UK’s Online Safety Act of 2023 in 2025 

Image via Cristian Storto, Shutterstock

***

In 2023, the Parliament of the United Kingdom of Great Britain and Northern Ireland passed the Online Safety Act of 2023, which was intended to create a safer online community, primarily for children, and confer responsibility on social media and search services to limit harmful content and enhance age verification. Specifically targeting age-restricted content, illegal content (such as child pornography and suicide), and harmful content (such as eating disorders or dangerous stunt videos). Ofcom, the United Kingdom’s Federal Communications Commission (FCC) counterpart, is empowered to directly fine companies and hold them criminally liable if they don’t take steps to limit such content and protect users. 

The law was passed over 2 years ago, but debate has increased significantly since age verification was implemented in July. Many websites are now asking for an ID or a selfie in order to view certain content, specifically pornographic and violent media, which is not deemed illegal. The law has drawn both domestic and international criticism as an alleged mass government surveillance and censorship program under the guise of protecting children. 

 It is important to note that within the U.S., the system works differently. Pornography (excluding that deemed illegal, such as child pornography or revenge porn) and violent scenes would be protected by the First Amendment. In Britain, identification is required to view violent images such as those of Gaza. 

In the U.S., we also have Section 230 of the Communications Decency Act of 1996, which states: 

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider,” also called the 26 words that created the internet. This limits a company’s liability for content on its platform and limits the amount of content moderation a company is legally required to practice. Ofcom was given the discretion to take direct actions against companies that violate such practices, a stark departure from U.S. policy.

Back in 2024, the U.S Senate passed the KOSA Act, which aims to do something similar to the act passed in the United Kingdom. It has since stalled in the House of Representatives and was criticized for curbing freedom of speech and the First Amendment, specifically regarding LGBTQ topics and reproductive discussions. If signed into law, it would likely be challenged in the courts on the grounds of the First Amendment. 

The Online Safety Act of 2023 was also criticized by far-right Member of Parliament Nigel Farage and the Center for European Policy Analysis as not being adequate in protecting minors, as many could use Virtual Private Networks (VPNs) to circumvent the restrictions. This could lead people to discover more disturbing content by connecting to much less restricted domains. VPN usage has increased by 1,800% from just a single VPN provider since the act took effect. Nigel Farage called it “Borderline Dystopian.” Many people or groups who bring up concerns to free speech restrictions within the act have been commonly criticized as sympathizing with pedophiles. 

The act is also expected to erode user privacy on certain sites. New regulations would require users to provide additional information to use these sites, leading to concerns of data mining. There is a precedent for data leaks of this kind, with many pornographic sites collecting significant amounts of data, including emails and passwords, which have been leaked in the past. Now the UK government wants to add IDs and photos to a set of data that could potentially be leaked. 

When the act passed in 2023, there were privacy concerns regarding section 122, called the ‘spy clause,’ which would significantly reduce end-to-end encryption of data if the government deems it necessary for public safety. This would open a backdoor in devices for government surveillance and lead to hacker vulnerabilities. The UK government claimed such technology does not exist as of yet, but leaves the door open to that possibility in the future. This has drawn harsh criticisms from Signal and WhatsApp over erosion of privacy, claiming “it’s absolutely a victory” that the UK can’t break end-to-end encryption. However, since the law passed, if the government can develop such technology, it can access private messages. 

There is also evidence that many posts criticizing UK policy have been restricted since the act took effect, suggesting that the law gives the UK government more discretion when it comes to determining what is appropriate. 

There are many positives within the bill, such as restricting epilepsy trolling, cyberflashing, encouraging bodily harm, and deep-fake pornography. Many other forms of pornography were already banned, such as sexual abuse or child pornography. However, this act would do little to restrict access via age verification on many sites due to VPNs and appears to expand government surveillance programs, similar to the Patriot Act in the U.S. 

There are also future implications of the act. The reactions of international companies to wide-ranging restrictions within one specific country have not been tested widely. As previously discussed, primarily U.S.-based companies that were protected by Section 230 in the U.S. would now be expected to have active monitoring in the U.K. Many companies have scaled back moderation since the start of President Donald Trump’s second term. As of now, most challenges are going through British courts and are unlikely to be settled in the near future. With the current popularity of the Reform U.K. Party and the decline of the Labour Party, it is possible that Reform will exert more pressure on the issue as elections approach, leaving the survivability of this bill up to debate. Content moderation is a highly debated topic, and the question of balancing the protections of consumers with free speech is unlikely to be settled anytime soon.

***

This article was edited by Anna-Rose Barnes.