The UK Online Safety Act 2023 (OSA) is facing its first constitutional legal challenge in the US. On 27 August 2025, 4chan and Kiwi Farms filed a legal complaint against the UK regulator, Ofcom, in the United States District Court for DC. The complaint is that Ofcom violated 4Chan's and Kiwi Farms' First, Fourth and Fifth Amendment rights to (respectively) freedom of speech, protection against unreasonable searches and seizures, and privilege against self-incrimination. The plaintiffs also argue that some official documents were not properly served under the US-UK Mutual Legal Assistance Treaty.
Background – Ofcom's enforcement programmes and RFIs
The OSA does not have 'country of origin' applicability – this means that many US-based internet services with no physical presence in the UK are required to comply with the OSA as long as they have a 'significant number' of UK users or consider the UK as one (or the only) target market. A service also has the required links to the UK if it can be used in the UK and it is reasonable to believe that its content poses a material risk of harm to UK individuals. The broad applicability of the OSA is in line with the applicability of equivalent regimes around the world (including the EU Digital Services Act and the Australian Online Safety Act).
Since March 2025, Ofcom has had powers to enforce under the OSA and can impose hefty fines of up to 10% of annual global turnover for non-compliance. Ofcom can also request information via formal requests for information (RFIs).
The OSA requires all user-to-user services in scope to undertake illegal content risk assessments and to implement proportionate safety measures to mitigate the risks identified. In April 2025, Ofcom launched an industry-wide enforcement programme, requesting several services to provide their illegal content risk assessment records.
4Chan did not reply to the information request and Kiwi Farm initially geo-blocked UK users to avoid being in scope of the OSA, although later decided to unblock the site. In June 2025, Ofcom launched a formal investigation and subsequently issued a provisional decision stating it had reasonable grounds for believing that 4Chan was in breach of its duties to reply to two RFIs, and proposing a £20,000 fine. Ofcom is concurrently investigating whether 4Chan failed to comply with its risk assessment and safety duties. 4Chan has a right to submit representations to Ofcom on its preliminary decision.
The constitutional challenge before the DC District Court
The plaintiffs argue that Ofcom's conduct is a continuing egregious violation of Americans' civil rights, including, without limitation, of the right of freedom of speech. The constitutional challenge centres on three key points:
- First Amendment violations: the plaintiffs argue that the OSA requires US companies to remove users' content from their platforms. They argue that a lot of the content defined as illegal by the OSA is protected by the First Amendment in the US.
- Fourth and Fifth Amendment concerns: Ofcom's formal RFIs required the recipient to provide complete, full and accurate information including, potentially, self-incriminating content. The consequences of non-compliance include hefty fines and criminal charges (with a risk of jail for up to two years). The plaintiffs argue this is against their Fourth and Fifth Amendment rights.
- Section 230 conflicts: under the US Communications Decency Act (CDA), there are protections for providers of interactive computer services. The plaintiffs claim that the OSA requirements put them on a par with publishers or speakers of third-party content under the CDA – who are not granted the same s230 protections.
Service of process issues
Under the OSA, Ofcom is allowed to serve legal documents by email. The plaintiffs argue that Ofcom should have served all the legal documents following the procedure set out in the US-UK Mutual Legal Assistance Treaty (Treaty).
The Treaty applies to proceedings relating to criminal matters – the plaintiffs argue that, because Ofcom's communications threatened criminal action in the event of non-compliance with the OSA and the RFIs, they should have been served following the process set out in the Treaty. This would require the UK Secretary of State for the Home Office (or delegated agency/person) to send the requests to the US Attorney General (or delegated person/agency).
The ask
The plaintiffs are asking the DC judge to:
- declare that Ofcom's service of documents was improper and invalid and to issue an injunction banning Ofcom from serving orders to the plaintiffs without following the Treaty
- make a declaration of incompatibility between Ofcom's 'demands and orders' and the First, Fourth and Fifth Amendments, the CDA, and US public policy
- issue a permanent injunction banning Ofcom from enforcing or attempting to enforce the OSA against the plaintiffs in the US.
Implications if the challenge is successful
The outcome of this case could have far-reaching implications for the enforcement of the OSA and possibly more widely.
- Added friction to regulation: starting with the request to serve documents in accordance with the Treaty – if the plaintiffs prevail on this point, it would set a dangerous precedent for Ofcom. The OSA explicitly allows Ofcom to serve documents by email, bringing regulatory action into the 21st century (and in line with many other European countries where emails are routinely used to exchange official correspondence). Ofcom estimates that about 100,000 services might be in scope of the OSA, many of which are US-based companies. The Treaty's purpose specifically relates to criminal cases. If Ofcom has to follow the service of documents procedure set out in the Treaty for each RFI, this would impose a substantial additional administrative burden and costs on Ofcom. This added friction would make regulation of US based companies harder for Ofcom, making the OSA less effective, and would also, potentially, extend the scope of the Treaty.
- The two-tier risk: if the plaintiffs prevail on the constitutional challenges, it would again set a precedent for OSA enforcement in the US. The OSA would survive this, as it would remain effective against the numerous US services with physical ties to the UK or based outside the USA. However, this might initiate a cascade of similar cases in other countries. This in turn could impact the effectiveness of the OSA which is intended to protect UK individuals online regardless of the country of origin of a particular service provider. Success for the plaintiffs could, in the long term, create an unintended two-tier system for UK users. While larger platforms with stronger UK connections would remain subject to OSA requirements, smaller foreign services with weaker links to the UK would not. This could result in a bifurcated internet experience where UK users have access to both regulated and unregulated platforms, potentially undermining the OSA's protective objectives.
- Scope creep: if the challenge is successful, it has potential implications for a range of other extra-territorial effect UK and EU laws subject to the wording of the judgment and the wording of the legislation in question. It may impact both how to enforce (ie whether it can be done by email or whether the Treaty procedure has to be followed), and whether enforcement is even recognised under US law. The Trump administration is already pushing back on what it sees as foreign interference with US companies as a result of recent EU and (to a lesser extent) UK digital legislation, so this challenge, if successful, could impact more than just the OSA.
