        They will be discovered when a user, aware of the OSA, makes a complaint to Ofcom. Such a complaint is likely to be vexatious.

        1. Fonant Silver badge

          Re: ...chances of Ofcom even discovering...

          I hope Ofcom are ready for a rush of vexatious complaints, and have the staff, capacity and incentive to investigate them all. Spoiler: they don't.

          The Ofcom message to small services is: "show willing, and we'll work with you if it ever becomes necessary".

          1. Aitor 1

            Re: ...chances of Ofcom even discovering...

            But they will have the capacity to investigate those that annoy/offend someone in power.

            This is quite terrible.

      3. Fonant Silver badge

        Re: VPN to connect the family "intranet"[1]

        Update: Schedule 1 Part 1 Paragraph 7(3) says:

        “business” includes trade, profession, educational institution or other concern (whether or not carried on for profit);

        So it depends on what "other concern" might include. Clubs? Family groups?

    2. Fonant Silver badge

      Re: VPN to connect the family "intranet"[1]

      Other examples mentioned at the Ofcom presentations were things like local WI group discussion boards, forums for members of a club or interest group.

      Even if you hide everything behind a member login system, and restrict who can sign up, it's covered by the OSA unless a "business" runs it for its own internal use.

      1. Yet Another Anonymous coward Silver badge

        Re: VPN to connect the family "intranet"[1]

        >local WI group

        Didn't the WI get listed as a terrorist organisation after the Blair Impoliteness Incident?

        1. Anonymous Coward
          Anonymous Coward

          Re: VPN to connect the family "intranet"[1]

          To be fair, an entire organisation consisting of people like my mum is pretty terrifying.

  7. Andy 73 Silver badge

    Exactly as we all predicted

    A government apparently overrun by legal advisors and lawfare opportunists puts in place legislation that opens the door to legal advisors and lawfare opportunists.. what a surprise. Particularly ironic as we watch America self-immolate through misuse of their overly enthusiastic legal system.

    Dear Rachel Reeves - you want to know why we're not all magically growing the economy for you? It's stuff like this.

    1. Doctor Syntax Silver badge

      Re: Exactly as we all predicted

      I think it's more a case of Politician's Syllogism: Something must be done; this is something therefore it must be done.

      1. elsergiovolador Silver badge

        Re: Exactly as we all predicted

        Could be both...

        You have corrupt politicians with vested interests and then you have politicians who only care about getting paid and doing "something".

      2. Andy 73 Silver badge

        Re: Exactly as we all predicted

        I'd suggest, Politician's Hammer: I studied law, everything looks like a nail.

        1. Yet Another Anonymous coward Silver badge

          Re: Exactly as we all predicted

          Also helps if you're Facebook and backing grass-roots campaigns that 'something must be done' and helping draft legislation that only a Facebook could afford to obey

    2. Richard 12 Silver badge

      Re: Exactly as we all predicted

      This was a Conservative Party thing through and through.

      The Bill received Royal Assent on 26 October 2023 under Sunak.

      Labour did offer a few amendments, but all were defeated - it's Sunak's text.

      1. Anonymous Coward
        Anonymous Coward

        Re: Exactly as we all predicted

        No use arguing mate, Andy 73 gets his facts from the Daily Heil.

      2. breakfast Silver badge

        Re: Exactly as we all predicted

        Given that the PM is determined to cut needless red tape, this is one of the pieces of genuinely needless red tape that is interfering with british businesses and is likely to impede our access to the wider internet.

        1. Mark Lawson

          Re: Exactly as we all predicted

          True - but as its the "online safety act" the entire thing comes under the banner of "won't someone think of the children*" (*not like that!) which means that its a shit sandwich that no party wants to be seen as blocking...

  8. saxicola

    Does anyone know how this apples to IRC? The whole point of IRC seems to fall foul of the act.

    1. Neil Brown

      Does anyone know how this apples to IRC?

      IMHO:

      * IRC is a "user-to-user service"

      * whether a particular implementation of it is a "regulated user-to-user service" will depend on who is using it and how. For internal-only business conversations? Probably out of scope. Used for customer support / enquiries? Probably in scope.

      1. Fonant Silver badge

        Re: Does anyone know how this apples to IRC?

        * For any non-business use? Probably in scope.

    2. Fonant Silver badge

      See also: federated user-to-user services like Mastodon.

      Ofcom are currently "thinking about" how the OSA applies to mastodon server providers.

      With any luck the excitement will die down soon, and we can quietly carry on as before. If not, a lot of benign stuff will be turned off. Or will go underground, well out of reach of government view.

      1. Dr Dan Holdsworth
        Black Helicopters

        Most likely we simply add a VPN terminating in a neutral country to the cost of doing business in the UK.

  9. Ball boy Silver badge

    Vague definitions

    References to [a] 'significant number of UK users' and the term 'reasonable' allow various interpretations. This means the OSA can be invoked for pretty much anyone's Internet-based service and the matter left to the courts to decide if the case is valid or not. Ultimately, this means it comes down to resources: if the defendant can afford lawyers who can undertake sufficient research and present a solid case then the accused will probably be found innocent unless there's a very clear example of deliberate abuse, intent to cause offence, etc. Of course, most people can't afford the kind of work this would take and will be forced into pleading guilty. While the court will probably be lenient towards a first offender who just happens to fall foul of the interpretation, the 'site goes offline and the owner is left with a criminal record for life.

    Big business that can afford the legal research and so on will fight - and an out of court agreement is probably the best outcome because, were OFCOM to lose, the precedent could seriously undermine any future case they want to bring.

    I note that, aside from excluding their own government services from the OSA, there's also a clause that states any foreign business can be excluded if prosecution might hurt international relations. In short, we can break the rules and so can our friends but *you* can't.

    1. Anonymous Coward
      Anonymous Coward

      Re: Vague definitions

      > Big business that can afford the legal research and so on will fight - and an out of court agreement is probably the best outcome because, were OFCOM to lose, the precedent could seriously undermine any future case they want to bring.

      I think the law will face judicial reviews and legal challenges to this law from rights groups while there huge backlash from the public when sites start blocking the UK leading to the UK gov backtracking hard and bringing the law more in line with the EU DSA and getting rid of the AV parts.

  10. druck Silver badge
    Unhappy

    Run and hide

    I see many sites closing down their comment sections altogether, rather than risk being subjected to this thoughtless and over-broad law, maybe even here The Register.

    1. Anonymous Coward
      Anonymous Coward

      Re: Run and hide

      Hopefully that does not happen. The whole law is a mess.

    2. Fonant Silver badge

      Re: Run and hide

      Good Point.

      If the presence of off-topic comments, and comments replying to other users, make a comment section "in scope", then El Reg will need to comply with the OSA.

      Along with trillions of other websites around the world. <jazz voice>Nice!</jazz voice>

    3. Dan Watson

      Re: Run and hide

      Playing devil's advocate here (and hoping I don't get sued by Satanists for taking their God's name in vain - or Christians for blasphemy):

      Do we actually need a world where every article, theory, blog etc is open to fierce debate publicly among anonymous individuals that have no idea what they're talking about?

      Are there too many back-bedroom experts ready to comment on subjects with knee-jerk reactions based purely on opinion and the opinions of others formed through consuming content delivered to them by algorithm?

      Would it lead to a drop in mainstream media reporting that 'last night', 'sources' criticised a scientific thesis that goes against out 'racist/religious/political/ability to sell headlines' [delete as required] beliefs - with [sources] being Twitter users and comments? Is it no different to writing an article about that people were talking about in the pub?

      Of course, there is a big difference between Freedom of Speech in discussion or opinions and the Freedom of Speech that Trump and his Musky warriors are advocating - being able to say what you want without consequence. Obviously that's not freedom of speech, it's freedom from consequence. Big difference.

      But even so it's nice to take an article at its face value with the need to have social media integrated into it - in my opinion of course.

      1. seldom

        Re: Run and hide

        you forgot the troll icon

  11. andy gibson

    is the existing act fit for purpose?

    This was in the news yesterday:

    Mumsnet targeted with child sexual abuse images

    https://www.bbc.co.uk/news/articles/c93qw3lw4kvo

    Not the first time poor moderation of that site has been questioned.

    The Online Safety Act threatens fines and / or prison time.

    "A Met spokesperson told the BBC it was investigating and no arrests have been made."

    Does anyone think there will actually be any?

    1. Brewster's Angle Grinder Silver badge

      Re: is the existing act fit for purpose?

      https://www.bbc.co.uk/news/articles/c93qw3lw4kvo

    2. Anonymous Coward
      Anonymous Coward

      Re: is the existing act fit for purpose?

      It's odd that the individuals who strike out at mumsnet and other conservative discussion spaces always have so much CSAM to hand.

      1. midgepad

        Re: is the existing act fit for purpose?

        Mumsnet Conservative??

        1. Anonymous Coward
          Anonymous Coward

          Re: is the existing act fit for purpose?

          When it comes to certain issues, yes. For example, gender critical beliefs. It's less the commonality with political alignments of the supporters and more commonality in those seeking to disrupt conversations they view as verboten.

          1. tiggity Silver badge

            Re: is the existing act fit for purpose?

            You do realise the Communist Party of Great Britain supports GC beliefs - they are generally regarded as quite left wing so arguably not conservative.

            As the TRAs (mainly mens rights activists / mysogynists) are really bad for women and girls then no surprise a site for mums (female) would be gender critical.

            The only people against GC beliefs are misogynists, those who fail to understand basic biology, those conned by the trans rights activists those who think they can virtue signal by being pro trans or those too scared to speak out.

    3. Fonant Silver badge

      Re: is the existing act fit for purpose?

      From what I've read of the Act, I don't think "running a service which has had illegal content posted on it" is a criminal offence.

      The act of posting illegal content is quite probably a criminal offence.

      The offences in the OSA are all concerned with service providers refusing to assist Ofcom with their enquiries.

  12. Pascal Monett Silver badge
    Stop

    "an AI-generated explicit image posted to a bike blog"

    This nonsense needs to be stopped.

    Pseudo-AI should not be allowed to publish anything anywhere.

    It's not an opinion if it was generated by a hallucinating data center.

    I actually prefer reading nonsense from AManFromMars (not that I do, with the years, I have developed a very efficient visual filter, but still).

    1. Yet Another Anonymous coward Silver badge

      Re: "an AI-generated explicit image posted to a bike blog"

      I call on the government to go further and say that images created by any mechanical contrivance should be banned.

      If people want to look at pictures of men's dangly bits they should have to come and look at what I painted on my ceiling

  13. Anonymous Coward
    Anonymous Coward

    Understanding? Grip? Don't Hold Your Breath!!!!!

    Quote: ".....UK Online Safety Act may not be safe for bloggers......"

    Bulls**t!!!! More c**p from lawmakers who say they are "doing something"..........................

    But what about the hopeless, completely INEFFECTUAL stuff they did ...... way back when?

    GDPR IS A JOKE

    - https://www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act

    - https://www.theguardian.com/society/2023/may/27/nhs-data-breach-trusts-shared-patient-details-with-facebook-meta-without-consent

    PALANTIR IS A THREAT

    - https://www.theregister.com/2024/09/05/fdp_lacks_legal_basis/

    MORE MISDIRECTION FROM SW1

    ........ private control (e.g. Google, Meta, Palantir) is a MUCH BIGGER threat............than a few bloggers!!

    I wonder when the lawmaking folk in SW1 will actually GET A GRIP?

  14. Tron Silver badge

    UK law in a nut shell.

    Citizen: "B-b-but we're innocent, Judge!"

    Dredd: "Nobody's innocent, citizen. We're just here to determine the level of your guilt." [2000AD prog 338.]

  15. Ball boy Silver badge

    There's a glaring dichotomy here

    Successive gubberments have pushed for the UK to become an 'AI centre of excellence' - who can forget the Musk/Sunak love-in interview? Equally, Starmer's made a big thing of AI companies setting up here and working wonders on the UK economy.

    However, there's a big problem here: there's always a danger an LLM-based product might go off on a tangent and say something that might be seen as encouraging, say, self-harm (telling kids to use adhesives to stick items to pizza, anyone?). Embarrassing, yes - but investors can weather a little of that and the biz. - if they're smart - might be able to spin some useful publicity from it.

    What investors certainly won't want is for their cash to be frittered away on a legal battle over OSA terms: that'll never generate income, a good public image or encourage more investment. Heck, it might just sink the business outright, taking the investment capital with it. If I were looking to fund or start up any kind of user-facing interactive IT service (especially one with any form of LLM at its heart), I might be well advised to avoid a UK operation.

  16. mnot

    Same in Australia.

    See: https://www.mnot.net/blog/2022/09/11/esafety-industry-codes

  17. J.G.Harston Silver badge

    Hello Mr Register. Is it snowing over there?

    (ducks, runs away....)

  18. Anonymous Coward
    Facepalm

    Storm in a Teacup

    Literally the requirement is, "do the online assessment (it's basically a multiple choice "online trainings" thing. Know the sort of dick things people can post ("coercion" for example, has nuances that nice people might not be aware of). Promise to and explain how you intend to police it. Stick it on your website so people know how to and who to complain to. Do the thing."

    The following is a direct quote ffrom the Ofcom site...

    "Take proportionate measures to:

    prevent your users from encountering priority illegal content

    mitigate and manage the risks you have identified of harm to individuals

    mitigate and manage the risks you have identified of your service being used for the commission or facilitation of priority offences

    Use proportionate systems and processes designed to:

    swiftly take down any priority illegal content and minimise the time it is present on your service

    swiftly take down any other illegal content when you become aware of it

    Explain how you’ll protect users from illegal content in your terms of service, and apply these provisions consistently"

    They provide an online tool that helps you do exactly this. https://www.ofcom.org.uk/os-toolkit/assessment-tool

    So yes, you want to be monitoring your email for people complaining about evil stuff being posted on your website and delete them ASAP. Oh, and you have to know who is responsible for that.

    "Proportionate", "Remove", "Mitigate", "Explain" - not exactly onerous. It is trying to up the game and the background training of the industry... like requiring https on financial transactions, it is something right thinking individuals should do anyway.

    This exactly reminds me of the whole 1984 Data Protection Act, GDPR, panics... oh, "the local WI will have to register with the DP registrar" and will "get fined £5 million if Muriel forgets to use Bcc". Which turned out to be "don't keep sensitive data, try not to lose any data you do keep, and tell people if you do".

    A good example would be "letting friends know your location at all times, and let them receive alert messages" sounded like a great to me, until it was pointed out that it can be used for coersion in abuse relationships. Another one is having a social media group chat to allow caregivers to communicate can facilitate forms of abuse. People do need trained in this... and that is what the assessment tool endeavours to do.

    The assessment is really not onerous. You do not have to shut down your 20 year old cycling blog, just keep an eye on it.

    1. Anonymous Coward
      Anonymous Coward

      Storm in a Teacup! Really?

      Dear AC:

      The next thing we will hear............

      The "authorities" will have the power to open any snail mail item (you know, Royal Mail, Fedex, UPS.....) to make sure that the content of said item CANNOT POSSIBLY OFFEND ANYONE.

      Explain to me why this new regulation would be any different from the one being discussed here on The Register.

    2. Fonant Silver badge

      Re: Storm in a Teacup

      Speaking as a forum admin, I agree on a top-level basis. I am not shutting down my 18 year old cycling forum, at least not yet.

      I've got very close to deciding to close it, though, while listening to the series of Ofcom presentations on the OSA earlier this week. The more you delve into the details, the more vague the whole thing is.

      This Act creates a whole new set of legal duties that I have to comply with. With legally-required risk assessments that are entirely my responsibility.

      It has taken weeks to get a basic understanding of what the Act says, and the duties that Ofcom is imposing on all user-to-user service providers. We still don't have answers to several fundamental questions, and the whole thing is written from the point of view that all online services are run by businesses (The "nominated person responsible for risk assessments" has to officially report their findings to a more senior person, for example. While "internal business user-to-user services" are exempt, internal services used by any other group of people such as families or clubs, are not exempt).

      The GDPR was quite different. It did not cover data for personal or organisational use: we didn't have to register our address books, or our club membership databases, with the government.

      The OSA most definitely does cover online user-to-user services, even if restricted to family groups, or clubs and societies. Run a small club-only forum? Comments on your website? You need to read all the reams of documentation, try to answer the questions in their "tool", carry out a risk assessment and a child access assessment, document it all, update your terms and conditions, create new procedures for people to report content and complain, add your name as the person responsible: then cross your fingers that your understanding of your new legal duties is correct.

      1. cmacleod

        Re: Storm in a Teacup

        It doesn't end there. If and when you receive a report of "illegal content" *you* have to decide whether it really is illegal, bearing in mind that the act also imposes "a duty to have particular regard to the importance of protecting users’ right to freedom of expression within the law". Ofcom have produced a document specifying how this should be done, which I have just started reading, but it's 457 pages!!! - https://www.ofcom.org.uk/siteassets/resources/documents/online-safety/information-for-industry/illegal-harms/illegal-content-judgements-guidance-icjg.pdf .

    3. Richard 12 Silver badge

      Re: Storm in a Teacup

      The real question is about enforcement.

      If Ofcom decide to take you to court, that's seriously expensive - regardless of whether you win or lose.

      1. Anonymous Coward
        Anonymous Coward

        Re: Storm in a Teacup

        @Richard_12

        Quote: "....enforcement...."

        Where did you find that concept?

        (1) The Met Police employ people like Wayne Couzens, David Carrick, Lino Di Maria......."enforcement"......dream on....

        (2) 30mph speed limit in populated neighbourhoods............."enforcement"......dream on....

        (3) Royal Free Trust exports 1.6 million citizen medical records to Google.....GDPR??..........."enforcement"......dream on....

        ......so.....dream on....THERE IS NO BUDGET FOR ANY ENFORCEMENT.........................

        1. Anonymous Coward
          Anonymous Coward

          Re: Storm in a Teacup

          Quote: "...THERE IS NO BUDGET FOR ANY ENFORCEMENT....."

          ...and the lawmakers in SW1 know this......

          ....and they don't care....because they "are doing something"..............

    4. tiggity Silver badge

      Re: Storm in a Teacup

      @AC

      Though for a "one man band" short on time & resources (i.e. it's not your job just a hobby site) it can become onerous.

      All you need are a group of bad actors to spam offensive content to your site and you can easily be overwhelmed.

      Lets take a cycling site - not impossible fr it to be attacked by a concerted effort from wankpanzer* drivers (not known for their love of cyclists)

      * AKA Chelsea tractors (for none UK readers, big SUV style vehicles that never go off road and are totally unsuitable for generally small & shit UK urban roads

  19. Anonymous Coward
    Anonymous Coward

    Listen sunshine

    We make the laws, we’ll interpret them any way we damn well like.

    OK?

    The Establishment

  20. Dr Dan Holdsworth
    Pirate

    Usenet?

    I strongly suspect that Usenet is something that these legislators have never even heard of, much less encountered.

    In this space, in groups like alt.2600 and the monastery, the content is all moderated. There is not however a moderator at all, ever; one simply forges approved headers in order to gain approval for one's message. This is the approved method for posting, so how OFCOM will cope with that is anybody's guess.

  21. Anonymous Coward
    Anonymous Coward

    U.K. orders Apple to let it spy on users’ encrypted accounts

    https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/

  22. Anonymous Coward
    Anonymous Coward

    UK demands ability to access Apple users’ encrypted data

    https://www.theguardian.com/technology/2025/feb/07/uk-confronts-apple-with-demand-for-cloud-backdoor-to-users-encrypted-data

  23. Grinning Bandicoot

    And people wonder why there are so few small start-ups in the world. Though the penalalty is severe, it opens a new market for insurance with premiums only a large established firm would be able to pay.. Then there is the question of harmfulness - Kittens picture distress me and I find them very harmful to my emotional health. And worst is all that trash at election time every time I see or hear _____, I get so sick why can't _____ just get the position .

    Wonderful rule! Would have made King John proud if he thought of it.

  24. JamesMcMain

    This is a very educative write up

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like