UK's top tech cop tells platforms how to comply with tough new online safety rules

Ofcom outlined new codes of practice that it wants platforms like Google, Apple, Meta, Amazon and Microsoft, to follow under its tough new online safety laws.

UK's top tech cop tells platforms how to comply with tough new online safety rules

British media watchdog Ofcom on Wednesday issued new guidance to technology platforms requiring them to take tougher action against harmful and illegal content.

Ofcom is hoping to get digital giants like Google, Apple, Meta, Amazon and Microsoft on board with its guidelines after King Charles III gave the final green light for tough new laws, known as the Online Safety Act.

Ofcom is the chief regulator under Britain's Online Safety Act, with powers to enforce the regulation and levy fines against tech companies. The law gives the watchdog powers to levy fines of as much as 10% of companies' global annual revenues for breaches, and even threaten potential jail time for executives over repeat breaches.

Ofcom outlined what it called new codes of practice for digital platforms, which it wants them to follow in order to limit the harmful and toxic content users — particularly children — encounter online.

Ofcom's codes of practice are nonbinding and act as a "safe harbor," meaning services can take a different approach to meet their duties if they wish. However, the companies must follow the duties encompassed in the law, as required, meaning they'll still have to show to the regulator that they're taking action to clean their services of illegal content.

"There is the stick. The sticks are there," Gill Whitehead, of Ofcom, told CNBC's "Squawk Box Europe" on Thursday. "The sticks are around the ability to fine 10% of global turnover. The senior manager liability, the ability to prosecute senior managers."

"And we also have powers to disrupt services. We can disrupt their payment providers or the services themselves to ensure they can't be seen in the U.K. What we want to do is work really closely with the tech firms so they actually comply because that leads to safer experiences for our children."

In the codes, Ofcom recommends that services put in place a series of measures, including ensuring that content moderation teams are appropriately resourced and trained, and that content-flagging systems are easy to use.

Ofcom also wants platforms to ensure that users can block other users, and to put in place risk assessments for when platforms make changes to their recommendation algorithms.

Beyond this, Ofcom also wants online platforms to take a series of steps to combat child sexual exploitation and abuse, fraud, and terrorism.

This includes using a technology called "hash matching" to detect and remove such material — in other words, companies would be required to pair up digital fingerprints for individual pieces of content called "hashes" against a database of known illegal and harmful content.

Crucially, Ofcom said that it was not looking to break end-to-end encryption, a mechanism that platforms like Meta-owned WhatsApp and Signal use to allow users to send messages securely from one person to the other. This is a big point of contention for those platforms, which had warned they may leave the U.K. if forced to weaken encryption.

Google, Apple, Meta, Amazon and Microsoft did not immediately return requests for comment.

Consumer rights group Which said it hopes that Ofcom does not water down its enforcement actions under the scope of the laws.

"Social media firms and search engines need to be held to a high standard and Ofcom cannot shy away from taking strong enforcement action, including fines, against firms if they break the law," Rocio Concha, Which's director of policy and advocacy, said in a statement.

The regulator will seek comments from stakeholders in response to the proposals. The consultation period will close on Feb. 23, 2024, after which Ofcom plans to publish the final versions of its guidance and codes of practice no later than winter 2024. After that statement is issued, services will have three months to conduct risk assessments.

The U.K.'s Online Safety Act has been in the works for the last four years. It originated in the form of the Online Harms White Paper, and sought to clamp down on harms found on social media, such as content promoting illegal drug taking, terrorism, self-harm or suicide.

The European Union has its own law, called the Digital Services Act, while several lawmakers in the U.S. are looking to reform a law called Section 230 which provides platforms with an exemption to liability for what their users post.