From protection to surveillance: The UK’s Online Safety Act under fire

Your privacy is being violated in the name of protecting you. NymVPN can help you hop the walls of censorship

July 31, 20258 mins Read

On 25 July 2025, the United Kingdom unleashed the Online Safety Act 2023, officially enforced by Ofcom. This marks a major escalation in state control over digital life. Though promoted as protection for children and adults alike, the Act embeds sweeping mandates — age verification, content scanning, and new enforcement powers up to site-blocking and executive criminal liability — that systematically undermine privacy, free speech, and access to legal information.

This isn’t just regulation — it’s a new turn in the surveillance-industrial complex.

Thankfully, decentralized VPNs like NymVPN can help you protect metadata like your IP address and allow you access information globally.

Try NymVPN for 80% off today

The UK Online Safety Act in reality

As Nym CEO, Harry Halpin, wrote recently in Decrypt:

“This push to force identity checks undermines the original promise of the internet: a free space for communication, anonymity, and open information sharing. People are understandably uncomfortable sharing their identity with governments, corporations, especially porn companies.”

Global duty of care: A euphemism for control

Passed into law via Royal Assent on October 26, 2023, the Act requires digital communication companies to take measures to regulate (or control) the content accessible on their platforms. [1] This means any user-to-user service, including social media, messaging apps, search engines, forums — even private encrypted messengers, if they have UK users or target UK markets. Services must assess and mitigate risks from illegal content, including child sexual abuse, self-harm, hate speech, and more.

Mandatory age verification

From 25 July 25 2025, platforms hosting content on pornography, self-harm, suicide, or even certain “sensitive” topics must force users to provide photo‑ID, facial scans, banking info, or other invasive proofs — what Ofcom deems “highly effective” age verification. [2] Without compliance, platforms face fines of up to £18 million or 10% of global revenue, or even UK-wide blocking.

Encryption under threat

A deeply contentious client-side scanning clause (Clause 122) enables — and indefinitely preserves — the option to require scanning of end‑to‑end encrypted messaging systems, allegedly to detect child abuse materials. The fact is that this cannot be done, as Nym and privacy experts have repeatedly warned, without undermining encryption altogether. For now, the government has postponed enforcement of this clause, but the law remains intact and reversible at any moment.

This Safety Act endangers digital privacy & access to lawful info

Age gates become surveillance traps

Mandating identity-level verification to access legal community resources — like Reddit forums about periods, support groups, or legal discussions — excludes those unwilling or unable to share sensitive data. These platforms have already begun geoblocking UK users rather than implement invasive ID checks.

Data centralization = privacy risk

Platforms must integrate third-party age-verification vendors or store biometric hashes. This risks creating honeypots for identity theft, government surveillance, and data breaches. Moreover, these schemes inherently compromise encryption and user autonomy.

Access to legal and journalistic content at risk

Though the Act pledges to protect journalistic and “democratically important” content, this is hard to believe. Sites of public interest like Wikipedia face classification dilemmas: as a Category 1 service, it would force UK users and even volunteer editors to verify identity. Wikimedia has launched a legal challenge alleging the regime threatens open access and editor privacy. [3]

Encryption weakened, trust shattered

The threat of encryption scanning — even if not yet in force — remains a spectre looming over digital privacy in Europe and beyond. Leaders in cryptography warn that allowing such technical backdoors undermines trust in secure messaging globally, and opens the door to mission creep, that is, expanded surveillance under the pretext of future “harms.”

As Meredith Whittaker of the Signal Foundation has insisted:

“We'll continue to push back. You cannot build a safe backdoor." [4]

Public resistance: Bypassing the surveillance state

Following implementation, UK VPN downloads skyrocketed, with services like ProtonVPN reporting surges of over 1,400 % to 1,800 %. ManyVPN apps reached the top of UK app‑store charts. Importantly, over 400,000 people have signed petitions calling for repeal.

Tech-savvy users already bypass age gates using VPNs to appear outside the UK, circumventing geofencing and verification. Some platforms have even blocked entire domains to avoid compliance costs. Meanwhile, Ofcom insists that VPNs won’t be banned — since they serve legitimate uses — though their rise reveals public mistrust of enforcement mechanisms.

Decentralized VPNs

The problem with this rise in interest in VPN services in the UK is that the large majority are centralized systems. This means your traffic remains vulnerable to network surveillance, de-anonymization, and the potential of traffic logging by VPN companies.

The only choice for privacy protections is turning to decentralized VPN (dVPN) options where your privacy is guaranteed by design, not by promises.

Nym protecting human rights online

At its core, the Online Safety Act forces centralized systems of verification and control. A decentralized VPN like NymVPN offers a radically different model:

No single provider holds your metadata
Data packets are mixed to prevent tracing
Your identity remains private even from Nym.

Nym is building tech for people everywhere to self-defend their privacy, anonymity, and resistance to mass surveillance.

Nym's Noise Generating Mixnet

Bypassing geo‑blocks and age gates

Because the Act relies heavily on geolocation and identity-based filtering, dVPNs help users reopen access to legal information communities, news, forums, and even legal aid sites that might require identity or block UK traffic. NymVPN offers a private route circumventing such censorship — not because we endorse illegal activity, but because freedom of legal expression and access to information must not be collateral damage.

Defending encrypted messaging

With Clause 122 still live in the Act, the future of end‑to‑end encryption is in jeopardy. A decentralized overlay network like Nym can act as a protective layer by shielding metadata even if communication content is scanned at endpoints. This gives users retain plausible deniability and reduce surveillance exposure.

The potential impacts on access to legal information

Chilling effect on seeking help

Imagine someone seeking advice online — whether mental health support, legal aid during a housing eviction, or tax guidance. If that site is classified as “adult content” or falls under risk of harmful content, UK users may be blocked or forced to verify identity to register. That discourages vulnerable people from safely accessing help.

Knowledge silos and black‑listing

As platforms self‑censor or geoblock to avoid compliance burdens, less commercial forums thrive outside the UK. Less moderated, less transparent jurisdictions may become information havens — but more surveilled. This will continue to fragment global information access and exchange.

Erosion of privacy rights under data protection law

Platforms must now balance OSA compliance with UK GDPR privacy obligations, yet often privacy impact assessments are perfunctory. Section 22 of the Act states services must “have regard” to privacy rights — but critics argue this is toothless: enforcement favors compliance over protection of personal data.

Nym's call to action: Resist surveillance, build a private internet

For activists, legal rights advocates, and digital commons defenders, the Online Safety Act presents an urgent call:

Push for repeal or reform, urging Parliament to introduce stronger protections for public interest platforms and encryption.
Support court cases, such as Wikimedia’s High Court challenge, which seeks exemption for public-interest projects.
Educate users about decentralized privacy tools — including NymVPN and other dApps — as part of “digital civil disobedience” to maintain safe access to legal information and support networks.
Demand transparency: insist platforms publish their impact assessments on freedom of expression and privacy (as legally required), and audit their data retention and verification protocols.

Safety without surveillance

The UK’s Online Safety Act may aim to make the digital world safer, but it does so by building frameworks of surveillance, identity control, and encryption weakening. Rights to privacy, free expression, and access to lawful legal information are collateral damage unless users reclaim agency.

Decentralized VPNs like NymVPN represent more than just tech choices: they are digital lifelines defending anonymity, privacy, and access in an era of expanding platform control. If we lose that infrastructure — if centralized ID‑gates and scanning regimes become normalized — we will lose our rights online.

At Nym, we believe online safety should not cost liberty, and that privacy is not negotiable. Join us in that fight today.