The Summer Sprint: Parliamentary Hurdles to Pass the Online Safety Bill
Navigating the legislative maze of amendments and financial resolutions required to secure Royal Assent for the Online Safety Bill before the parliamentary summer break.


The calendar on the desk of every Secretary of State currently screams one warning: July 23, 2026. That is the projected date for the rise of the House of Commons for the summer recess, and it serves as the hard stop for the Online Safety Bill (OSB). After years of drafting, redrafting, and intense lobbying from Silicon Valley to Shoreditch, the legislation is finally in the "ping-pong" stage. However, passing the bill is not a formality; it is a high-wire act of legislative management.
For markets and tech innovators, the delay is not merely bureaucratic boredom. It represents a prolonged period of regulatory uncertainty. Venture capital stalls on compliance tech, and social media giants hold off on expensive trust-and-safety overhauls until the ink is dry. The path to Royal Assent is cluttered with three distinct hurdles: a rebellious upper house, a Treasury demanding fiscal restraint, and an encryption clause that threatens to fragment the UK's digital ecosystem.
Here is the realistic, step-by-step procedural roadmap that must be navigated in Westminster over the next four months to get this bill onto the statute book.
Clearing the Lords’ "Adult Content" Minefield
The first and most immediate obstacle involves the amendments returned from the House of Lords last week. Specifically, Peers have dug their heels in on Schedule 5, which mandates strict age verification for all sites hosting user-generated pornography. While the government supports the principle, they are wary of the logistical and privacy fallout.
The Lords have inserted an amendment requiring all verification providers to be accredited by a regulator, with a liability shield that protects platforms if the third-party verifier fails. The Department for Science, Innovation and Technology (DSIT) views this as a compliance nightmare that creates a loophole for bad actors. To pass, the Commons must overturn this specific amendment without triggering a full rebellion from backbenchers who want the bill to be as draconian as possible.

The parliamentary maneuvering required here is precise. The government needs to table a "reasoned amendment" in the Commons arguing that the Lords' approach compromises data privacy by creating centralized databases of users' sexual preferences. They must win this vote by a margin of at least 15 votes to send a strong signal back to the Upper House. If they lose this, the bill gets stuck in a cycle of mutual rejection that eats up valuable sitting weeks. The outcome of this vote, likely scheduled for April 14, will be the first true indicator of whether the summer deadline is achievable.
Securing Ofcom’s Funding Via the Money Resolution
Legislation in the UK Parliament comes in two parts: the Bill itself, which creates the law, and the Money Resolution, which authorizes the spending. The Online Safety Bill imposes massive new duties on Ofcom, requiring a recruitment drive of roughly 500 staff, including forensic data analysts and AI ethics specialists. According to the Spring Budget documents released on March 18, 2026, the Treasury has allocated only £40 million for the setup phase. Ofcom’s own confidential briefing to the DCMS Committee, leaked last Thursday, puts the actual requirement closer to £65 million.
This £25 million black hole must be plugged before the bill can proceed. The Treasury is currently refusing to sign off on a Money Resolution that covers the higher estimate. This creates a bizarre scenario where MPs could vote for a law that the regulator cannot afford to enforce.
The step required here is a political trade-off. The Chancellor is likely to demand that DSIT find the savings elsewhere in its budget—potentially from the AI Safety Fund. Readers watching the markets should pay close attention to the Public Accounts Committee hearing on April 2. If the Treasury witnesses confirm the Money Resolution will be delayed until the Autumn Statement, the bill is dead for this session. The only way to bypass this is an urgent oral agreement from the Prime Minister to reclassify the spending as "essential national security infrastructure," a move that would anger fiscal hawks but save the timeline.

Resolving the Encryption "Client-Side Scanning" Standoff
The most technically complex hurdle remains the encryption protocol in Clause 12. The current draft allows Ofcom to require "accredited technology" to scan for child sexual abuse material (CSAM) in encrypted messaging apps. Tech giants, led by Signal and WhatsApp, have threatened to withdraw services from the UK market entirely if this clause passes in its current form.
The government is caught between child safety advocates and the reality of end-to-end encryption mathematics. You cannot have a backdoor that only lets the "good guys" in. The innovation sector is watching this closely because it sets a precedent for state access to proprietary software.
To pass before summer, the government must accept a compromise amendment currently being floated by the cross-party Science and Technology Committee. This compromise shifts the burden from "breaking the encryption" to "metadata monitoring." Instead of scanning the content of messages (which requires breaking encryption), platforms would be required to analyze behavioral patterns—who is talking to whom, how often, and at what times—to identify grooming gangs. This is less intrusive but still raises civil liberty concerns. We have seen similar 5 policy u-turns that defined the pre-election period, and a reversal here on the client-side scanning mandate feels inevitable. If the Secretary of State does not signal a shift on this by mid-May, the bill will face a "wrecking amendment" in the Lords led by a coalition of Liberal Democrats and libertarian Conservatives.
Third Reading and the "Legal but Harmful" Definition
With the funding resolved and the encryption debate softened, the bill moves to its final substantive hurdle in the Commons: the definition of "legal but harmful" content. This has been the swinging pendulum of the bill's history. Initially, the bill required platforms to remove legal content that was harmful to adults. After a backlash regarding free speech, this was watered down to a "duty of care" regarding systems and processes.
However, recent pressures from the US election outcome forcing a change in UK defence spending have bled into digital policy discussions. There is a growing concern in Westminster about foreign disinformation influencing UK stability. Consequently, the Home Office is pushing to reintroduce stricter obligations for "disinformation that causes real-world harm," particularly around elections.
The step here involves a last-minute government amendment to the Third Reading. Expect to see a new clause introduced around June 10 that specifically protects "democratic processes" rather than vague "mental health" impacts. This recasts the regulations as a matter of national security rather than nanny-stating, which usually unifies the Conservative benches. The market impact here is significant; platforms will have to prioritize political content moderation algorithms over other types of harm detection, shifting ad spend and resource allocation dramatically.
Royal Assent and the Commencement Orders
Assuming the government survives the votes on the Lords' amendments and the Treasury releases the funds, the final step is procedural formality with real-world timing implications. The bill receives Royal Assent—likely in early July. But the Act does not become law immediately. Instead, it relies on "Commencement Orders."
These are statutory instruments that bring different parts of the Act into force at different times. The government is expected to bring the primary duties (for illegal content) into force immediately upon Royal Assent to show momentum. However, the duties for "legal but harmful" content are expected to be delayed by at least six months. This staggered approach is designed to give Ofcom time to finalize its codes of practice without rushing.
For businesses operating in the politics-policy space, the danger zone is these six months. The period between Royal Assent and the full enforcement of the secondary duties is a grey area where reputational risk is high but legal compliance standards are still being written by the regulator. We can expect Ofcom to publish draft guidance for consultation within two weeks of the Act passing, starting a frantic three-month consultation period where every tech lobbyist in London will be fighting for their specific exemption.
The summer recess is no longer just a holiday for MPs; it is the deadline for regulatory certainty. If the bill does not pass by July, we enter the pre-election "purdah" period where legislative activity freezes, pushing these regulations into 2027 at the earliest. That is a delay the UK's digital market cannot afford.

