Re: Why?
It's not hard to find, and it has consequences for the whole world if it passes.
https://bills.parliament.uk/bills/3137/publications -> https://bills.parliament.uk/publications/52368/documents/3841
An order requires the provider to:
(i) use accredited technology to identify terrorism content communicated publicly by means of the service and to swiftly take down that content;
(ii) use accredited technology to prevent individuals from encountering terrorism content communicated publicly by means of the service;
(iii) use accredited technology to identify CSEA content, whether communicated publicly or privately by means of the service, and to swiftly take down that content;
(iv) use accredited technology to prevent individuals from encountering CSEA content, whether communicated publicly or privately, by means of the service; or
(b) to use the provider’s best endeavours to develop or source technology for use on or in relation to the service or part of the service, which [achieves those purposes]
"Accreditation" of the technology is punted to the Secretary of State in 126(12) and (13):
(12) For the purposes of this Chapter, technology is “accredited” if it is accredited (by OFCOM or another person appointed by OFCOM) as meeting minimum standards of accuracy in the detection of terrorism content or CSEA content (as the case may be).
(13) Those minimum standards of accuracy must be such standards as are for the time being approved and published by the Secretary of State, following advice from OFCOM.
So at least the standards have to be published, and are not kept secret. It's unclear to me whether the notices themselves will be published, and/or whether the recipients of such notices will be able to publish their existence.
However, note also 126(5):
A notice given to a provider of a Part 3 service requiring the use of accredited technology is to be taken to require the provider to make such changes to the design or operation of the service as are necessary for the technology to be used effectively [my emphasis]
That is: not only could WhatsApp be required to implement client-side scanning, they could even be told to stop using end-to-end encryption, if that were to interfere with the government order.