Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services — establishing the comms watchdog Ofcom as the main Internet regulator — has been passed by parliament today, paving the way for Royal Assent and the Online Safety Bill becoming law in the coming days.

Speaking during the bill’s final stages in the House of Lords, Lord Parkinson of Whitley Bay reiterated that the government’s intention for the legislation is “to make the UK the safest place in the world to be online, particularly for children”. Following affirmative votes as peers considered some last stage amendments he added that attention now moves “very swiftly to Ofcom… who stand ready to implement this — and do so swiftly”.

The legislation empowers Ofcom to levy fines of up to 10% (or up to £18M whichever is higher) of annual turnover for violations of the regime.

The Online Safety (neé Harms) Bill has been years in the making as UK policymakers have grappled with how to response to a range of online safety concerns. In 2019 these efforts manifested as a white paper with a focus on rules for tackling illegal content (such as terrorism and CSAM) but also an ambition to address a broad sweep of online activity that might be considered harmful, such as violent content and the incitement of violence; encouraging suicide; disinformation; cyber bullying; and adult material being accessed by children. The effort then morphed into a bill that was finally published in May 2021.

The proposed legislation continued swelling in scope as a grab-bag of additional duties and requirements got bolted on in response to a smorgasbord of safety concerns reaching policymakers’ ears, whether related to trolling, scam ads, deepfake porn or (most recently) animal cruelty. Changes within the governing Conservative party since 2019 have also seen a succession of different senior ministers steering the legislation, including the likes of Oliver Dowden and Nadine Dorries — who, in Dorries’ case, enthusiastically pushed to speed up the application of criminal liability powers for tech CEOs.

Latterly the secretary of state driving the bill has been Michelle Donelan. She presided over some trimming back of its scope at the back end of last year — excising provisions that had been focused on legal but harmful content following concerns about the impact on free speech. Although speech and civil rights groups remain concerned.

Another major strand of controversy is focused on the potential impact on web security and privacy as the bill hands sweeping powers to Ofcom to require platforms to scan message content for illegal material. A parade of end-to-end encrypted platforms and services have warned over the risks such powers pose — with several well known services threatening to exit the UK unless the bill was amended to safeguard strong encryption.

In the event, the government appears to have steered out of a direct clash with mainstream messaging services like WhatsApp by fudging the encryption issue with a carefully worded ministerial statement earlier this month. But, again, privacy and security experts remain watchful.

Additionally, there is concern the bill will lead to a mass age-gating of the UK internet as web services seek to shrink their liability by forcing users to confirm they are old enough to view content that might be deemed inappropriate for minors.

Wikipedia’s founder, Jimmy Wales, is among those raising concerns about the bill as an instrument of state censorship. He’s attacked the government’s approach as triply bad: “Bad for human rights”, “bad for Internet safety and “bad law” — and pledged the online encyclopedia “will not age-gate nor selectively censor articles under any circumstances”.

Balancing the demands of child safety campaigners for a totally safe Internet and the concerns of digital, civil liberties and human rights groups that the legislation does not trample on hard won democratic freedoms will now be Ofcom’s problem.

In a brief statement the UK’s new web content sheriff gave no hint of the complex challenges that lie ahead — merely welcoming the bill’s passage through parliament and stating that it stands ready to implement the new rulebook.

“Today is a major milestone in the mission to create a safer life online for children and adults in the UK. Everyone at Ofcom feels privileged to be entrusted with this important role, and we’re ready to start implementing these new laws,” said Dame Melanie Dawes, Ofcom’s CEO. “Very soon after the Bill receives Royal Assent, we’ll consult on the first set of standards that we’ll expect tech firms to meet in tackling illegal online harms, including child sexual exploitation, fraud and terrorism.”

Beyond specific issues of concern, there is over-arching general worry over the scale of the regulatory burden the legislation will apply to the UK’s digital economy — since the rules apply not only to major social media platforms; scores of far smaller and less well resourced online services must also comply or risk big penalties.