A Landmark Law Faces Implementation Hurdles

The United Kingdom's ambitious Online Safety Act, which became law on October 26, 2023, is facing significant delays in its implementation, sparking a public dispute between the government and the independent communications regulator, Ofcom. UK Technology Secretary Liz Kendall has expressed deep disappointment at the slow pace, warning that Ofcom risks losing public trust if it fails to promptly use its new powers to protect citizens, especially children, from online harms. Some parts of the new safety regime are not expected to be fully operational until mid-2027, nearly four years after the Act was passed.

The Act grants Ofcom extensive powers to regulate online platforms, including social media, search engines, and pornography websites. Companies are now legally responsible for protecting users from illegal content—such as material related to terrorism or child sexual abuse—and must take robust measures to prevent children from accessing harmful content like that promoting suicide, self-harm, or eating disorders. Non-compliant companies face severe penalties, including fines of up to £18 million or 10% of their global annual revenue, and in extreme cases, their services could be blocked in the UK.

Ofcom has defended the timeline, citing factors beyond its control and insisting that "change is happening." The regulator is implementing the Act in phases, with duties related to illegal content expected to be enforceable from March 2025 and child safety duties from July 2025. However, Secretary Kendall and other critics argue the delays leave users vulnerable, particularly concerning emerging technologies like AI chatbots, which are a growing source of worry for their impact on young people.

The Human Cost of Online Harms

The urgency of the debate in the UK has been profoundly shaped by the tragic case of 14-year-old Molly Russell, who took her own life in November 2017 after viewing extensive content related to depression, self-harm, and suicide on social media platforms. An inquest into her death concluded that the harmful online material she viewed "contributed in a more than minimal way" to her death. Molly's father, Ian Russell, has become a prominent online safety campaigner and has expressed his loss of trust in the regulator's leadership over the implementation delays. His advocacy was instrumental in building momentum for the legislation.

The Kenyan and East African Context

The UK's struggle to implement its comprehensive online safety framework offers crucial lessons for Kenya and the wider East Africa region, which are also grappling with how to regulate the digital space. Kenya has several laws that touch on online content, including the Computer Misuse and Cybercrimes Act of 2018 and the Kenya Information and Communications Act (KICA). The Communications Authority of Kenya (CA) is the primary regulator, tasked with overseeing the sector and protecting consumers.

In April 2025, the CA issued the Industry Guidelines for Child Online Protection and Safety, which are binding for ICT service providers and aim to reduce children's exposure to risks like grooming, cyberbullying, and harmful content. These guidelines mandate measures such as effective age-verification and deploying parental control tools. Furthermore, proposed amendments to the Computer Misuse and Cybercrimes Act in 2025 aim to strengthen protections for families and minors against online exploitation. However, like in the UK, Kenyan legislation has faced criticism from civil society groups for vagueness and potential infringements on freedom of expression. The debate in East Africa often centres on balancing state security and user protection with fundamental rights.

A Global Challenge with Local Implications

The UK's experience underscores the immense complexity of regulating a rapidly evolving digital frontier. The Online Safety Act's global reach—affecting any company with UK users—sets a significant precedent for how nations hold tech giants accountable. The challenges Ofcom faces, from legal pushback by tech companies to the sheer scale of the task, are a preview of what regulators worldwide, including Kenya's CA, will encounter as they intensify their oversight.

As technology, particularly AI, continues to advance at a pace that outstrips legislative processes, the UK's situation serves as a critical case study. For Kenya, the key takeaway is the need for a robust, adaptable, and clearly defined regulatory framework that is implemented efficiently. It highlights the importance of multi-stakeholder collaboration—involving government, regulators, tech companies, and civil society—to create a digital environment that is safe for all users, especially the most vulnerable, without unduly compromising fundamental freedoms. The outcomes of the UK's regulatory journey will undoubtedly influence policy discussions and legislative efforts across Africa for years to come.