According to TechRadar, the UK Parliament held a debate on the Online Safety Act (OSA) after a public petition calling for its repeal gained over half a million signatures. The petition argued the law, which became official in October 2023, is overly broad and restrictive. However, most MPs in the debate argued against repeal, suggesting the legislation should instead be strengthened. Key concerns raised included vague age-restriction rules and the privacy risks of age verification systems, like those mentioned by Liberal Democrat MP Victoria Collins. The discussion also revealed lawmakers are closely monitoring the use of VPNs by children and have not ruled out stricter rules for providers. Notably, the debate only briefly touched on expert warnings about threats to end-to-end encryption.
The real MP focus: VPNs and age gates
Here’s the thing: the debate showed where MPs’ heads are really at. They’re not losing sleep over encryption or free speech in the abstract. Their immediate, tangible worry is that kids will bypass all these new safety measures. So the villain of the piece? VPNs. It’s almost funny. Millions of adults use the best VPN apps for privacy, but now lawmakers see them as a cheat code for teenagers. The recent proposal from the Lords to ban VPNs for kids wasn’t dismissed—it’s a sign of where this is headed. They’re basically treating a general-purpose privacy tool like a digital crowbar for breaking into age-restricted content. And the age-gating itself is a mess. When an MP says the rules need to be “clearer, more consistent, and more proportionate,” you know the current guidance is a confusing minefield for platforms. So the push isn’t to remove these systems, but to double down on making them inescapable.
The encryption elephant in the room
Now, this is where it gets worrying for anyone who uses encrypted messaging. Experts like Jemimah Steinfeld from the Index on Censorship are sounding the alarm that the OSA could be used to break end-to-end encryption, calling it a “lifeline.” But MPs barely touched it. Even worse, when it was mentioned, some displayed a shocking lack of technical understanding. The idea that there are “easy technological fixes” to scan for illegal content without breaking encryption? That’s a fantasy. Technologists have repeatedly debunked this, notably during similar fights in the EU. The fact that this wasn’t a central part of the debate tells you everything. MPs either don’t grasp the technical reality, or they’ve decided that the trade-off is worth it. Both options are bad.
So what’s next? More rules, not fewer
Let’s be clear: this debate wasn’t about rolling anything back. It was a tuning session. The engine of the OSA is running, and MPs just want to adjust the carburetor for better performance. The next targets are already in sight: “harmful algorithms and generative AI.” The act gives Ofcom, the regulator, huge power, and they’ve already signaled plans to expand file monitoring requirements in 2026. The direction of travel is unmistakably towards more scanning, more monitoring, and more control. As Callum Voge from the Internet Society noted, this one debate won’t change the course. It’s going to take sustained public pressure to even get these fundamental concerns heard. Basically, the conversation has moved on from “should we have this law?” to “how can we make it even more comprehensive?” That’s a big shift.
A law built on technical misunderstandings
I think the core issue remains a massive gap between legislative intent and technological possibility. You can’t have a system that reliably verifies age or scans for specific content without collecting data or weakening security. It’s a paradox. And when you try to solve that paradox by banning tools like VPNs or mandating “technical fixes,” you’re not solving the problem—you’re just breaking the internet’s underlying infrastructure for everyone. The MPs seem focused on closing perceived loopholes, but what they’re proposing often looks like banning doors because you don’t like who might walk through them. The debate confirmed the OSA is here to stay. The real question now is how much collateral damage to privacy and security the UK public is willing to accept.
