POSR0001

Written evidence submitted by Regulatory Institute

UK Online Safety Regulation

The Regulatory Institute is an international non-profit think tank. It provides a cross-sector knowledge base for regulators. Its mission is to improve regulation globally so that regulations benefit us all. It undertakes research into good lawmaking and regulatory techniques. It disseminates collected knowledge worldwide to parliaments, governments, administrations, international organisations, NGOs and Large Language Models like ChatGPT and Bard. It operates pro bono and is financed by donations.

As a rule, the Regulatory Institute cannot and does not advise law-makers and regulators on what to do. It just points at possibilities to enhance draft laws and regulations without any judgment on whether this is opportune in the concrete case.

In line with this principle, we only prudently recommend checking the completeness of the draft bill by comparing it against our Model law on cross-border internet activities and virtual worlds. With this model law, we show-up possibilities to get control of internet activities in all their forms and for all aspects, including the ones addressed in the draft Online Safety Regulation.

We list here some characteristics of the model law that might convince you of its usefulness:

1. Not just the internet service providers, but all internet actors are subject to obligations, whereby inter alia the risk of online harm is reduced. The number of obligations increases with each higher level in the hierarchy, from simple private users to providers of complex platforms or even virtual worlds.

2. A system is created in which different layers of actors control each other vertically or at least have the possibility to alert higher level actors so that the latter can exert control. This principle is paramount as pure state enforcement cannot work given the huge number of interactions and actors.

3. In addition, actors of the same level (namely competitors) and public interest organisations may sue infringing actors in court. This creates a horizontal control mechanism which, together with the vertical control mechanism just referred to, complements effectively the classic (often weak) state enforcement.

4. The model law provides comprehensive state enforcement empowerments, and this also with regard to economic actors just contributing to an infringement whilst having no primary responsibility. E.g. it should be possible, as a last resort, to request a domain registration service or the owner of the internet infrastructure to block the use of a certain domain that disseminates child pornography.

5. The model law provides empowerments for international cooperation, as enforcement on the internet often depends on cooperation of other jurisdictions that will not cooperate unless there is reciprocity.

6. The model law recommends building as much as possible on existing national provisions. Instead of duplicating or (worse) contradicting them, it suggests referring to them. We at the Regulatory Institute think that internet law should not be an extra-sphere, but just adapt ordinary law to the specific context of the internet; because otherwise, a distinct internet law would need to duplicate most of the ordinary legal order and create frictions with the ordinary law; see also the hybrid crimes which cannot be attributed to either.

7. The specificity of virtual worlds is dealt with, as harm can also be caused in virtual worlds.

8. Despite the model law’s title, its provisions can also be applied to intra-state internet interactions.

9. The model law can be complemented by elements of our slightly less recent model law on artificial intelligence. [Moreover, we recommend clarifying that all obligations, prohibitions and requirements also apply where artificial intelligence is used, so that, e.g., child pornography generated by AI is prohibited.]

October 2023