“Like airport security for UGC”: The Mobile Mavens react to the UK's Online Safety Act
- "We’ve all become trained to accept cookies now we’ll hand over our identity too." - Oscar Clark
- "Developers might soon need a law degree just to ship a dialogue tree." - Kelly Vero
- "If compliance becomes too much of a hassle, it can drive more developers to environments that are already certified." - Elina Arponen
The UK's new Online Safety Act has come into force introducing regulations aimed at making digital spaces safer, including video games.
With new regulations and penalties for non-compliance, the legislation has left some developers wondering about the implications for games that offer online features such as chat systems and user-generated content.
In the wake of these new rules, we asked our Mobile Mavens for their thoughts on the Online Safety Act, including challenges it poses and the potential impact for developers.
Kelly Vero
What is it called? People’s Front of Judea? Judean People’s Front?
Oh, Online Safety Act! Yes, because we Brexited. Well, I was really happy with COPPA and GDPR. Two solid bits of legislation that, for all their bureaucratic nightmares, at least came with international consensus and a sense of digital literacy.
But no, we needed our own thing, didn’t we? Something uniquely British, something that sounds like it was drafted by people who’ve never picked up a controller or spoken to a teenager. Something with the flair of a PTA meeting and the reach of a surveillance state.
“The Online Safety Act arrives wrapped in moral panic and dipped in algorithmic confusion.”Kelly Vero
The Online Safety Act arrives wrapped in moral panic and dipped in algorithmic confusion. It wants platforms to magically protect users from “harmful but legal” content; a phrase so vague it might as well be an RPG quest item.
Impact on the games industry? Let’s see:
- Moderation expectations on UGC platforms (hello, Roblox, Dreams, Rec Room) now resemble airport security. But with less training and more existential risk.
- Developers and publishers might soon need a law degree just to ship a dialogue tree.
- Smaller studios? You thought launch bugs were bad? Wait until your narrative sandbox needs an Ofcom-compliant safety filter.
And let's not forget the age verification fiasco - because nothing says fun like biometric scans before you can play Call of Duty.
Don’t get me wrong: protecting kids online is crucial. But if your legislative solution risks turning every game studio into a compliance office, you’re not saving the industry, you’re stifling it. And the UK government has stiffed this yet again.
Elina Arponen
This kind of safety measure is usually handled by large social platforms like Facebook and Discord that embed games.
This could mean that for smaller studios it is more valuable to embed their games on these existing platforms and use their social features rather than implement their own solutions.
If compliance becomes too much of a hassle, it can drive more developers to environments that are already certified.
Oscar Clark
It won't come as any surprise that I feel this legislation is ill-thought through, poorly conceived and basically a 'Snooper's Charter' by the back door. Or perhaps it's the 'Great Firewall of the UK'.
As much as it's about "protecting the kids", in reality it won't realistically do more than provide a chilling effect on the development of any content which someone considers not appropriate, as well as barring access to many adults' completely legitimate content, and even more who will voluntarily exclude themselves to protect their private identity. We only have to see the reactions from Steam and Itch to see that this overreach has already started.
Oh, and anyone who wants to circumvent these regulations can do so very simply and whilst the legislation itself prevents me from saying that too loudly it's very obvious...
The net effect is that any smaller developer cannot realistically take the risk to develop most online, multiplayer or UGC experiences for UK audiences as the costs, risks and barriers to entry are too great.
“The net effect is that any smaller developer cannot realistically take the risk to develop most online, multiplayer or UGC experiences.”Oscar Clark
The fines alone are prohibitive, and the fact that Ofcom is the enforcing body does not fill me with confidence. I believe Apple has already removed some of the services to UK users as a result - and rightly so. No secure system with a backdoor is ever actually secure!
A proper debate is needed to address issues related to child protection and exploitative materials. At the very least, this responsibility should be shared between the content creator and the platform host (and yes, a developer can fulfil both roles). That would have limited the security and authentication problem to larger platforms.
This matters because we will now have to provide our identity to everyone who has content that can be remotely considered not just 'adult', but needing verification.
We have all become trained to accept 'Cookies' without reading the details and will increasingly become accustomed to providing actual evidence of our identity to random sites.
I believe this will trigger a bonanza of identity theft as well as hacking attacks on any servers with this information. Can we expect small studios to have the capacity to defend against the coming barrage of attacks?
Oh, and have a look at the data behind the age verification tools. Credit card verifications (which apparently the act allows - despite I believe the AADC stating this wasn't sufficient) is notoriously problematic due to kids accessing their parents' cards and the connection between credit cards and levels of debt. But the visual recognition software has a massive level of false positives and false negatives which is deeply concerning.
There seems to have been at last some consumer backlash since the act came into force, but we still have a regressive, problematic act which can easily be bypassed (or fail to deliver) that won't deliver the expected protections and which will create a massive competitive disadvantage to the UK digital economy, mostly directed at the smallest developers.
There are some really interesting positive approaches being considered and I'm interested in how folks like PlaySafeID are looking to make it an aspirational element in esports to be authenticated, but who seem to be aiming to provide distance between the game and the person to allow you to retain personal privacy.
I think we will see more teams doing things like that to turn this terrible legislation into something more manageable. Better yet - let's revoke it as unworkable please!
Martine Spaans
I don’t know the ins and outs of the UK Act since I am not part of the UK game ecosystem. However, I can say that this UK Online Safety Act is not alone. On many fronts, the games industry is scrutinised.
Consumer protection organisations such as the CPC network or the BEUC are suggesting European regulation for the entire games industry without actually consulting the industry, resulting in unrealistic proposals that would break game design and immersive experiences.
“Imagine having to sign a digital contract every time you decide to spend some gems on a booster or an outfit for your character.”Martine Spaans
Imagine having to sign a digital contract every time you decide to spend some gems on a booster or an outfit for your character. If this were to become reality, it is likely that American and Asian publishers would simply withdraw their games from the European market, as adjusting them to the regulations would be too much effort.
And of course, on a global level, we saw distribution platforms Steam and Itch.io applying censorship just a few weeks ago, after an Australian anti-sexploitation collective pressured payment providers into action.
I believe these initiatives don’t bear grudges against the whole games industry, but their actions seem to be based on incomplete information about our sector, or in the worst case, even misinformation.
People