According to New Scientist, 2025 was the year multiple countries enacted strict online safety laws, led by the UK’s Online Safety Act (OSA) which came into force on July 25. The OSA forces websites to block children from pornography, self-harm, and violent content, and has already caused a flurry of small sites to shut down due to the regulatory burden. Australia’s new law this month bans social media for under-16s, with fines up to AUS$50 million for non-compliant companies, while the EU debates similar measures. UK regulator Ofcom has flexed its muscles, fining the AVS Group, which runs 18 porn sites, £1 million for inadequate age checks. However, technology is undermining these laws, with VPN searches soaring by up to 1800% daily after the OSA launched, and facial-recognition age checks being fooled by screenshots of video game characters.
The Compliance Minimum
Here’s the thing: these laws assume platforms will be earnest partners in enforcement. But Andrew Kaung, a former safety lead at Meta and TikTok, throws cold water on that idea. He points out that harmful content often gets amplified because it drives engagement and ad revenue. So, is a company whose profit depends on attention really going to aggressively limit it? Kaung is skeptical, bluntly stating that “profit is still king” and that tech giants will only ever do “the bare minimum in terms of compliance.” That’s a pretty damning assessment. It suggests all this legislative energy might just be creating a complex game of whack-a-mole, where platforms implement the easiest, most superficial fixes while the core algorithms keep churning.
The VPN Problem
And then there’s the VPN loophole, which basically makes a mockery of geographic-based regulation. When the UK’s age checks went live, news outlets reported a massive surge in searches for VPNs. One report noted daily sign-ups spiking by 1800%. So when we hear that a major porn site saw a 77% drop in UK traffic, it’s almost certainly not because 77% of users suddenly decided to go for a walk. They just clicked a button to appear from another country. The Children’s Commissioner’s solution? Age verification for VPNs. But that’s just another layer of digital ID for everyone, chasing the problem in circles. Can we really build a fortress internet where every gate requires a passport?
A Public Utility Future?
So if fines, bans, and easily bypassed checks aren’t the answer, what is? Academic Graham Murdock from Loughborough University argues we’re thinking too small. He believes regulation will always lag behind tech, so these new laws are destined to disappoint. His radical alternative? Treat the internet like a public utility. He envisions state-run services, like a BBC for the digital age, operating on a public charter rather than a profit motive. “The internet is a public service,” he says. It’s a fascinating, almost idealistic thought experiment. But in a world where even basic infrastructure struggles, could we ever build and maintain a non-commercial, global-scale internet that’s both safe and innovative? The political and technical hurdles are staggering.
Beyond the Blunt Instrument
Look, the intent behind these laws isn’t the problem. Protecting kids online is a noble and necessary goal. But the current approach feels like using a sledgehammer to perform surgery. It’s creating massive collateral damage—shutting down small sites, pushing everyone toward VPNs and surveillance, and likely just teaching a generation of kids how to circumvent digital borders. The Ofcom fines show the laws have teeth, but they’re biting the wrong things. Maybe the focus needs to shift from blocking access at the perimeter to fundamentally redesigning the engagement engines *inside* these platforms. Until that happens, we’re just building taller fences while leaving the back door wide open.
