Singapore's OSRAA: A new era for Online Safety in Singapore

Singapore has gone live with its latest piece of online safety legislation.  The Online Safety (Relief and Accountability) Act (OSRAA) took effect on 29 June 2026, and a dedicated online safety regulator, the Online Safety Commission (OSC) opened its doors on the same day.   

In our earlier TechInsights post, we covered the key features of the Act as it moved through Parliament.  A standout feature of the Act is its victim-centred approach: the Act creates new statutory torts which give victims a direct route to sue platforms and operators of online locations for damages, in parallel with the OSC’s powers to order takedowns and fines. 

Since our last post, a wave of high-profile civil claims against major platforms in the United States has sharpened the focus on the circumstances in which platforms might be legally accountable. This post looks more closely at the OSRAA statutory torts against that backdrop.

The Limits of Regulator Action and General Civil Claims

The OSRAA is one of the first regimes globally to give individuals a statute-based private right of action. So far, most regimes have relied primarily on regulator-initiated enforcement rather than victim-led civil claims: 

• In the UK, the Online Safety Act 2023 imposes statutory duties on platforms, but those duties are principally enforced by the regulator, OFCOM, through notices, directions and fines. 

• The EU Digital Services Act similarly places systemic obligations on platforms enforced by the European Commission and local regulators. 

• In the APAC region, Australia's Online Safety Act 2021 empowers the eSafety Commissioner to issue remedial directions, link deletion notices, and app removal orders, but does not contain express statutory private rights of action. 

These regulator-only models mean that a victim’s ability to receive relief depends on the regulator’s discretion and availability to act.  A regulatory breach also does not generally mean that a victim will receive compensatory damages for the harm suffered. 

In the absence of private statutory rights of action, victims have relied on a patchwork of general or common law causes of action to sue for online harms they have suffered. In a case widely considered to be a bellwether for the industry, a 20 year-old claimant successfully sued Meta and Google in the Los Angeles courts for USD 6 million in damages for harming her through defective products deliberately designed to hook young users. 

Other platforms (TikTok, SnapChat) reportedly settled her claims before trial. However, the legal and evidential thresholds for such civil claims are significant: defective design or conspiracy claims require proof that the platform knew of the defect; negligence requires a duty of care which platforms routinely seek to disclaim through terms of service; and defamation-based claims require proof of a false statement and are also ill-suited to image-based harms. 

A clearer path for victims

Against this backdrop the OSRAA’s statutory tort regime stands out.  The OSRAA creates specific, targeted torts for nine categories of online harm: online harassment (including sexual harassment), doxxing, online stalking, intimate image abuse, image-based child abuse, online impersonation, inauthentic material abuse, online instigation of disproportionate harm, and incitement of violence. The first five will apply from 29 June 2026; the remaining categories will be phased in progressively.  Key aspects include:

• Direct statutory duties – no duty of care required: The OSRAA creates direct statutory duties on communicators (who must not engage in conduct constituting a specified online harm), administrators (who must not operate online locations facilitating harms and must take reasonable steps to address harms upon notice), and platforms (which must take reasonable measures to address specified harms after receiving notice). Victims need not first establish a common-law duty of care. 

• Clearer defences:  At the same time, the Act gives platforms and administrators greater certainty by introducing express reasonableness-based defences.  Platforms and administrators will not be liable if they can show that they acted reasonably after becoming aware of the harmful content. 

• Targeted remedies: The OSRAA framework expressly allows victims to claim compensatory damages, including for lost future earnings and loss of earning capacity; account of profits; and enhanced damages where the victim's request to address the harm was ignored without reasonable excuse.  Injunctions are also available to stop the dissemination of the harmful content, in parallel with any regulatory takedown directions. 

Some implications for platforms and administrators

• The OSRAA allows victims to simultaneously report harmful content to the OSC for fast-track regulatory relief, and bring civil proceedings for damages and injunctions. Platforms should prepare themselves to respond swiftly and consistently to challenges on multiple fronts.

• Platforms should review their terms of service and other user contracts, and take advice on the scope and enforceability of any limitations of liability.  While yet to be tested, any attempt to contractually exclude or limit OSRAA duties is likely to be challenged. 

• The OSRAA’s multi-factorial reasonableness test is likely to map onto the “systems and processes” obligations that the largest social media platforms already face under the Singapore’s Code of Practice for Online Safety (Social Media Services). Designated platforms should continue to invest in compliance with these standards, which would also serve as a building block to defend against any civil claims.