Written evidence submitted by the CBI (OSB0186)

September 2021


The CBI welcomes the opportunity to submit evidence to the draft Online Safety Bill Pre-Legislative Scrutiny Committee. The CBI is the UK’s leading business organisation, speaking on behalf of 190,000 firms across all sizes, sectors, and regions of the economy that together employ around a third of the private sector workforce.

The CBI responded to the government’s Online Harms White Paper consultation, recognising the need for an effective regulatory regime that makes the UK the safest and best place to grow a digital business. Businesses are pleased that these proposals have now reached the legislative stage and look forward to engaging with the government and Parliament as they are implemented.

The digital economy is an important engine of UK growth and resilience.

Comprising a vibrant mix of companies from games and review websites to cloud services and social media, the digital economy is a powerhouse of UK growth and resilience. It is worth £150.6bn[1] and is home to three million jobs.[2] During the course of the pandemic, technology adoption has supported businesses to adapt operations, engage customers, and deliver new products and services, and supported adults and children to work, study, play safely from home, and connect with loved ones online.

The digital economy is a force for good, but the pace and scale of technological change have created significant challenges. Industry is committed to working with the government, parliamentarians, and regulators to tackle the range of online harms and seize the potential of digital technology.

As well as growth and jobs, the digital economy can play a major role in improving quality of life, helping to deliver innovative solutions to some of the biggest issues we face as a society from an ageing population to climate change. But industry is cognisant of the new channels for harmful behaviour that can be opened up online, whose scale and scope necessitates a range of different responses – with businesses, charities, regulators, and the government already taking action.

Firms are working to tackle online harm, whether individually (such as industry leader Jagex, a games company with clear safety features in its online game Runescape) or in partnership with others (for example, Facebook’s Journalism Project includes work with news publishers and non-profit organisations to combat misinformation, or the Online Safety Data Initiative looking to improve safety technologies). However, businesses recognise the seriousness of online harms and are pleased that these proposals have now reached the legislative stage after years of careful thinking and development. Firms recognise the central role that regulation must play in meaningfully improving user safety and experience.

For the UK to lead in industries of the future, we have to get this regulation right.

While the UK is ahead of the digital pack today, it cannot rest on its laurels. Sustaining the momentum of our flourishing digital economy, encompassing start-ups and scale-ups as well as multinational companies, could generate huge opportunities in the years to come. But, following the challenges of the pandemic, businesses are particularly sensitive to the difference in national operating environments as they decide where to locate, invest, and innovate.

The Online Safety Bill is an opportunity to put in place the architecture that reduces the risk of harmful content online, improves people’s trust in technology, and stimulates investment in innovation that respects people’s fundamental rights. It is also a novel and complex piece of legislation that needs to be carefully implemented. Businesses are committed to working with the government, Parliament, and OFCOM to make sure it’s a success. The stakes are high: ineffective and disproportionate regulation could undermine new entrants into the digital economy, dampen UK investment in the digital and creative sectors, and have minimal impact on improving public trust or online safety. And internationally, as other countries grapple with online harms and look to the UK, its solutions must be effective and balanced.

Following extensive industry engagement, the CBI has identified a number of areas of uncertainty or challenge for businesses in the draft Bill.

Businesses are facing uncertainty around key parts of the Bill, including definitions, scope, and responsibilities. Firms already designing tomorrow’s products and services need clarity as quickly as possible to ensure proposals can be implemented effectively and tackle harms sooner rather than later. This is particularly important for SMEs and start-ups, which are central to the UK’s digital economy and have fewer resources to cope with complex legislation or unintended consequences. Smaller firms will make up a large part of the 24,000 businesses in scope of the Bill.[3]

In addition to more detailed comments below, the CBI has identified a number of overarching principles that should underpin this legislation:







Summary of recommendations

Theme 1: The regulatory model – scope, definitions, and duties of care

Regulation must give businesses clear and proportionate rules and responsibilities to follow. Parts of the draft Bill do not currently fulfil this aim, although businesses appreciate that secondary legislation will clarify some proposals.

There remains some uncertainty about which services and content are in scope of the draft Bill.


  1. Online Safety Bill: While the CBI has not taken a position on the inclusion of economic crime in the OSB, there are existing provisions on fraud that could be improved. Wider comments in relation to these points are expanded upon later in our response.




  1. Online Advertising Consultation             



  1. Online Fraud Steering Group (OFSG): The CBI greatly welcomes this industry-led initiative and highlights industry commitment to tackling online fraud collaboratively between technology and financial services companies, and law enforcement. In particular, the CBI welcomes the recent commitment from technology companies (facilitated by the OFSG) to support the Take Five to Stop Fraud campaign led by UK Finance. This will help the campaign to reach a wider audience and ensure consistency of messaging across industry sectors. Key features of the group that should be drawn out are:             



The thresholds for categories of service should take into account both risk and reach.

Duties of care must be as clear and effective as possible, without introducing conflicting requirements or overburdening smaller businesses.





The government should further develop proposals around illegal and legal but harmful content to give businesses clear definitions and scope.


Businesses welcome the flexibility allowed by codes of practice.


Theme 2: The regulatorOFCOM’s powers and duties

The CBI has supported OFCOM as the right regulator for the online safety regime, with expertise in related issues and widely respected as an independent body – both of which are critical for the successful enforcement of the online safety regime. However, there is industry consensus that aspects of the regulator’s powers and duties need more clarity.

Businesses have strongly supported OFCOM as the right body to regulate online harms, but regulatory collaboration across all sectors involved in online safety remains pivotal.

The government should clarify the balance of responsibilities between regulator, Parliament, and Secretary of State and restate the importance of regulatory independence.

The government should provide greater clarity on the procedure for information gathering and enforcement.

OFCOM’s new powers and duties must be jointly funded through a proportionate business and government partnership



Businesses welcome provisions on media literacy in the draft Online Safety Bill and the Online Media Literacy Strategy.

Theme 3: Commencement and implementation

The Online Safety Bill distils years of thought, discussion, and debate. Reflecting the scale and range of online harms, it is rightly a comprehensive and wide-ranging piece of legislation – but, equally, novel, lengthy, and complex. The Bill’s implementation process must acknowledge this.

The government and OFCOM should develop a multi-year, multi-step implementation plan that accounts for the complexity of the Bill.

Building on its leadership at the G7, the government could provide further detail on how the UK will coordinate internationally on online safety.


28 September 2021



[1] DCMS, Economic estimates 2019 (2019).

[2] Tech Nation, The future UK tech build: Tech Nation Report 2021 (2021).

[3] DCMS, Online Safety Bill – Impact Assessment (2021).