Will UK Online Safety Act be a toothless tiger in the battle against fraud?

Anti-fraud campaigners are intensifying calls for stricter regulations and penalties aimed at holding Big Tech companies accountable for failing to prevent scams on their platforms.

This issue is at the heart of consumer protection and regulatory efforts, particularly in environments where unsophisticated victims are exploited by crooks utilizing the reach that digital platforms offer.

In the UK, some advocates have been calling for a toughening of the Online Safety Act and supplementing it with new legislation. The Act, which came into force in March, is being rolled out in sections and will be fully implemented by 2026.

“I can see vulnerabilities in the UK’s well-meaning proposals.”

It seeks to place social media companies under increased scrutiny and imposes potentially significant fines on Big Tech firms, such as Meta, Google, Amazon, Apple and Microsoft, if they fail to prevent misleading financial advertisements on their platforms.

Not far enough

Some feel that the new law doesn’t go far enough. From my perspective as a lawyer who has spent decades litigating across international borders and jurisdictions, I can see vulnerabilities in the UK’s well-meaning proposals.

As I see it, imposing substantial fines – up to £18m ($24.3m) or 10% of worldwide turnover – on non-compliant platforms may create strong financial incentives for Big Tech to invest in robust fraud detection and prevention systems. If effective, it could lead to a more rigorous vetting process for advertisements and a quicker response to flagged fraudulent content.

However, unlike civil judgments, administrative penalties are seldom covered by bilateral recognition treaties. To collect payment of a GDPR (General Data Protection Regulation) or Online Safety Act fine in, say, California, an EU/UK authority would have to sue de novo, persuading a US court to treat the penalty as a debt, a process as uncertain as it is expensive.

In a case involving a US facial-recognition company, for example, the EU has levied roughly €100m ($114m) against Clearview AI, but the company “has yet to pay a single euro.” This puts the EU’s tough stance into perspective, making it almost symbolic.

Given the nature of the platforms under scrutiny, all of whom are developing their own AI capabilities, it is ironic that advocates are suggesting integrating state-of-the-art AI-driven monitoring tools to identify and remove suspicious financial adverts in real-time. If this is achievable and practicable, then it will be a major step forward. It could significantly reduce the exposure of unsophisticated investors to fraudulent schemes, helping protect the consumer and preserving trust in online financial transactions.

“Social media companies are often slow in reacting to reported fraudulent content after it has reached consumers.”

Unsurprisingly, the new law encourages collaboration between regulatory bodies and industry stakeholders to establish comprehensive codes of practice. And it is imperative that collaboration is at its heart. Uniformity of approach is as important as the new rules. All stakeholders need to be aligned in combating fraudulent activities, leveraging collective expertise and resources.

However, there are several obvious weaknesses in the Online Safety Act that will need to be addressed. One of the primary challenges, as mentioned, is enforcing regulatory measures against global tech giants, especially when fraudulent activities originate from jurisdictions within differing legal frameworks. This raises questions about jurisdictional authority and the practicality of imposing fines on multinational corporations operating across multiple regions.

In addition, social media companies are often slow in reacting to reported fraudulent content after it has reached consumers. It is good that regulators are considering implementing a requirement for pre-vetting so-called “finfluencers” against the Financial Conduct Authority’s register. The issue here is that, once again, logistical challenges and jurisdictional complications will likely increase costs and reduce effectiveness of implementation.

As outlined, deploying advanced AI monitoring systems will be essential, but this will require substantial investment in technology and expertise. In turn, this may inhibit the development and growth of small or emerging platforms that struggle to comply with stringent regulatory expectations. The new law may indirectly empower the bigger platforms, while negatively impacting fledgling outlets.

“The likelihood that President Trump will sit idly by while a British quango attempts to get a payday from America’s biggest companies is approximately nil.”

Anna Richards

One commentator, Anna Richards, recently warned of the potential political ramifications arising from implementation of the Online Safety Act, citing the EU as an example: “The USA today is also not the country it was when the EU passed the Digital Services Act, and the likelihood that President Trump will sit idly by while a British quango attempts to get a payday from America’s biggest companies is approximately nil.”

Effective collaboration

In conclusion, the new law has my support, but those who drafted it may not fully appreciate the technical and jurisdictional issues they will face during enforcement. But imposing substantial fines on Big Tech for failing to prevent fraudulent financial advertising will certainly represent a step forward in enhancing consumer protection in England and Wales.

Encouraging effective collaboration between regulators, industry leaders and legal experts will be crucial to crafting a balanced regulatory framework that fosters innovation while safeguarding consumers’ financial interest. Regulators must continue to strive for pragmatic solutions that address the complexities of online fraud prevention and marry aspiration with effective enforcement – or risk becoming another regulatory toothless tiger.

This article first appeared on GRIP (13 June 2025).