The new duty is to be set out in new legislation which the government has said it will introduce to address online harms. The Department for Digital, Culture, Media and Sport (DCMS) and the Home Office opened a joint consultation on the proposals on Monday.
Under the government's plans, the new duty of care would compel companies to "take reasonable steps to keep users safe, and prevent other persons coming to harm as a direct consequence of activity on their services".
Social media platforms, file hosting sites, online discussion boards, messaging services and search engines, as well as other businesses that "allow users to share or discover user-generated content or interact with each other online", will be subject to the new duty. Compliance with the new duty is to be overseen by an independent regulator, which the government said industry would fund.
The government said it has yet to decide whether to expand the remit and functions of an existing authority or to establish a new body to monitor and enforce compliance. However, it said the regulator will be given "a suite of powers to take effective enforcement action against companies that have breached their statutory duty of care", including possible powers to "issue substantial fines and to impose liability on individual members of senior management".
"All companies in scope of the regulatory framework will need to be able to show that they are fulfilling their duty of care," the government said in its white paper. "Relevant terms and conditions will be required to be sufficiently clear and accessible, including to children and other vulnerable users. The regulator will assess how effectively these terms are enforced as part of any regulatory action."
Under the new framework, the regulator will set out the legal requirements businesses must meet in new codes of conduct, although companies subject to the new regime will be able to fulfil their legal obligations through other means if they can "explain and justify" their different approach to the regulator.
The regulator will have a legal obligation to " pay due regard to innovation" as well as to "protect users’ rights online, particularly rights to privacy and freedom of expression", according to the proposals.
While the legislation planned will impose new responsibilities on internet companies, the government said the move would comply with the EU's E-Commerce Directive. The Directive prohibits service providers from being put under any general obligation to monitor for illegal activity by users of their service and contains further measures limiting their liability for such activity where it is carried out.
Not all 'online harms' will be in scope of the new regulatory framework that is envisaged.
Harms suffered by individuals resulting directly from a breach of the data protection law, "including distress arising from intrusion, harm from unfair processing, and any financial losses", as well as harms to individuals stemming from hacking or which occur on 'the dark web' are excluded from the scope of the new rules.
Examples of online harms that will be in scope of the new regime include terrorist content, child sexual exploitation and abuse, organised immigration crime, incitement of violence, harassment and cyberstalking, hate crime, encouraging or assisting suicide, the sale of illegal goods or services, modern slavery, revenge pornography, cyberbullying and children accessing inappropriate material.
The consultation on the government's online harms white paper is open until 1 July.
"There is currently a range of regulatory and voluntary initiatives aimed at addressing these problems, but these have not gone far or fast enough, or been consistent enough between different companies, to keep UK users safe online," the government said.
"Many of our international partners are also developing new regulatory approaches to tackle online harms, but none has yet established a regulatory framework that tackles this range of online harms. The UK will be the first to do this, leading international efforts by setting a coherent, proportionate and effective approach that reflects our commitment to a free, open and secure internet," it said.