The Online Safety Bill was introduced to Parliament on 17 March 2022, having undergone some changes since it was first published in May 2021 (though the government consultations concerning internet safety go further back to October 2017).
The Bill gives Ofcom powers to demand information from companies that are in scope so that it can assess how well platforms are shielding their users from harm. Ofcom will be able to enter company premises to access data and equipment, request interviews with company employees and require companies to undergo an external assessment (including by way of a skilled person report).
It also takes aim at senior managers and employees via the following offences, each of which carry a penalty of up to two years’ imprisonment or a fine:
- offences for companies in scope and/or employees who suppress, destroy or alter information requested by Ofcom;
- offences for failing to comply with, obstructing or delaying Ofcom when exercising its powers of entry, audit and inspection, or providing false information; and
- offences for employees who fail to attend or provide false information at an interview.
In the previous version of the bill, the introduction of these offences was to be deferred for two years but, in its current format, this is reduced to just two months.
So could this trigger a new wave of D&O exposure for companies at large? The short answer is probably not. The Bill will only apply to companies that are “in scope” which appears to be limited to those companies providing user-to-user services, hosting user-generated content and/or providing search services (i.e. search engines). However, companies will need to consider their business carefully to check whether anything could fall in scope, particularly as it is the location of the users that matters when it comes to the geographical reach of the Bill.
With no date yet set for its second reading, it could be some time before the Bill becomes law and it also remains to be seen whether further amendments are made along the way.