SUMMARY
- The UK’s Online Safety Act has emerged as one of the greatest global threats to online free speech, with UK regulators recently using it to force X to re-engage with the censorship industry.
- The nonprofit Carnegie UK played an outsized role in influencing the act, conceiving of the “duty of care” framework at the heart of the OSA, which forces tech companies to proactively censor their platforms.
- After proposing the framework in 2018, Carnegie UK spent five years briefing the UK lawmakers who crafted the legislation.
- Tackling disfavored political narratives was the goal from the start, with Carnegie UK urging lawmakers to include “climate disinformation” under the umbrella of “harmful” online content.
- The nonprofit also urged UK lawmakers to include “small but high-harm platforms” within the scope of the act, a recommendation that appears to have been followed given Ofcom’s use of the OSA to target smaller sites such as 4chan and KiwiFarms.
The UK’s Online Safety Act went into force last July. Framed in the media as a child safety device, the is in fact far more sweeping, coming down on mis- and disinformation, “racially or religiously aggravated order offenses,” and content related to illegal immigration.
Under the enforcement section of the act, a platforms advertising, payment processing, and web hosting providers can be targeted too. Even if an American company has no UK customers, it could still be targeted if it provides services for a company with a “significant number of UK users.”
The UK’s internet regulator, Ofcom, has used the Act to target a slew of American websites, including 4chan, the message board known for dissident political content. TikTok’s OSA-compliant moderation tools were used to briefly censor Zia Yusuf, one of the leaders of the opposition Reform party. And Ofcom has determined that even websites that deliberately cut themselves off from the UK market can still be found liable, if users access them via VPN — essentially a license to fine and punish any website, anywhere in the world, regardless of its connection to the UK.
The OSA did not emerge out of thin air — this report will examine two organizations with close ties to the censorship industry in the US, which played a pivotal role both in conceiving the Act and shepherding it through the UK Parliament.
Carnegie UK
On the day the Online Safety passed, Carnegie UK’s chief executive published a statement that read less like a charity press release than a victory lap: “Today, the King gave his assent to new legislation designed to protect UK social media users from harm. This follows five years of work by Carnegie UK.” The press release traced the origins of the OSA to a proposal from Carnegie UK researchers in 2018, who recommended the “duty of care” framework that forms the bedrock of the Act.
Pictured: Carnegie UK chief executive Sarah Davison credits her organization with conceiving the regulatory mechanism behind the Online Safety Act
- “This follows five years of work by Carnegie UK,” working with “over 50 partners.”
- In 2018 the foundation published the Perrin–Woods blogs “which outlined a new proposal for social media regulation,” drawing on health-and-safety law to impose “a statutory duty of care” enforced by “a regulator independent of government.”
- “A year later, the UK Government published its White Paper on tackling online harm, with this duty of care approach at its core.”
- “Since then, the Carnegie UK team has worked hard to ensure that the Online Safety Bill delivers that vision” — providing evidence to “multiple Parliamentary committees and inquiries,” and “convening and advising other charities, think tanks and campaign groups.”
The foundation’s work, it adds, was “repeatedly cited in debates by Parliamentarians of both Houses.” Carnegie didn’t merely influence the Act; by its own account it authored the concept, watched the government adopt it almost wholesale a year later, then spent five years steering the drafting and shepherding amendments.
On the same data a LinkedIn post by William Perrin OBE, one of the people Davidson credited with conceiving of the “duty of care” framework, added further detail to the nonprofit’s role in the creation of the Act.
“So today the Online Safety Bill became the Online Safety Act — a five and a half year journey to implement the proposal my brilliant colleague Prof Lorna Woods published at Carnegie UK in Spring 2018: reduce the harm from social media through a statutory duty of care requiring risk management of company systems overseen by a regulator. It’s very unusual and a real privilege to work on a completely original idea and then follow it through to being made into law.”
Pictured: Carnegie UK trustee William Perrin’s LinkedIn post, the day the Act passed
“A completely original idea … followed through to being made into law.” The author is not a minister, not a civil servant, not an elected legislator. He is a trustee of a charity, describing a private policy proposal that became the law of the land.
Perrin previously enjoyed a high-flying career in the UK government, serving as tech policy advisor to Prime Minister Tony Blair from 2001 to 2004, and played an instrumental role in the creation of Ofcom, the very same agency that now enforces the OSA.
Perrin also credits Carnegie associate Maeve Walsh, whose organizing, in his words, “generated a huge network of over 40 organizations with a strong common purpose — regulation to manage risk.”
He describes the network’s mechanics plainly: “Whole campaigns would bud off this network, achieve a government concession then return.” And he names the funders who made the multi-year campaign possible — “our colleagues at Reset, Luminate and Minderoo” — alongside Carnegie’s own board.
Targeting Political Narratives
When the Online Safety Act was launched, UK government ministers promoted it to the public as a child safety measure. Its provisions targeting “hate speech” and “disinformation” were downplayed. The work of Carnegie UK shows that suppressing political narratives was the goal from the start.
In a December 2021 paper authored by Perrin, Woods, and Walsh, Carnegie UK argued for what it itself titled “radical change needed to online safety bill to tackle climate disinformation.”
“Climate change is a serious threat to the safety and security of United Kingdom citizens. Malicious actors spreading false information on social media could undermine collective action to combat these threats. Yet the draft Online Safety Bill is not designed to tackle a threat to society like climate change disinformation.”
The paper then proposes “Carnegie UK amendments to the Bill” described as “the radical work needed to bring climate change within scope.” The architects of the “duty of care” were openly seeking to expand a regime sold to the public as protection for children into a tool for policing what the foundation classified as “disinformation” on a contested policy question.
Stated in the architects’ own words: a “systemic,” content-neutral-sounding “duty of care” is elastic enough to be pointed at whatever category of speech its operators next deem harmful.
The architects got their wish: the OSA has been used to justify the censorship of a range of political posts on social media, including a sitting MP’s speech about Pakistani grooming gangs in the north of England, an MP’s speech about declining birthrates, a satirical account mocking multiculturalism, and more recently, a video on immigration from Reform UK’s shadow home secretary.
Small But Harmful
A striking characteristic of the Online Safety Act compared to other censorship regimes is the willingness of the enforcement agency, Ofcom, to target not just large platforms like Elon Musk’s X but also smaller message boards like 4chan and KiwiFarms.
Here, too, we see Carnegie UK’s fingerprints: in July 2023, Carnegie UK published a report calling on Parliament to include “small but high-harm platforms” within the scope of the Act.
Per Carnegie UK’s memo, the purpose of including smaller sites within the Act’s scope is to ensure that there is no escape route for users and content that is banned on larger platforms:
However, some small platforms pose a very high risk to users, but, because of their size, won’t meet the threshold for Category 1. These small high-harm services, which include dedicated hatred and harassment sites, will not be subject to appropriate “Triple Shield” risk mitigation measures for the level of harm they pose to users. This opens a large gap in a risk-based regime, both in terms of protection for users and the ability for OFCOM to intervene.
For example, these small services may have evolved into high-harm sites organically, or they may – once the regime is in force – become such as a means of escaping the regulatory requirements that will otherwise be imposed only on larger sites.
This helps explain why Ofcom has so aggressively pursued smaller forums in addition to Elon Musk’s X — they don’t merely want to ban disfavored speech from the main platforms, but from the internet as a whole.
Carnegie UK and Carnegie US
A natural question follows from the name: is this the same Carnegie as the New York foundation and the Washington think tank that recur throughout American counter-disinformation operations reporting?
Legally and operationally, no. Carnegie UK has its own royal charter, its own Scottish endowment, its own board, and its own remit; it is not a subsidiary of, nor controlled by, the Carnegie Corporation of New York, the Carnegie Endowment for International Peace, or any other US Carnegie body. But “no common control” is not the same as “no connection,” and the family relationship is both real and documented.
By Carnegie Corporation of New York’s own account, more than 26 organizations worldwide now bear Carnegie’s name and are “considered members of a ‘family.’” That statement is not merely sentimental: the Carnegie institutions hold a recurring biennial meeting of the CEOs and senior trustees of the Carnegie institutions, billed as “an opportunity to share insights and reflections … and to identify opportunities.”
So there is a standing forum in which the head of a Scottish charity that just authored Britain’s internet-speech law sits down, on a regular cadence, with the leadership of the American Carnegie philanthropies. That is a documented coordination channel between independent entities — sibling organizations from the same fortune, sharing a name, aligning around periodic meetings.
While the British sibling was writing the duty of care, the American sibling — the Carnegie Endowment for International Peace — was running one of the most consequential nodes in the U.S. “counter-disinformation” apparatus: the Partnership for Countering Influence Operations (PCIO), and within it the Influence Operations Researchers’ Guild. That guild was managed by Dean Jackson, a figure FFO has covered extensively before.
Before Carnegie, Jackson spent roughly eight years at the National Endowment for Democracy working on “disinformation, media manipulation, and emerging technologies,” then served as an investigative analyst for the House January 6th Committee, where he helped lead the inquiry into social-media platforms’ role in the events of that day. At Carnegie he co-authored Countering Disinformation Effectively, a policy guide cataloguing interventions for governments and platforms to deploy against “disinformation.” He is on record describing the global counter-disinformation apparatus as an “industry” of “intelligence analysts.”
In other words: the same philanthropic “family” that designed Britain’s systemic speech-regulation regime also houses, on the American side, a dedicated machinery for defining and combating “disinformation” — the very elastic category Carnegie UK was simultaneously lobbying to write into the Online Safety Bill.
