The Unsafe Cut
The Online Safety Act outsources governance to private foreign actors. They control Britain's digital public square and dictate who sees what.
Dispatch #26 — The Unsafe Cut
The Online Safety Act is not bold policy. It is a regulatory surrender wrapped in the language of protection — an admission that Britain has ceded control of its digital public square to a handful of private American and Chinese companies and will now politely ask them to manage the resulting damage.
After years of consultations and promises to make the UK “the safest place in the world to be online,” the Act delivers a framework that places the very platforms driving the harms in charge of identifying, assessing, and mitigating them. Ofcom acts as regulator and can impose significant fines — up to £18 million or 10% of qualifying worldwide revenue, whichever is greater. Platforms face enforceable duties: they must assess risks of illegal content, implement measures to reduce users’ exposure to it, protect children from harmful and age-inappropriate material, and carry out children’s risk assessments where relevant.
Yet the architecture reveals a deeper flaw. The risk assessments that are meant to safeguard the public are conducted, documented, and owned by the platforms themselves. The algorithms that decide what millions of British users see, amplify, or suppress remain proprietary black boxes under corporate control. Ofcom can review paperwork, issue codes of practice, and levy penalties for non-compliance. But the companies — a handful of private American and Chinese entities — retain ownership of the infrastructure, the data, the recommendation systems, and the business models that profit from engagement.
This is not genuine safety regulation. It is outsourced governance — the familiar pattern of regulatory capture in which the state supervises process while private foreign actors keep decisive power over the product that shapes an entire nation’s information environment.
The Act imposes real duties on platforms to shield children from priority harmful content and to mitigate risks of illegal material. It requires them to take “appropriate steps” and implement safety measures. What it never does is confront the structural reality: why a small number of (mostly foreign) corporations — predominantly American and Chinese — should function as the de facto information infrastructure for tens of millions of British citizens. It regulates behaviour inside the walled gardens. It does not question who owns the walls, who designs the algorithms that scale harm, or whether such extreme concentration of external power over public discourse is compatible with democratic accountability.
When an algorithm reliably surfaces harmful content to children or floods feeds with rage-inducing material, the Act demands that the platform “have systems in place” to address the risk. It stops short of asking why the underlying incentive structure — engagement-driven business models — rewards that amplification in the first place. Process multiplies: risk registers are updated, codes of practice are consulted, enforcement notices may follow. The concentration of power — and the foreign ownership that enables it at national scale — remains untouched.
Every livestreamed atrocity or grooming incident will now trigger formal review and reporting obligations. Every child exposed to priority harmful content will generate another compliance exercise. The symptoms receive attention and paperwork. The disease — unaccountable private (and largely external) control over the digital environment of tens of millions — is left precisely where it was found.
Question: When a regulator can fine platforms for failing to manage risks, but those same platforms conduct the risk assessments, control the algorithms, and profit from the engagement mechanics that generate the harms, who is truly regulating whom?
[1] Online Safety Act: explainer - GOV.UK. https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer
[3] Online Safety Act - GOV.UK. https://www.gov.uk/government/collections/online-safety-act
[5] Online Safety Act 2023. https://www.legislation.gov.uk/ukpga/2023/50/schedule/13
[6] Ofcom publishes final illegal content risk assessment guidance and codes of practice under UK Online Safety Act. https://www.osborneclarke.com/insights/ofcom-publishes-final-illegal-content-risk-assessment-guidance-and-codes-practice-under-uk
Morgan Hale is independent verification without the editorial filter. Every cut is evidenced. Every question is open. Because it matters.