Online Safety Bill Guide

cyber security services uk


new online safety law guide ig smart ltd

Online Safety Bill Guide: All you need to know…for now

By UK Lawyer & University Law Lecturer, Mithurja Pathmanathan 

On 12 May 2021, the United Kingdom (UK) Government published its draft Online Safety Bill (“the Bill”) which seeks to provide enhanced and ground-breaking protection to internet users of the UK. The Bill places a heavy burden on digital businesses to comply with the aims and objectives of the legislation and has delegated the scrutiny of its compliance to Ofcom, the UK’s communications regulator. Aside from criminal sanctions and other penalties, non-compliance could cost digital service providers up to £18 million or 10% (that’s 6% more than the fines organisations face for breaches of the General Data Protection Regulation) of qualifying worldwide turnover (whichever is higher).

online safety bill guidance

Who will need to comply?

The Bill applies to providers of two types of “regulated services”, which are as follows:

  1. user-to-user services: an internet service where content generated by a user of the service, or uploaded to or shared on the service by a user of the service, may be encountered by another user, or other users, of the service (Part 1 Article 2(1) of the Bill); and
  2. search services: search engines which permit users to search multiple websites and databases (Part 1 Article 2(5) of the Bill).

Only regulated services which have links with the UK are covered by the Bill. In essence, this means that the service is capable of being used in the UK by individuals, and there are reasonable grounds to believe that there is a material risk of significant harm to individuals in the UK.

Also, only regulated content, i.e., content which are not emails, SMS messages, MMS messages, comments and reviews on provider content, one-to-one live aural communications, paid-for advertisements and news publisher content, are covered by the protections offered in the Bill.

uk online safety act guidance ig smart ltd

What are the new online safety legal duties? 

The Bill sets out a number of specific and common duties of care on providers of regulated services to prevent the spread of illegal content, such as posts related to terrorist material, child and racist abuse and “legal but harmful” content. In addition to the duties, regulated service providers codes of practice must comply with codes of practice which will be set by Ofcom.


Duties applicable to all providers of regulated services are:


Part 2 of the Bill distinguishes between duties owed to regulated services accessible by adults and those which are likely to be accessed by children.


The common requirements for both types of regulated service providers are:


  1. carrying out and maintaining illegal content risk assessments;
  2. taking steps to mitigate and manage risks of harm caused by illegal content;
  3. protecting freedom of expression and privacy;
  4. providing a reporting and redress mechanism for users, e.g., take down requests from users; and
  5. keep clear and transparent records to evidence compliance.


Additional duties, such as conducting a children’s risk assessment, taking proportionate steps to mitigate and manage the risks of harm to children, having systems and processes in place that prevent children from encountering harmful content and specifying such measures in its Terms of Service in a clear and accessible way, apply to providers of user-to-user services which are likely to be accessed by children are.


Further specific duties owed by providers of user-to-user services include:


  1. carrying out risk assessments in relation to harmful content (not just illegal content);
  2. a duty to protect adults’ online safety;
  3. a duty to protect content of democratic importance;
  4. a duty to protect the free expression of journalistic content; and
  5. additional reporting obligations.


A second reading in Parliament is set to take place in April 2022. The Bill remains under the scrutiny of the joint select committee of MPs and is not expected to come into effect until next year.


If you have any questions or would otherwise like to discuss any issue raised in this article, please do not hesitate to contact us.

About the Author

IG-Smart Ltd Consultant, Mithurja Pathmanathan is a UK lawyer and University Lecturer, that specialising in international human rights, criminal law, data privacy. Mithurja that was born and raised in Germany to a Sri Lankan family. She completed The Bar Professional Training Course at City University, following on from her first-class law degree at Kingston University (where she now lectures). She gained her first experience in data privacy and protection as an Intern at IG-Smart Ltd, and represented the UK at the international rounds at the International Criminal Court (ICC) in the ICC Moot Court Competition 2019

GDPR Consultancy Cyber Security Consultancy Outsourced Data Protection Officer DPO Services ISO 27001 Certification Cyber Essentials Certification GDPR NHS DSP Toolkit Data Protection Consultancy GDPR Training IG Smart Ltd

About IG-Smart Ltd

IG-Smart Ltd is a multi-award winning data protection, cyber security, and GDPR consultancy, outsourced DPO, ISO 27001 Certification, and ISO 27001 Internal Audit service provider. We are proud winners of the Lawyer International, Global 100, and UK Enterprise Awards for “GDPR Consultancy of the Year” 2020, and 2021, and “Best Cyber Security Consultancy Firm” 2019, 2020, and 2021.

We are Carbon cutting tree planters
We are on a mission to plant 10 million trees over the next 10 years and have partnered with the Denyigba Lorlor Foundation to help us to achieve our mission. This year, we have already helped to plant 10,000 trees over 50 Kilometres  in the Keta Lagoon, in Volta Region in Ghana and have projects in place to plant thousands more.

We create equal opportunities
We are an extremly proud equal opportunities employer and firmly believe that the most successful businesses are the most diverse!

Leave a Reply

Your email address will not be published. Required fields are marked *

Make an Enquiry

    Scroll to Top