UK Online Safety Act Government Powers to Block Domains

The United Kingdom’s Online Safety Act, enacted in 2023, represents a sweeping overhaul of the country’s regulatory approach to digital content and platform accountability. While much of the public and media attention has focused on the Act’s implications for social media platforms, search engines, and user-generated content, a lesser-known but equally significant aspect of the law is the government’s newly codified authority to order the blocking of domain names. This capability, embedded within the enforcement framework of the Act, empowers UK regulators to compel access providers, registrars, and other internet infrastructure entities to restrict or disable access to domain names that are found to be facilitating serious breaches of online safety obligations. The resulting regime marks a profound expansion of administrative power over the internet’s addressing system and raises complex legal and technical considerations for domain operators, digital rights advocates, and global DNS stakeholders.

At the center of this enforcement mechanism is Ofcom, the UK’s communications regulator, which has been designated as the lead supervisory authority under the Act. Ofcom has been granted extensive powers to ensure compliance with the statutory duties imposed on regulated services. These duties primarily concern the mitigation of illegal content—such as terrorism, child sexual exploitation, incitement to violence, and fraud—as well as the protection of children from harmful online material. If a service provider fails to comply with its safety duties, Ofcom may take escalating enforcement action, including issuing fines, requiring the publication of compliance reports, and—critically—applying for a service restriction order.

A service restriction order is a legal instrument through which Ofcom can petition a court to mandate action against an offending service. These actions may include blocking user access to websites or services, disabling access to domain names, or preventing the facilitation of financial transactions related to the infringing content. The courts are empowered to issue these orders against a wide range of entities, including internet service providers (ISPs), domain name registrars, DNS resolution providers, search engines, and app stores. The Act specifically contemplates scenarios where an online service is hosted outside the UK and is not responsive to regulatory intervention; in such cases, domain-level or network-level blocking may be deemed necessary to enforce UK law within its jurisdictional boundaries.

The legal standard for issuing such an order requires a court to be satisfied that the target domain or service has failed to comply with its online safety obligations and that enforcement through direct engagement with the service provider has proven ineffective or infeasible. Ofcom must demonstrate that the proposed blocking action is proportionate, necessary to achieve compliance, and consistent with broader human rights obligations under the Human Rights Act 1998 and the European Convention on Human Rights (ECHR). Nonetheless, the threshold for initiating these proceedings is largely administrative, and once a court order is issued, intermediaries are legally compelled to comply or face liability.

From a technical perspective, the Act does not dictate a specific method for domain blocking, leaving implementation decisions to courts and intermediary entities. ISPs may use DNS filtering, IP address blocking, or deep packet inspection to enforce access restrictions. Registrars may be required to suspend or disable domain name resolution services entirely. DNS operators may face orders to prevent name resolution within their zone files for specific domains. In practice, this creates a potentially fragmented enforcement ecosystem, in which different entities may adopt different blocking methods, with varying degrees of effectiveness, collateral impact, and transparency.

One of the central concerns raised by civil society organizations and internet governance experts is the risk of overreach and the potential for mission creep. Because the Act includes relatively broad language about content “harmful to children” or “psychologically injurious,” there is fear that the powers to block domains could be extended beyond clearly illegal content to include materials that are lawful but controversial or unpopular. The lack of an independent pre-order review body, coupled with limited procedural safeguards for domain registrants or service providers, intensifies these concerns. While court approval is required, the process is driven by administrative determinations made by Ofcom, whose dual role as regulator and complainant may not always ensure a neutral adjudication.

Transparency is another key issue. There is currently no statutory requirement for Ofcom or the courts to publish a central registry of blocked domains or to disclose the evidentiary basis for service restriction orders. This opacity undermines the principles of due process and makes it difficult for third parties to understand, appeal, or contest the removal of access to lawful content. For domain owners whose assets are targeted, there may be little warning or opportunity to respond before access is disrupted, especially if they are based outside the UK and are not party to the legal proceedings. The Act includes only limited language on appeal rights or mechanisms for reinstating access once compliance is restored.

For domain name registrars operating within the UK, the implications are significant. These entities may now be legally obliged to comply with blocking orders that conflict with their contractual obligations under ICANN accreditation or similar international frameworks. This raises complex jurisdictional questions, especially in cases involving generic top-level domains (gTLDs) like .com or .org, which are governed by ICANN’s global policies. A UK registrar ordered to suspend a domain under the Online Safety Act may face liability under UK law for noncompliance, while simultaneously facing breach of contract claims or de-accreditation risks if they act outside ICANN’s established procedures. As a result, registrars are increasingly caught between competing legal regimes, with little guidance on how to navigate such conflicts.

From a global perspective, the UK’s move to enable domain blocking as an enforcement mechanism places it within a growing group of countries asserting national control over internet infrastructure. While proponents argue that such powers are necessary to protect citizens and uphold national laws in the digital space, critics warn that this approach threatens the global interoperability of the internet. The risk is that domain names—designed to be globally resolvable and neutral—become fragmented and politicized tools of national regulation. This could erode trust in the DNS, lead to inconsistent access across jurisdictions, and ultimately undermine the principle of a single, unified internet.

In response to these developments, various stakeholders—including registrars, digital rights groups, and internet governance organizations—have called for greater safeguards in the application of blocking powers under the Online Safety Act. These include transparency requirements for all court orders affecting domain names, the creation of independent review panels to evaluate proportionality, and harmonization with existing international norms and contractual frameworks. Some have also proposed that blocking orders be limited in time and scope, with mandatory periodic reviews to prevent indefinite suspension of domains based on outdated or resolved concerns.

The UK’s Online Safety Act represents a pivotal moment in the evolution of internet regulation. While its primary focus is on protecting users from harmful content and holding platforms accountable, its provisions enabling the blocking of domain names significantly expand the government’s influence over core internet infrastructure. For domain owners, registrars, and internet governance bodies, this development necessitates careful attention to the shifting legal landscape, as well as proactive engagement with policymakers to ensure that efforts to promote safety do not come at the cost of openness, neutrality, and fundamental rights. As the Act is implemented and tested through enforcement actions, the real-world contours of these powers—and their impact on the DNS—will become clearer, shaping the balance between sovereignty and universality in the internet’s next chapter.

The United Kingdom’s Online Safety Act, enacted in 2023, represents a sweeping overhaul of the country’s regulatory approach to digital content and platform accountability. While much of the public and media attention has focused on the Act’s implications for social media platforms, search engines, and user-generated content, a lesser-known but equally significant aspect of the…