Regulatory capacity capture: The United Kingdom’s online safety regime

Introduction

Internet platforms are integral to contemporary public life. A handful of big tech corporations have emerged as central conduits of economic, social and political activity. Unparalleled in size and valuation, these digital platforms provide access to information, foster democratic mobilisation, drive economic growth and connect billions of users to each other every day (Chadwick, 2013; Howard & Hussain, 2013; Margetts et al., 2016). Yet as internet services become ubiquitous, concerns about their impact mount. A growing body of research reveals that platforms are host to a variety of online harms. They amplify nefarious content, harvest sensitive user data, abuse their market power to stifle competition, profit from foreign information operations, promote polarisation and enable oppressive surveillance – putting their users’ online safety at risk (Au et al., 2021; Chan & Kwok, 2021; Howard, 2020; Zuboff, 2019).

Governments worldwide have grown concerned about pressing platform problems and big tech’s inability to solve them. Since 2016, at least 100 governments – among them countries like Australia, France, Germany, Spain, Singapore and South Korea, and notably the European Union – have implemented regulations aimed at safeguarding against online harms on internet platforms. Emergent regulatory measures aim at creating a safer digital space and often span an array of policy issues, including content controls, antitrust and data protection (Bradshaw et al., 2018; Yadav et al., 2021).

In the United Kingdom (UK), the development of platform regulation has been fraught with significant delays, despite early initiatives and sustained public demand for internet protections. Proposals for a platform-aimed regulatory regime, the Online Safety Bill (OSB), were first put forward in 2017, positioning the UK an early proponent of platform regulation. Yet, despite sustained political support for such regulations – which persisted through the Covid-19 pandemic and several government leadership crises – the progression of the bill was repeatedly stalled. It was not until October 2023, that the OSB was enacted and is now referred to as the Online Safety Act (OSA). Given the government's early advocacy and continuous administrative efforts, why has the United Kingdom faced such challenges in developing platform regulation?

Against the backdrop of the newly adopted online safety regime, I use the UK as a case study to analyse systemic issues underpinning the development platform regulation. I offer evaluative, explanatory, and normative perspectives to enable the analysis of an emergent regulatory landscape. Looking beyond existing work on challenges obstructing regulation, I shift attention towards capacity for the regulation of platforms to explain regulatory development. My research questions are:

RQ1 How does the regulatory capacity of state actors compare to that of platform actors in developing platform-focused regulations, specifically considering the resources available to each?

RQ2 How do the capacity constellations of state and platform actors, as well as their interplay with regard to resources, shape the development of regulation within an emergent regulatory system?

RQ3 What regulatory measures – considering in particular those outlined in the Online Safety Act – are required to address capacity challenges in the regulation of online platforms, and how likely are they to be effective in achieving the intended regulatory goals?

To answer these questions, the article proceeds as follows. I begin by offering a review of scholarly literature on platform regulation and regulatory capacity. Bringing these bodies of research into dialogue to identify the key challenges to platform regulation, I develop an original framework of four regulatory resources – information, treasure, authority, and organised expertise – that are essential for building regulatory capacity in this space. This is followed by a methods section, detailing the way in which the evidence from 33 elite interviews with participants in government, industry and civil society is analysed and supplemented by archival analysis. Employing the original framework of regulatory capacity to the empirical study of platform regulation, I draw from interview evidence and regulatory theory to analyse state-platform interplay in regulatory development in the UK. Based on the interview evidence and regulatory theory, I employ the original framework of regulatory capacity to the empirical study of platform regulation development in state-platform interplay in the UK, contributing to the development of this research area. I find that: 1) government lacks essential regulatory resources, frustrating its capacity as a regulator; 2) platforms hold resource advantages over government resulting in capacity asymmetries; and 3) asymmetric resource constellations give rise to regulatory capture whereby platforms leverage resources for influence over regulation. The discussion examines the regulatory measures necessary to address capacity asymmetries in platform regulation, with a specific focus on the measures in the UK's Online Safety Act and their potential to overcome capacity challenges.

Moving forward, the capacity-based approach developed here provides a unique analytical framework for understanding challenges to regulatory developments. By identifying these challenges as a resource-based interplay between the state and platforms, this approach offers decisional insights into the feasibility and strategies of overcoming capacity asymmetries and risks of capture.

Platform regulation: challenges, capacity and capture

Challenges to regulation

As governments worldwide pursue online safety regulation, a growing body of literature is devoted to the study of emergent regulatory measures, often captured under the umbrella term “platform regulation”. This literature commonly revolves around challenges to regulation, which are described as ‘hurdles’, ‘obstacles’ or ‘barriers’ that states must overcome to pursue regulation (Flew & Gillett, 2021; Hoffmann-Riem, 2020; Taeihagh et al., 2021). Drawing from and distilling the existing literature, I identify three fundamental types of challenges to platform regulation – technical, institutional, and political challenges – that are commonly discussed in the discourse on online safety regulation. By examining evidence from the UK, I offer an analytical lens to explore the impact of these challenges on the development of platform regulation, both in the UK and beyond.

Scholarship on technical challenges postulates that digital technologies pose a fundamental barrier to established regulatory practice. This line of inquiry argues that existing regulatory tools prove ill-equipped for the regulation of complex technical features (Gorwa et al., 2020; Neudert, 2020). This challenge is widely acknowledged in the UK context. For example, the Department for Digital, Culture, Media and Sport (DCMS) argues that “distinctive features which make digital businesses and applications unique” (DCMS, 2022a, Context section) make necessary a “distinct regulatory approach” to be set out in original regulation (DCMS, 2022a, Context section; also quoted in Dommett & Zhu, 2022, p. 3).

Institutional challenges focus on barriers connected to regulatory frameworks with regards to their suitability for platform regulation. This research details challenges around regulatory remits that are not fit for purpose, gaps in legislation, and unintended or otherwise undesirable policy outcomes (Schlesinger, 2022; Woods, 2019). In the context of the UK’s pending online safety regime, experts have raised concerns over stifling effects on civic freedoms in connection to provisions for the removal of ‘harmful but legal speech’ – speech that is legal offline but that could be subject to intervention online (Coe, 2022; Dittel, 2022; Trengove et al., 2022). Meanwhile, Neudert (2020) argues that platforms escaped regulatory oversight around the Cambridge Analytica scandal because of unclear regulatory mandates in the UK at the time (Wylie, 2019).

Thirdly, political challenges emphasise “processes through which the domestic regulatory activities of states and other actors set effective rules” (Farrell & Newman, 2010, p. 1). Tracing regulatory processes, scholars show that factors like electoral considerations, regulatory activism pursued by influential politicians and logistical constraints, for example around parliamentary schedules, impact platform regulation (Flew et al., 2021; Gorwa, 2021). In the UK context, Dommett and Zhu (2022) find that policymakers have struggled to harmonise and find consensus around conflicting policy proposals for an online safety regime, and this has caused delays. Experts have also connected delays to Covid-19 and the 2022 government leadership crisis and, coming along with it, constant turnover in the position of the DCMS Secretary of State (Hern, 2022; Kent et al., 2020). Furthermore, the proposals surrounding "legal but harmful" content and encryption became contentious issues. Tech firms, along with free speech and privacy organisations, strongly opposed the government's stance, resulting in sustained debate (Scott & Dickson, 2023).

Regulatory capacity

The body of research discussed above highlights persistent problems faced by state regulators in developing regulation but has not dealt with questions as to why challenges exist and how they can be overcome in interplay with platform regulatees. Therefore, I argue that there is value in shifting perspective away from challenges impeding regulation - that is a focus on non-regulation - and towards regulatory capacity enabling regulation – that is a focus on regulation. To facilitate this analytical focus, I propose an original four-part framework of regulatory capacity that entwines theoretical notions of regulatory resources and the tools of government (Black, 2002, 2003; Hood, 1983). In my conception of regulatory capacity, I draw from Julia Black:

“Regulatory capacity is the actual or potential possession of resources plus the existence of actual or potential conditions that make it likely that those resources will be deployed both now and in the future in such a way as to further the identified goals of the regulatory system or resolve identified problems”. (Black, 2003, p. 68)

Black presents an actor- and resource-centric understanding of regulation. According to Black, an actor’s capacity to regulate is directly related to its ability to deploy relevant resources. She applies this framework to both the development and implementation of regulation and argues that it can be used to inform regulatory practice. Black contends that regulation requires different resources, whereby some actors have superior capacity to others, depending on their relative resource configuration. She further argues that resource constellations that should inform how regulatory functions “are and should be distributed between diverse actors in a regulatory system” (Black, 2003, p. 63). In this context, regulators can overcome capacity deficits by collaborating with other actors that possess different resource configuration leveraging asymmetries in resources for regulation (Black, 2003, p. 74).

In Black’s work on regulatory capacity, she develops a model of six resources – information, expertise, financial resources, authority and legitimacy, strategic position, and organisational capacity – that state and other actors, such as a regulated firm or a third-party body, can enrol in regulation. However, the model lacks conceptual clarity and the six resources intersect1. Black draws heavily from Hood’s “tools of government” (Hood, 1983) approach which postulates that there are four tools – nodality (the property of being in the middle of a network), authority, treasure, and organisation – that governments use to govern. Furthermore, the “tools-based approach” (Hood, 1983) suggests that the government occupies a position “above other actors and can unilaterally select instruments and deploy them” (Black, 2003, p. 1).

Based on the interaction between these theories on regulatory resources, the synthesis of empirical evidence collected for this research, and taking into account Hood’s and Margetts’ (2007) work on the tools of government in a digital age, I propose a modified capacity-based framework that distils four resources that are relevant for platform regulation and become deployed by hybrid actors: information, treasure, authority, and organised expertise (Table 1). This framework offers a contemporary understanding of regulation that recognises the regulatory capacity of both state and non-state actors, challenging traditional notions of regulation that solely focus on the state (contra Hood, 1983). What is more, the approach goes beyond binary notions of the possession or non-possession of resources, and instead examines resource configurations and an actor’s ability to use them for platform regulation including in collaboration with other actors. Finally, building upon Black, I posit that the framework can be used to study both the development of regulation and its implementation, providing insights on capacity-based challenges and solutions to questions around platform regulation.

The proposed framework of regulatory capacity aligns with emergent theory on the regulation of digital platforms, which emphasises the role of hybrid regulation spanning interconnected regulatory actors and the enrollment of their respective resources in regulation (Levi-Faur, 2011). Theoretical conceptions of platform regulation commonly recognise the involvement of multiple actors in platform regulation, spanning the regulation “of and by platforms” (DeNardis & Hackl, 2015; Gillespie, 2018, p. 254) or even “multi-actor governance structures” (Papaevangelou, 2021).

Yet existing empirical work on the subject tends to focus on either state-led hierarchical or corporate-led self-regulatory systems, with little attention paid to hybrid state and platform actors and their relative resources in interplay. Scholars of hierarchical regulation argue that platforms are subject to superordinate state authority in state-led regulatory systems (Barrett et al., 2021; Theil, 2019; Woods, 2019). Conversely, research on platform-led self-regulation commonly maintains that platform actors have emerged as potent “new governors” (Klonick, 2017) that supersede state power (Gorwa, 2019; Suzor, 2019).

Using a capacity-based approach to the study of regulatory development, this research expands on existing theory and shifts the focus to the study of the interplay between hybrid state and platform actors and their relative resources to trace how they are enrolled in emergent platform regulation. By studying the configurations of resources of state and platform actors in interplay, this approach reveals resource deficits and relative asymmetries, offering new insights into the underlying actor relationships of platform regulation.

Regulatory capture

To reflect on the impact of resource asymmetries on regulation, I bring the framework of regulatory capacity into dialogue with theories of regulatory capture. On a basic level, regulatory capture occurs when a regulator becomes co-opted by the interests of the regulatee or another third party (Dal Bó, 2006). In the context of platform regulation, scholars show that resource asymmetries, primarily around information, between public and platform actors are a potent vehicle for regulatory capture. Laux et al. (2021) argue that platforms influence regulatory audits by purposefully withholding information from unfavourable auditors. Nechushtai (2018) introduces the notion of “infrastructural capture” to describe the fact that actors tasked with platform oversight are reliant on platform infrastructure, prompting capture. Exploring the impact of information asymmetries between the media, as the fourth estate, and platforms, Dommett (2021) finds that platforms withhold information to obstruct scrutiny. In line with these findings, I argue that resource asymmetries whereby platforms hold a resource advantage over the state prompt risks of regulatory capture in the development of platform regulation in the UK; I refer to this as regulatory capacity capture.

A capacity-based approach to the study of regulation

I argue that the capacity-based approach to the study of regulatory processes pursued in this article advances the research on platform regulation in three central ways. First, by tracing the enrollment of regulatory resources in an emergent regulatory landscape I provide evaluative assessments of actor-specific regulatory capacity. Second, in highlighting resource deficits and asymmetries in state-platform interplay, the capacity-based approach offers decisional insights into the processes and challenges related to regulatory development. Third, by analytically pinpointing capacity-based challenges, the approach enables arguments into the feasibility and recommendations for necessary strategies for overcoming these challenges in regulating online platforms.

Table 1: Regulatory capacity and resources

Source: Author’s own conceptualisation of regulatory capacity drawing from Black’s six-part model of regulatory capacity; Hood’s four-part framework of tools of government; and Margetts’s work on computerising the tools of government, and the synthesis of interview data collected for this research (Black, 2003; Hood, 1983; Hood & Margetts, 2007; Margetts, 1998).

The United Kingdom as case study in internet policy development

To reveal context-rich descriptions of regulatory processes within a case, interview-based methods are frequently used in platform regulation scholarship, for example to study regulatory contexts in Australia (Duguay et al., 2020), Germany (Gorwa, 2021), the UK (Dommett, 2021; Dommett & Zhu, 2022), and the United States (Kadri & Klonick, 2019; Kettemann & Schulz, 2020). This research employs an interview-based case study of the emergent regulatory landscape in the UK. Building on Dommett and Zhu’s (2022) research on the OSB, I adopt an instrumental approach “to provide insight into a particular issue [and] redraw generalisations” (Mills et al., 2010). I seek to create a deep understanding of the emergent regulatory system and reveal transportable patterns for comparison across cases.

The UK was selected as a case study for three reasons. First, the UK is a high-capacity state and leading democracy. Its regulatory trajectory sets precedent for international regulation (Busch et al., 2005). Second, since interest groups historically play a significant role in regulation in the UK (Miller & Dinan, 2008; Wright, 2014) and internet platforms have established an affluent lobby (Lombardi, 2022; Popiel, 2018), this case offers rich context to study state–platform interplay. Third, while the regulation of online safety on internet platforms has been declared a government priority and enjoys the backing of top politicians (Kent et al., 2020), progress on regulation has been repeatedly delayed. Therefore, while the UK case may have unique political aspects, the insights drawn from this research can be relevant and informative for other nations and international bodies that share similar capacity configurations. Examples of such nations and bodies may include those in Europe and the US, where similar concerns have been expressed over the lack of effective platform regulation.

Seeking to create thick descriptions about actor-specific regulatory capacity and how regulatory actors use respective resources towards emergent regulation, I adopt a qualitative, inductive approach using elite interviews. With ethics approval from the University of Oxford, I conducted 33 semi-structured interviews with 34 participants from March 2021 to December 2021 (see table 2 and Appendix A for a list of interviews). During this time period, the OSB was in active development with a new draft bill being introduced in May 2021. All interviews were conducted over Zoom and lasted between 45 and 90 minutes. Interviews were recorded and transcribed. For each interview, I compiled a synthesis memo that selectively identified prominent topics and relevant quotes. Names and organisational affiliations are only mentioned where informed consent was given.

Table 2: Overview of target groups for interviews carried out by the researcher between 26 March 2021 and 16 December 2021

To analyse interview evidence, I make use of inductive open and axial coding moving from descriptive codes to comprehensive themes (Saldana, 2009). This data was supplemented in triangulation with evidence from a document analysis of key policy documents, including transcripts from parliamentary hearings, reports, press releases and other official communications. To identify and select relevant documents for this study, I conducted a comprehensive search of various UK government websites, online databases, and legislative archives. I used a combination of keyword searches for terms related to platform regulation, online harms, and online safety, as well as manual review of search results.

Platform regulation and online safety in the UK, 2000s-2023

In recent years the regulation of platforms has emerged as a pressing issue on the UK’s policy agenda in response to concerns over online safety and platform power. But during the 2000s, large internet platforms were celebrated as beacons of democracy, growth, and innovation. They enjoyed what one subject described as a “carte blanche” (interview 23): regulatory freedoms, tax incentives, and safe harbour agreements designed to promote platform investment. Similarly, Poppy Wood, director at Reset and former Downing Street advisor, described how policymakers rolled out a metaphorical “red carpet” (interview 27) to attract big tech business.

However, following what researchers have coined a stream of “public shocks” (Ananny & Gillespie, 2016) – possible foreign interference in the Brexit referendum and the 2016 US elections, the 2017 suicide of teenage girl Molly Russell that was linked to self-harm content, the 2019 Cambridge Analytica Scandal, the 2020 attacks on 5G infrastructure, and Covid-19 misinformation – there has been sustained and growing regulatory scrutiny of platforms in the UK. As a result, policymakers have examined the government's capacity to regulate platforms under existing legal frameworks (Strowel & Vergote, 2018) and regulatory agencies, including the CMA, ICO, FCA, and Ofcom, have developed codes of conduct and pursued official investigations or litigation.

In 2019, the government of former Prime Minister Theresa May published the Online Harms White Paper that proposed a single regulatory framework to counter a range of online harms. The white paper received mixed reactions, with experts stressing concerns over chilling effects in connection with requirements for content removal (Nash, 2019), but policymakers vowed “to keep momentum” (DCMS & Home Office, 2020). With the start of the Covid-19 pandemic in early 2020, plans to promptly introduce an online safety regime got “caught in the middle of a pandemic and Britain’s ongoing divorce from Europe” (Kent et al., 2020, para. 2) and the government announced substantial delays.

At the same time, my interviews reveal that this phase was shaped by heightened state-platform interplay, as the government and platforms collaborated to combat information threats. For example, DCMS, the Department of Health and Social Care (DHSC), and several large platforms including TikTok and YouTube launched a joint public health campaign (DHSC et al., 2021). The government also created the Counter Disinformation Policy Forum, which brought together stakeholders from across government departments, platforms, academia, and civil society to pool resources on content moderation efforts and counter Covid-related misinformation and illegal content (Dinenage & Nichols, 2020).

According to my interviewees, the forum aimed to enhance “consistency and coordination” (interview 2,) and achieve “better information sharing and quicker responses” (interview 7) in times of crisis and mirrored initiatives that had previously been tested for the 2019 general election.

Eventually, in 2021, a revised draft of the OSB was introduced. After several rounds of scrutiny and revision, the OSB was introduced into parliament in 2022 (Walker et al., 2022.). Yet, the bill remained in limbo due to continued delays prompted by ongoing debates over provisions to remove “legal but harmful content” – which were eventually taken out of the bill – and controversial provisions that may require tech companies to weaken end-to-end encryption of content – which were upheld despite vehement criticism from tech firms and privacy and free speech organisations (Guest, 2023; Hern, 2022, 2023).

Having passed through the two houses of Parliament, in October 2023, the OSB received royal assent and became law as the Online Safety Act (OSA). At its core, the OSA imposes a statutory duty of care platforms towards their users, overseen by Ofcom. The bill requires platforms, depending on their size and functions, to carry out ongoing risk assessments of their services, take measures to mitigate users’ exposure to illegal content, and comply with transparency requirements. The scope of the regulation covers user-to-user services, defined as internet services that enable users to generate or share content consumed by other users of the service, as well as certain search engines.

Analysis & findings: capacity capture in an emergent regulatory system for online safety

My interviews reveal wide support for regulatory reform, yet show that, on the ground, policymakers struggle with policy development and nascent regulatory practice. Participants commonly argued that platforms challenge the government’s capacity to regulate. Participants described how, as a result, online safety regulation was “stuck” (interview 27) in “regulatory inertia” (interview 20). Paradoxically, this was at the same time that government stakeholders were vigorously preparing for the new regime and were convinced that the OSB would soon give the UK state power over platforms (interview 17). To spotlight regulatory capacity in state-platform interplay and provide decisional insights to explain regulatory development, this research deploys a systematic empirical analysis of four key regulatory resources: information, treasure, authority, and organised expertise. The empirical findings presented here relate exclusively to the development of regulatory policy, though the framework may also prove useful in studying the implementation of regulation. Through an analysis of the relative capacity configurations of the government and platforms, the capacity-based approach is well-equipped to reveal the decisional factors that drive the successes and failures of the UK’s emerging regulatory system.

Information

Analysing the state’s informational capacity, my interviews reveal there was a wide-reaching “information vacuum” (interview 7) and a “basic lack of information on how platforms act” (interview 13) among regulators vis-à-vis platform regulatees. As a result of information limitations, policy issues related to platforms necessarily remained “ill-defined” (Naik, interview 20) and “opaque” (interview 13), therefore diminishing government’s regulatory capacity. Highlighting the impact of information gaps on emergent regulation, one interviewee argued:

"We know what is in each pack of cigarettes. And we know every time someone buys it, that that’s what they’re getting. With tech, with social media, every single person sees something different. And we have no idea why they’re seeing what they’re seeing and what they’re seeing. So that’s where the transparency bit comes in, which is: how do we even start to figure out what the harms are and how to regulate it? If right now we don’t even know really what the problem is, we can only see that there are bad outcomes”. (interview 14)

This statement underscores that policymakers viewed information as a critical, but in this context scarce, resource for policy development. A subject involved in policymaking at a government department put it succinctly: “it’s hard to establish [policy] when you don’t have the evidence base” (interview 2). Table 3 provides an analytical overview of types of platform data that participants considered relevant to the development of regulation, spanning information about platform practices, policies, and products.

On a bureaucratic level, policymakers struggle to comply with formal requirements for the provision of sufficient evidence in policy processes due to the overall lack of information (interviews 2, 7, 10). Participants described issues around adhering to best practices and government requirements for evidence-based policymaking (see Nutley et al., 2002). For instance, participants described difficulties in sourcing evidence for policy briefings, which then prompted requests for revisions (interviews 9, 19). The effects of this scarcity of information became evident in pre-legislative scrutiny processes for the OSB, which have repeatedly criticised policy proposals on the grounds of insufficient evidence (DCMS & Home Office, 2020; House of Commons DCMS Committee, 2022).

Prompted to discuss the causes of limited informational capacity, participants overwhelmingly attributed them to “information asymmetries … between them [platforms] and any other actors” (interview 13). There was a consensus that platforms hold an information advantage and tightly restrict external access to that information. The interviewees indicated that platforms regularly reject government pleas for information – both broad appeals and concrete requests for particular data, for example around the effects of specific anti-vax policies (interviews 2, 7, 14, 26, 29). Several interviewees argued that platforms purposefully refrain from sharing comprehensive information, in attempts to frustrate government’s capacity to develop regulation (interviews 14, 30). Similarly, an MP argued at an oral evidence hearing that platforms were “kicking all this into the long grass, playing for a bit of time … because it suits [their] purposes” (Oral Evidence: Online Harms and Disinformation, 2020, p. 47).

To the extent that platforms share information – for example, through expert hearings, submission of written evidence, multi-stakeholder roundtables, or policy events – interviewees expressed concern about platforms instrumentalising information to yield influence over regulation (interviews 10, 13, 29). Commonly, participants echoed that platforms had established themselves as the sole brokers of information. Thus, civil servants necessarily have to gather information directly from platforms, undermining policymakers’ capacity to verify claims and source independent information or supplemental data – potentially putting them at risk of regulatory capture. One interviewee involved in gathering information argued:

"[When talking to platforms] it was a concern about not being captured or being seen as captured. Platforms have an ability to talk about the specifics in a way that sounds much more authentic and informed than any other actors do. And that’s partly because of the information asymmetries that exist”. (interview 13)

To that end, participants thought that platforms used bilateral conversations as “an opportunity to say something positive from their perspective” (interview 16) but systematically obscured information about risks and harms (Oral Evidence: Anti-Vaccination Disinformation, 2020). For instance, numerous participants maintained that platforms volunteer large amounts of information about harmful but legal content – the subject of ongoing controversy surrounding the OSB – in what Lorna Woods, Professor of Internet Law, who has provided evidence to the government on the OSB, considered a strategic attempt by platforms at “a muddying of the waters by the emphasis on types of content” (Woods, interview 22). Two interviewees reported instances where platform staff shared conflicting information with different policymakers corresponding to the respective policy preferences “like a naughty child between parents” (interview 16; also Orlik, interview 1).

Table 3: Platform data and its accessibility to external parties including government stakeholders

Source: Author’s analysis based on interview data collected between 26 March 2021 and 16 December 2021 and document analysis.

Treasure

The analysis reveals major resource asymmetries in treasure, here financial resources available for online safety issues, between the UK government and big platforms. First, looking at the use of treasure as a regulatory resource in platform regulation, the UK government allotted a substantial budget towards platform regulation. Following years of restrictive budgets (HM Treasury, 2020), in 2021 the government allocated “over £110 million … for the passage and implementation of the Online Safety Bill”(HM Treasury, 2021). Many civil servants considered the enhanced budget to be fit for purpose and even generous (interviews 16, 21). However, in comparison to the spending by major platforms, the government budget was marginal. Meta reportedly spent US$13 billion on trust and safety between 2016 and 2021, and Google and Microsoft committed to trust and safety investments of US$30 billion from 2021 to 2026 (Robertson, 2021; Feiner, 2021). Though it is unclear what percentage of this budget was allotted to the UK, this evidence suggests that major platforms hold superior monetary capacity for developing measures to address online safety issues. While participants widely subscribed to the notion of big tech as fiscally affluent, some interviewees raised concerns over resource limitations among smaller companies; interviews 21, 24).

However, it is imperative to note that drawing direct comparisons between government and platform budgets is of limited use, considering the differing scope of measures advanced by public and private actors and costs associated with them. For instance, in the context of illegal and harmful content, government spending may primarily be directed towards oversight, while platforms may focus on investing in human and automated content moderation. Yet as platforms allocate dedicated budgets towards trust and safety measures – potentially addressing certain regulatory concerns – government budgets might be deployed more effectively, strategically addressing the most persistent challenges and providing support to lesser-funded platforms.

However, in the UK context participants raised doubts as to whether platforms used their treasures towards addressing online harms sufficiently. Despite the relative wealth of platforms, participants critiqued tech firms for not contributing adequately to the costs associated with addressing online safety issues. An interviewee at a CSO explained:

"We have had big industry creating emissions and then regular citizens had to bear a lot of the costs for that. And now we are trying to think of models for how to internalise the costs [of online harms] a little bit more". (interview 14)

This resonates with notions around the internalisation of negative externalities, costs associated with business activities – here, online harms on internet services – that are borne by the public rather than the business (Verveer, 2019). Policymakers widely seek to rebalance asymmetries in treasure through proposals to be implemented in online safety regulation. In this context, interviewees often discussed government-issued fines, but not taxation, as a means to prompt platforms to contribute to offsetting the negative externalities associated with their services. Subjects argued that limits on the existing fines have proven far too low in light of enormous platform treasure (interviews 4, 5).

Across several interviews, participants raised concerns about the potential effects of vast platform treasure. Since policymakers widely view internet services as pillars of innovation and growth, platforms are thought to potentially hold capacity to capture regulatory policymaking by virtue of their enormous value to the UK economy. Interviewees identified tensions between proposals for online safety regulation, on the one hand, and aspirations for “British tech sovereignty” (Naik, interview 20) championed by the government (DCMS, 2021; UK AI Council, 2021) on the other. The issue divided participants. Several subjects described regulation as a necessary clash between “American tech capital vs. European governments'' (Durham, interview 9) tasked with rebalancing “what’s good for business” with “what’s good for the people'' (interview 10). Others thought that politicians ultimately seek to shield platforms’ interests and business models from overzealous regulatory scrutiny in an effort to sustain their UK ventures. Maria Luisa Stasi, Senior Legal Officer at Article 19, argued:

"If I were a CEO of a big company, I would say it could have been way worse. Our business model is safe … we just need to be a little more serious on the [voluntary] efforts and tick a few more boxes … We might lose some money, but the entire ship is safe". (Stasi, interview 29)

Finally, my analysis highlighted the use of platform treasure for lobby activities aimed at influencing regulation. Commonly, civil servants considered interactions with platform staff as a type of lobby engagement whereby “platform policy people are basically slightly lobbyists” (interview 11). Across Europe, platforms repeatedly rank among the biggest lobby spenders, with both spending and staff increasing over time (Lombardi, 2022). In the UK, firms regularly sponsor or co-host events alongside government departments, including events focused on platform regulation and issues (for instance, see Westminster eForum, 2022). At the height of political debate on online safety, platforms made substantial donations to political groups (Dickson, 2021) and heavily funded tech-focused civil society and research organisations including fact-checkers and watchdogs (Clarke et al., 2021). Members from these organisations often serve as experts or advisors to the UK government, which raises questions about regulatory capture.

Authority

Against the backdrop of a pending online safety regime, participants considered state authority inadequate for platform regulation. Interviewees emphasised the need for a platform-focused legal mandate which they commonly equated to the yet-to-be-implemented OSB. My interviews showcase how the regulatory agencies, confident in the eventual passage of the bill and the establishment of government’s legal authority over platforms, attempt to mandate platform compliance even while the OSB is still in development and has not been passed; as one subject put it, the agencies “flexed their regulatory muscle” (interview 18). For example, regulatory agencies like the CMA or Ofcom offer voluntary audits for platforms against likely OSB requirements (interview 28). Contrariwise, a handful of participants pointed out lax enforcement of existing authority. They argued that the non-enforcement of fit-for-purpose legal frameworks on competition, tax and free speech encourages neglectful platform behaviour and results in an underuse of government scrutiny (interviews 20, 27). An interviewee in a high-ranking position at Ofcom argued that as long as the OSB is in development, platforms profit from “a little bit of leeway” (interview 18).

What is more, the interviews indicated that platforms actively challenge existing legal authority. In line with what has been found in other research in this area (Lobel, 2016), participants revealed that platforms habitually exploit legal gaps and political benevolence as an integral strategy of disruptive business models. For example, interviewees accused platforms of profiting from harmful but legal content or dubious advertising practices while being aware of their potential harms. To that extent, platforms regularly pursue litigation against emergent regulatory interventions such as fines or information requests (interview 20).

Beyond firms challenging state authority, the data reveals that platforms, as opposed to the government, are thought of as a source of authority in online safety regulation. Interviewees widely considered platform policies and technology as de facto binding protocols that steer user behaviour, which participants likened to the way in which regulation steers a public. An interviewee from a regulatory agency argued:

"[Platform] organisations are developing de facto standards by virtue of their market share. That means that everybody has to follow them. And I think we know what we’re talking about there, as opposed to potentially what impact a state actor could have on pushing a standard that then is expected to be implemented”. (interview 18)

This statement exemplifies that not only do participants acknowledge platform authority over users, but, at least for very large platforms, consider it to be in some ways superior to state authority: due to big tech’s enormous user base, measures taken by platforms directly impact users worldwide, whereas state measures only impact users in the UK (interview 5). A member of the DCMS Sub-Committee said: “it’s a public policy issue, what [platforms’] internal policies are” (interview 13), treating the public and platform users as the same.

Overwhelmingly, however, interviewees took issue with platform authority. They stressed that their authority lacked legitimacy and due process and noted that platforms fail to use their authority to self-regulate (interviews 2, 5). Even the participants who represented platforms expressed unease with the potential impact of their decisions, especially with regard to freedom of speech matters and the representation of minority voices.

Despite those concerns, several instances were discussed in the interviews where the government engaged platform authority to compensate for deficits in government capacity. In this context, interviewees offered various iterations of a similar narrative. Government actors evaluate a situation connected to the spread of harmful but legal content to be an urgent safety threat. Civil servants then share examples of such content with platforms. They demand that platforms deploy their authority in the form of corporate policies. Demands range from general comments on the “suitability” (interview 7) of policies, to demands for content removal or blocking of broad categories of content, to requests from the revision of policies or the creation of new ones altogether (interviews 2, 7, 10). In contrast, interviewees also spoke about trusted flagger programmes, whereby government stakeholders flag individual pieces of content to platforms for priority review against corporate policies. Participants were acutely aware that the government holds no legal authority over harmful content, instead co-opting platform authority to use platform policies and organised expertise to enforce them. An interviewee from a government department recalled complex considerations for engaging platform authority:

"None of this content is illegal … but we are worried about the effects … we don’t want this image spreading, people getting attacked or property damaged, or people get seriously ill and die … but at the same time, we’ve got to be absolutely sure we’re on the right side of democratic principles”. (interview 2)

Civil servants demonstrated an intricate knowledge of platform policies. Numerous interviewees explained that policymakers study proprietary platform terms of service agreements (interview 2, 10). . This underscores that while the government co-opts platform authority, they ultimately do so on the platforms’ terms. A well-documented example concerned the stern request of Oliver Dowden, then DCMS Secretary of State, for platforms to limit the spread of legal misinformation that linked 5G infrastructure to the spread of coronavirus. After several 5G masts were set on fire in 2020, Dowden reportedly “summoned” (Kelion, 2020) platform staff and demanded stricter policies which platforms reportedly instituted (interviews 3, 24).

Organised expertise

Several interviews pinpointed insufficient technical expertise among public sector staff at government departments and regulatory agencies, causing capacity deficits in platform regulation (interviews 16, 23, 24). According to the assessment of participants, state expertise is often inferior to that of the firms, especially with regard to platform technologies and algorithms. The most severe deficiencies in expertise are attributed to politicians. In particular, high-profile officials are often described as “uniformed” (interview 17) and thought to rely on “lived experience” (interview 16) as private users of internet platforms, resulting in oversimplified notions of complex policy issues (interviews 17, 21, 24). An interviewee working in public affairs for a platform said:

"I think the bigger risk isn’t that people don’t understand it. It’s the people who think they do understand it … I don’t believe many people who regulate the aerospace industry, do you really think they know how planes fly?" (interview 17)

Paradoxically, despite the recognition of deficits, interviewees considered state capacity to be sufficient for the development of novel platform regulation. Participants frequently pointed to similar regulation – the experience of DCMS in broadband spectrum policies, or Ofcom’s background in content regulation (interview 21) – as proof of expertise yet failed to mention considerations around the transferability of expertise to platform contexts.

Despite ambiguous views on government expertise, interviews highlighted several government initiatives aimed at building capacity for the emergent platform regulation regime. Participants described a “surge in staffing” (interview 31) at key regulatory offices. Ofcom created 350 new roles for the OSB (Ofcom, 2022) and the CMA launched a unit for overseeing “the most powerful digital firms” (CMA, 2021). Additionally, interviewees described a push towards “greater cooperation on online regulatory matters” (CMA et al., 2021), culminating in the launch of the Digital Regulation Cooperation Forum (DRCF), which is tasked with pooling organised expertise across key agencies regulating the digital sphere.

Other than building up in-house capacity, the government relies on input from platforms to supplement insufficient organised expertise. As detailed in the section on authority, the government hosts regular meetings with major platforms, especially in times of crisis. These meetings aim at establishing a “collective understanding” of the information environment though not “a collective response”, according to a participant from a government department (interview 7). But according to several interviewees, there are “grey area conversations” (interview 7) in which the government called on platforms to deploy, not only their authority, but organised expertise to counter emerging threats. My analysis documented several instances where officials asked platform personnel to moderate content by deploying organised expertise in the form of human or technical content moderation. Civil servants widely acknowledged that the government does not have sufficient staff or technical resources to moderate content at scale, but generally thought that large platforms hold adequate organised expertise (interview 2, 7). Interviewees voiced concerns about the appropriate level of government involvement without a legal mandate yet stressed the need for agile interventions at scale – and according to participants, this cannot be accommodated through lengthy law-making processes such as the OSB, thus necessitating platforms’ organised expertise (interviews 2, 7, 16, 17).

Conversely, my interviews at the same time revealed rivalry over organised expertise. The public and private sectors were in direct competition for highly skilled, technical talent. To level up with platform salaries, the government has overhauled salary structures for technical roles. A participant from a regulatory agency explained:

“There was a limited talent pool available anyway in the country. Because you had to have taken an altruistic approach to end up working in [the public sector] …. Now we can actually get employed on a proper salary, which is always nice, and the skill sets we have range across all the different spectrums, networks, cybersecurity, image text classification”. (interview 18)

Highlighting the interplay of states and platforms around organised expertise, my analysis reveals evidence of a revolving-door problem, whereby high-level government employees move to public affairs roles at platforms. Among my interview subjects, of the five subjects working in industry four previously held roles in UK government departments, including at DCMS and the Cabinet Office. One the other hand, none of the subjects working in government were previously affiliated with industry. What is more, experts have pointed out patterns of platforms hiring high-ranking staff at UK government departments and regulatory agencies as well as politicians in policy roles (Courea, 2022; Gemmell, 2021). Perhaps most prominently, Nick Clegg, a former Deputy Prime Minister has been the head of global affairs at Meta since 2022. According to Corporate Europe Observatory around three quarters of Google and Meta’s lobbyists that hold or held European Parliament accreditation in 2022 have formerly worked at a governmental body (LobbyControl, 2022). Researchers have connected revolving-door problems with regulatory capture and spill-over effects of sensitive organisational expertise (Dal Bó, 2006).

Interim conclusion

Summarising the central findings of my analysis, I argue that, firstly, the government lacks information on platform activities, and so relies on platforms to provide this resource; but platforms purposefully restrict information in order to challenge regulation. Second, both states and platforms possess substantial, though disparate, treasure for online safety regulation, however regulation may be necessary to direct platform resources towards offsetting the societal costs of their service. Third, there is a gap in organised expertise, though the government increasingly competes with platforms for limited resources and informally requests that platforms deploy their organised expertise at scale. Fourth, against the backdrop of an emergent regime, and therefore enhanced government legal authority, platforms hold de facto authority over their users, and the government engages corporate authority towards content moderation without a formal mandate.

Discussion

In this chapter, I have proposed and implemented a capacity-based approach to the study of the emerging system for platform regulation in the UK. Distilling and expanding on traditional models of governance and regulation (Black, 2003; Hood, 1983; Hood & Margetts, 2007), I have identified four salient capacities that are central to the regulation of digital technologies. I deploy the capacity-based approach to trace relative resource configurations of public and private actors in interplay, revealing persistent capacity deficits and asymmetries. Finally, in this section I discuss the feasibility of strategies for overcoming the capacity challenges identified.

My empirical work has showcased that state capacity is interwoven with platform resources in complex ways that prompt resource interdependencies and rivalry but that also hold potential for collaboration. Therefore, I have argued that regulatory capacity is relative and best understood as a function of its resource position in relation to platforms. Examining state-platform interplay, I have revealed capacity asymmetries prompting risks of regulatory capture whereby platforms use their resources to influence and impede regulatory development. Thus, this analysis offers not only evaluative assessments of resource configurations but also explanatory insights that illuminate regulatory development.

To bring these findings into dialogue with the emergent regulatory regime, in what follows I discuss regulatory capacities in the context of the OSA (Online Safety Act, 2023). While the implementation of the act is ongoing at the time of publication, my aim is to discuss whether the overarching regulatory approach outlined in the act is equipped to mitigate capacity-based challenges to regulation.

Risk assessments, safety duties, and terms of service

The OSA mandates that platforms conduct risk assessments on their services, including design, operation, and content, to evaluate the risk of users encountering illegal content (Part 3, Chapter 2, Section 9). For services likely to be accessed by children, a separate risk assessment is required to evaluate the harm to children from harmful content (Part 3, Chapter 2, Section 11). The Act also imposes safety duties on platforms, requiring them to adopt proportionate measures to mitigate risks through content moderation, technical features, and user support measures (Part 3, Chapter 2, Section 10). Additionally, the OSA creates a duty for platforms to adopt clear and accessible terms of service and consistently apply them to protect users from illegal or harmful content, such as setting out terms to prevent children of a certain age from accessing a service (Part 3, Chapter 2, Sections 10 & 12). The OSA leverages the platforms’ organised expertise – in this context, predominantly staff and technology – to identify and mitigate risks associated with complex technologies, system-level outcomes, and content enabling the government to utilise superior platform capacity while also pre-empting issues related to limited government resources given the scale of services and content in scope. In line with findings from the interviews, in the implementation of the OSA the government recognises the authority of platform rules in steering users. The act actively enlists platform authority in its implementation of an online safety regime, requiring platforms to define and apply proprietary rules for the mitigation of illegal and harmful content.

Information powers and transparency requirements

Secondly, the OSA grants Ofcom wide-reaching information powers to request from platforms “any information that they [Ofcom] require for the purpose of exercising, or deciding whether to exercise, any of their only safety functions” (Part 7, Chapter 4, Section 100). This includes information necessary to assess compliance, evaluate technology accuracy and effectiveness, and carry out research on online safety issues, such as illegal content and user exposure to risks (Part 7, Chapter 4, Section 100). Under these provisions, Ofcom will also be authorised to view information demonstrating the operation of systems, including algorithms, in real time (Part 7, Chapter 4, Section 100). However, all information must be proportionate to the use to which the information is to be put in the exercise of regulatory functions. Ofcom also has the authority to appoint skilled persons within a company to provide reports for compliance assessments and risk understanding (Part 7, Chapter 4, Section 104). The OSA requires platforms to produce regular transparency reports (Part 4, Chapter 5, Section 77). These provisions directly relate to platforms’ regulatory capacities. With these substantial information powers, Ofcom can help address persistent information asymmetries, which will enhance the government’s resource position in information. Going forward, the government’s increased information capacity can inform a more data-driven decision-making on the use and development of other capacities. Additionally, the government enrols platforms’ organised expertise by requiring firms to collect and make information on online safety issues accessible in reports (Part 4, Chapter 5, Section 77).

Enforcement powers, codes of practice, and guidance

Finally, the OSA empowers Ofcom to oversee and enforce compliance with the new regulations and corresponding duties, including the ability to issue penalties of up to 10% of a platform’s annual global revenue or daily rate penalties for ongoing non-compliance (Part 7, Chapter 6, Section 137 & Schedule 13). Thus, the OSA allows for the distribution to the government of substantial treasure from platforms that violate the law. Ofcom may also seek court orders to impose business disruption measures in the most serious cases, which could revoke a platform’s access to third-party services such as internet service providers or payment services (Part 7, Chapter 6, Section 144-148). Additionally, Ofcom will be required to produce codes of practice that specify the measures that platforms must take to comply with the various requirements and provide guidance documents on how platforms can institute this (Part 3, Chapter 6). However, experts argue that adherence to the codes of practice may not be mandatory but would establish a presumption of compliance with the relevant duty (Heywood, 2022). To summarise, the OSA invests considerable authority in Ofcom and creates a legal basis for government intervention in online safety related platform matters, while placing a significant burden on Ofcom to help companies understand evolving risks and compliance requirements. Yet while the risk-based approach enlists some platform authority, ultimate authority lies with Ofcom and UK courts.

When examining the OSA with regards to regulatory capacity, it becomes evident that platform regulation in the UK will remain characterised by a complex interplay between the state and platforms, even after the implementation of the Act. The approach relies on a risk-based duty of care, and this enrols private firms in regulation and requires platforms to use their proprietary capacities, including authority and organised expertise, to develop and enforce measures that comply with the regulatory framework. This allows the government to tap into the superior resources of platforms while avoiding substantial investments in internal capacity building. What is more, under the OSA, the government can also acquire resources held by platforms – primarily information – to level the capacity asymmetry between them.

Despite this increased access to regulatory resources, the relative scarcity of resources in government, in contrast to the resource richness of large platforms, persists. This asymmetric resource constellation not only diminishes the government’s capacity to act as a regulator, but it also elevates platforms to a position where they can use resources to capture regulatory processes by strategically withholding or leveraging resources for gain.

Yet this is where perhaps the OSA’s most significant achievement comes into play. In creating a legal basis to regulate what some have considered a lawless “Wild West” and in empowering Ofcom to oversee and enforce platform’s compliance with the regime, the Act enables the UK government to establish authority over private platforms. Nevertheless, the risk-based approach still leaves the platforms with substantial leeway, particularly as codes of practice and guidance will only become established upon the initial implementation of the Act. If the government remains short on essential regulatory capacities in the future and entirely reliant on the platforms to access relevant resources, the successful implementation of the OSA rests primarily on the government’s legal authority and its ability to devise and enforce policies for good governance.

Further research is needed to determine if the framework of regulatory capacity and its four salient resources can explain regulatory processes across other governments and regulatory sectors related to digital technology. It is also necessary to study how platforms’ capacity can be enrolled in formal regulation while mitigating the risks of capture. While this study narrowly focuses on state-platform interplay, civil society organisations and research institutions are likely loci of regulatory capacity that remain unexplored here. A systematic analysis of government, state, and civic actors with regard to their capacity to fulfil regulatory functions could offer an important empirical perspective to inform the ideal enrolment of actors and their respective resources in regulation going forward.

Conclusion

In this article, I have examined the UK’s emergent online safety regime as a case study to investigate why even high-capacity, well-resourced democracies grapple with the regulation of internet platforms. Drawing from regulatory theory, I have proposed an original framework of four salient resources for the analysis of regulatory capacity in technology regulation. I have presented an original data set of 33 elite interviews with subjects from government, regulatory agencies, digital platforms, and civil society, in triangulation with a document analysis of government communications. The study makes a number of important findings. First, the government lacks key regulatory resources, resulting in a persistent capacity deficit. Second, there are persistent resource asymmetries between states and platforms, with platforms holding a capacity advantage. Third, the asymmetric resource constellation leads to a risk of regulatory capture, whereby platforms exploit government’s reliance on their resources. Finally, applying these findings to the Online Safety Act, I have argued that the Act contains provisions that capacitate the government to enrol platform resources in ways that preempt regulatory capture, by setting rules that require platforms to share and make their resources accessible and by specifying how they should do so. However, the success of this approach depends on the government’s ability to effectively oversee and enforce the regulatory regime.