Block nomic Studio - stock.adobe
Who is really accountable for the online safety gap?
There has a flurry of regulatory activity on online safety around the world with no consensus on the best approach. How should companies and governments respond?
One in five people in the UK say they will only act on a message if it comes from a trusted source. That statistic, from a recent IET survey, reflects a troubling erosion of public confidence in both online safety and protection of data. This decline in trust is at once deeply concerning and indicative of a broader accountability gap in how the digital world is governed.
Whilst it is true to say that governments around the globe have committed to tackling online safety, many have done so by charging regulators with the drafting and enforcing of new rules. These efforts are undoubtedly well-intentioned aiming, as they do, to protect users – particularly children - without compromising freedom of speech, innovation, or investment.
Yet the reality is far more complex.
It is a long time since anyone truly believed that the internet is just a platform for expression. Today the ubiquitous view is one where online safety means operating in a virtual environment where the right to privacy and security should be a given. Yet whether we are talking about an individual level or one of national security, these are constantly at risk. And balancing these conflicting priorities is no easy task.
No global consensus over regulation
Interventionist regimes in the UK, EU, and Australia contrast sharply with more laissez-faire models in the US and parts of Asia. Even within regions, laws vary widely. The EU’s Digital Services Act, for example, overlays a patchwork of national codes, while in the US, federal child protection laws coexist with a complex array of state-level regulations. For businesses, this means navigating a maze of obligations that are often overlapping, inconsistent, and subject to change.
The result has been a flurry of regulatory activity, with no global consensus on the best approach. It means that companies must decide whether to adopt the most stringent standards globally, tailor solutions for each jurisdiction, or take a hybrid approach. In my experience, the most pragmatic path is a hub-and-spoke model: anchor compliance in rigorous jurisdictions and adapt flexibly to local requirements. However, even this approach is fraught with difficulty. Minor breaches can lead to multi-million-pound fines, reputational damage, and class action claims.
The Venn diagram of regulation
And, sadly, we don't live in a world where different issues have their own boundaries. Instead, ours is a world where the Venn diagram is a more appropriate image as, in truth, the concentric circles of regulations often overlap – meaning that online safety regulations often collide with other legal frameworks.
Put bluntly, complying with safety rules can create tension with a range of issues such as data privacy, intellectual property, and even emerging AI laws. Rigid controls including age verification and geo-blocking may offer a false sense of security, as users frequently find, or attempt to find, ways around them. And vague or abstract regulations can lead to legal uncertainty, making it harder for businesses to innovate or compete effectively.
Enforcement adds another layer of complexity. Regulators in some jurisdictions aim for proportionality, but this can increase compliance risks for larger firms while leaving smaller companies unsure how to calibrate their efforts. The pace of technological change only exacerbates the problem. New features and behaviours often outstrip the ability of traditional regulatory approaches to keep up, and tools designed to enhance safety—such as content scanning and automated moderation—raise fresh questions about effectiveness and accountability.
Why online safety must be shared
So, who is accountable for the online safety gap? In my view, responsibility is shared. Governments must provide clear, coherent frameworks and engage meaningfully with industry. The onus is also on businesses to invest in specialist talent, to integrate compliance into strategic planning, and foster a culture of continuous improvement. Easy to say, less easy to do. That's why individuals must remain vigilant, demanding both protection and respect for their rights.
Looking ahead, I see little prospect of true global harmonisation. Laws will continue to reflect local cultures and priorities, and while international cooperation - especially on child protection - is increasing, convergence in some areas will be offset by divergence in others. The best hope lies in sharing best practices, aligning on fundamental principles, and building trust across borders.
Ultimately, online safety is not a destination but a journey. It requires adaptability, collaboration, and a willingness to confront difficult trade-offs. Only by embracing this complexity can we hope to close the gap between aspiration and reality—and begin to restore the public’s faith in the digital world.
Hayley Brady is UK head of media and digital at Herbert Smith Freehills Kramer
Read more on Regulatory compliance and standard requirements
-
![]()
MPs grill X, TikTok and Meta about online misinformation
By: Sebastian Klovig Skelton
-
![]()
Data sovereignty compliance challenges and best practices
By: Damon Garn
-
![]()
Navigating the practicalities of AI regulation and legislation
By: Mary Branscombe
-
![]()
Regulating and monitoring the online GLP-1 market
By: Alivia Kaylor, MSc
