Meta Sues Ofcom: UK Online Safety Act Challenged as EU AI Act Slips

The Fee Model Challenge

The OSA, which received Royal Assent in October 2023 and whose safety duties began phasing into force in 2025, empowers Ofcom to levy annual charges on providers of regulated user-to-user services and search services to fund its supervisory activity. Under sections 75–78 of the Act, Ofcom must set fees that reflect its 'costs of carrying out its online safety functions,' apportioned among providers based on a Statement of Charging Principles. Meta's challenge, as first reported by Ana-Maria Stanciuc at The Next Web, does not contest the safety duties themselves — the obligations to conduct risk assessments, to mitigate illegal content, and to enforce age-appropriate design codes — but instead focuses on the proportionality of the fee calculation.

Online safety legislation is making headlines around the world. But in places where laws have taken effect, the question is whether they are proving to be effective — and whether the enforcement infrastructure can support the ambition of the legislation.— Joel R. McConvey, Biometric Update, 4 May 2026

The Brussels Pause

Across the Channel, the regulatory momentum that once defined the 'Brussels Effect' is confronting an unfamiliar deceleration. The AI Digital Omnibus — the legislative vehicle intended to streamline the AI Act's high-risk classification framework, reduce sectoral duplication with the Medical Device Regulation (MDR) and the Machinery Regulation, and adjust the compliance timeline for general-purpose AI (GPAI) model obligations — has seen negotiations stall. Laura Pliauškaitė, writing for the IAPP on 1 May, confirmed that the file remains deadlocked in trilogue, with the Council and Parliament unable to reach consensus on the scope of the simplification package. The European Parliament voted in March 2026 to delay high-risk AI system compliance deadlines to December 2027 and, for certain categories, August 2028. On 5 May, Reuters reported that seven European technology chief executives — including ASML's Christophe Fouquet — issued a joint call for 'reduced and simplified' AI rules, warning that 'implementation uncertainty is now a competitiveness variable.'

The Brussels Effect once presumed the world would follow EU rules. In 2026, the question is whether Brussels can hold its own timetable together.

The global picture is not one of simple deregulation but of regulatory fragmentation with distinct regional drivers. The Hogan Lovells UK/EU/International ESG Regulation Monthly Round-Up for April 2026, published on JD Supra, catalogues developments across three jurisdictions: the U.K.'s transition-planning disclosure requirements under the Transition Plan Taskforce framework, the EU's Corporate Sustainability Due Diligence Directive (CSDDD) transposition deadlines, and Canada's formation of a nature-standards advisory body modelled partly on the EU's taxonomy architecture. Meanwhile, Bloomberg's April 2026 Global Regulatory Brief on digital finance tracks how jurisdictions from Singapore to Switzerland are calibrating crypto-asset frameworks that neither fully mirror the EU's Markets in Crypto-Assets Regulation (MiCA) nor reject it outright. Aimee Newell Tarín, writing for ExchangeWire, notes that the U.K.'s distinct path on online safety is attracting attention from Australia, Canada, and Singapore, each of which has legislative proposals at various stages of development that reference Ofcom's enforcement model.

Divergence, Not Convergence

• Online safety: The U.K. OSA imposes mandatory safety duties backed by criminal liability for senior managers; the EU's Digital Services Act (DSA) relies on systemic risk assessment and transparency without individual liability provisions.
• AI governance: The EU AI Act classifies AI systems by risk tier with conformity assessment obligations; the U.K. has maintained a sectoral, principles-based approach coordinated through the Digital Regulation Cooperation Forum (DRCF) — and has no standalone AI Act.
• Digital fees: Ofcom's OSA fee model is cost-recovery based with a statutory cap that Meta now disputes; the DSA supervisory fee structure, collected by the European Commission from very large online platforms (VLOPs), uses a turnover-linked formula under Article 43.
• ESG disclosure: The U.K. has operationalised transition-planning disclosures ahead of CSDDD transposition, creating a compliance sequencing gap that affects multinationals reporting in both jurisdictions.

The Policy Export Reversal

The traditional Brussels Effect model — articulated most influentially by Anu Bradford of Columbia Law School — presumed that the EU's first-mover advantage in comprehensive tech regulation would set global standards by default, as multinational firms harmonised operations around the most stringent regime. What April and early May 2026 have demonstrated is a more complex dynamic: the EU's legislative machinery, slowed by the Omnibus negotiation, is producing implementation timelines that give competitor jurisdictions a window to develop alternative frameworks. The U.K.'s OSA, which has no direct equivalent in the EU acquis, is being studied not as a derivative of European regulation but as an independent reference point. Australia's eSafety Commissioner has cited Ofcom's enforcement posture in recent consultations; Singapore's Online Safety (Miscellaneous Amendments) Bill, tabled in Parliament in March 2026, draws on OSA structural features. The next procedural milestones are proximate. Ofcom must file its acknowledgement of service in the Meta judicial review within 21 days