Full Report
Social media biz says watchdog's fine formula is 'disproportionate' and should stop counting global revenue
Analysis Summary
# Regulation/Compliance: UK Online Safety Act (OSA) - Financial Framework Dispute
## Overview
The Online Safety Act (OSA) is a comprehensive regulatory framework designed to hold social media companies and search engines accountable for the safety of their users. A central pillar of this act is the enforcement mechanism that allows the regulator (Ofcom) to levy heavy financial penalties and administrative fees based on a company’s "qualifying worldwide revenue." The current legal challenge by Meta disputes the proportionality of using global turnover versus UK-specific revenue for these calculations.
## Key Details
- **Issuing Authority:** Ofcom (UK Communications Regulator)
- **Effective Date:** The Act received Royal Assent in late 2023; fee/penalty structures are currently being implemented/contested (as of May 2026 in context).
- **Jurisdiction:** United Kingdom (with extraterritorial reach for global revenue calculations).
- **Status:** In Effect (Implementation phase for financial levies).
## Requirements
### Mandatory Requirements
1. **Duty of Care:** Platforms must take steps to prevent and remove illegal content and protect children.
2. **Fee Payment:** Regulated entities must pay annual administrative fees to Ofcom to fund the regulatory oversight.
3. **Revenue Reporting:** Organizations must disclose "qualifying worldwide revenue" to determine fee brackets and potential fine ceilings.
4. **Joint Liability:** Services under the same corporate umbrella (e.g., Facebook, Instagram, WhatsApp) may be treated as a single entity for assessing liability.
### Recommended Practices
1. **Revenue Ring-fencing:** Maintain granular financial data that distinguishes between UK-based revenue and global turnover in anticipation of audits.
2. **Transparent Reporting:** Proactively engage with Ofcom regarding the methodology used to calculate global income to avoid "disproportionate" fee assessments.
## Affected Organizations
- **Industries:** Social media platforms, search engines, and any "user-to-user" services.
- **Organization Size:** While all sizes are covered, the financial burden is scaled based on revenue.
- **Geographic Scope:** Any service with a significant number of UK users or that targets the UK market, regardless of where the company is headquartered.
## Compliance Timeline
- **Late 2023:** Online Safety Act becomes law.
- **2024–2025:** Ofcom begins consultation on fee structures and enforcement guidance.
- **May 2026:** Legal challenge (Judicial Review) launched by Meta regarding the "qualifying worldwide revenue" definition.
- **Ongoing:** Periodic reporting and fee payments required based on annual turnover.
## Implementation Guidance
### Assessment Phase
- Determine if the service falls under "user-to-user" or "search engine" categories.
- Calculate total global turnover across all business units to estimate the maximum potential "10% fine" exposure.
### Implementation Phase
- Adjust financial reporting to comply with Ofcom’s "plain reading" of global revenue requirements.
- Implement safety tech (content moderation, age verification) to mitigate the risk of triggering the penalty phase.
### Validation Phase
- Submit annual revenue statements to Ofcom for fee assessment.
- Internal legal audit of the "joint liability" risk for parent companies with multiple regulated subsidiaries.
## Technical Requirements
- **Content Moderation Systems:** Automated and manual systems to identify and remove harmful content.
- **Age Assurance:** Technical measures to prevent children from accessing age-inappropriate content.
- **Reporting Portals:** Interfaces for users to report illegal content, which must be processed within statutory timeframes.
## Penalties & Enforcement
- **Fines:** Up to **10% of qualifying worldwide revenue** or **£18 million**, whichever is higher.
- **Other Consequences:** Business disruption, mandatory service changes, and potential "national infrastructure" scale financial levies for tech giants.
- **Enforcement:** Ofcom has the power to seek judicial reviews and issue binding enforcement notices.
## Related Standards
- **UK GDPR:** Financial penalties under OSA mirror the "global revenue" percentage model used in data protection law.
- **EU Digital Services Act (DSA):** Similar extraterritorial reach and revenue-based penalty structures.
## Resources
- **Official Documentation:** [ofcom[.]org[.]uk/online-safety]
- **Guidance Documents:** Ofcom guidance on "Qualifying Worldwide Revenue" definitions.
## Practical Recommendations
- **Monitor Judicial Review:** Closely follow the High Court case in *Meta v. Ofcom*, as the ruling will decide whether fines are capped by UK revenue or global revenue.
- **Review Corporate Structure:** Organizations with diverse global interests should evaluate how "joint liability" impacts their risk profile if one subsidiary fails an Ofcom safety audit.
- **Budget for Max-Cap Fines:** Legal and compliance teams should treat the 10% global revenue figure as the "worst-case scenario" for risk management purposes until the court rules otherwise.