The boundary between physical reality and digital architecture has almost completely eroded. Internet connectivity facilitates commerce, community, and innovation but it has simultaneously spawned a fragmented underworld of online abuse. Victims face systemic digital violence, ranging from targeted doxxing and severe online stalking to the insidious viral spread of intimate image abuse. Historically, state regulatory mechanisms worldwide have struggled to keep pace, frequently encumbered by a philosophical deadlock between protecting citizens and preserving digital freedom.
Singapore has now taken a decisive step to resolve that deadlock. Passed by Parliament on 5 November 2025, the Online Safety (Relief and Accountability) Bill ("OSRA") [which will come into force in June, 2026] represents a significant evolution in technology regulation moving beyond traditional criminal enforcement towards a victim-centric civil redress framework. It seeks to balance competing interests: free expression, platform accountability, and user safety, while positioning Singapore as a global leader in digital governance. This article critically examines whether OSRA indeed marks a new era of technology regulation.
Background
To understand the significance of OSRA, one must first understand the gaps it seeks to fill. When online harm occurs, action must be taken quickly and effectively. Yet feedback from victims reveals a consistent pattern of frustration. Many simply want content removed swiftly, but they are daunted by existing remedies. Court processes are perceived as complex and prohibitively expensive, leaving many without viable avenues for relief . Platforms, meanwhile, typically take five or more days to act on valid user reports, during which harmful content continues to circulate and cause distress . For survivors of intimate image abuse or targeted doxxing campaigns, this delay is not merely inconvenient it is retraumatising.
The result has been a silent exodus: many individuals have been forced to remove themselves from online spaces or live with ongoing abuse, effectively ceding their digital citizenship to perpetrators. OSRA was designed specifically to reverse this dynamic.
The Bill's three-pronged architecture an administrative redress mechanism through the Online Safety Commission, a statutory torts framework enabling civil court claims, and enhanced perpetrator traceability, addresses each dimension of this problem simultaneously. Together, these pillars reframe the victim not as a passive recipient of state protection, but as an active participant in their own legal vindication.
The Three Pillars of the OSRA Framework
- The Statutory Reporting Mechanism
At the heart of the Bill lies the establishment of the Online Safety Commission (OSC), headed by a Commissioner appointed by the Minister for Digital Development and Information. The OSC provides an accessible, user-friendly reporting mechanism designed to deliver speedy, practical relief without the need to go to court.
- Eligibility and Process: To make a report, a victim must be a Singapore citizen, permanent resident, or a person with a prescribed connection to Singapore, initially covering long-term resident foreigners. Reports may also be made on behalf of victims, such as when the victim is below 18 years of age or has given written authorisation.
Before approaching the OSC, victims will generally be required to report the harm to the relevant platform as the “first port of call”, and may escalate to the Commissioner only where the platform fails to act within 24 hours. However, for egregious harms such as doxxing, intimate image abuse, and image-based child abuse, victims may submit reports directly to the Commissioner without this preliminary step.
Upon receiving a report, the Commissioner may issue “Pt 5 directions” if there is “reason to suspect” that online harmful activity has occurred, a threshold deliberately set lower than “reasonable grounds to believe” to ensure speed and accessibility . These directions are not limited to perpetrators; they may be issued to communicators, administrators of online locations, and online service providers . The available directions include stop communication orders, restraining orders, account restrictions, access disabling, and right-of-reply directions.
- Appeals and Safeguards: The Bill provides a two-stage appeal mechanism: reconsideration by the Commissioner on a de novo basis, followed by appeal to an independent Online Safety Appeal Panel.
Non-compliance with Pt5 directions is a criminal offence, and the Commissioner may escalate to more draconian measures including access blocking orders or app removal orders though these will only be used after "careful consideration" given their broader impact on all users in Singapore.
- Statutory Torts
A transformative feature of the Bill is its creation of statutory torts. Whereas the OSC reporting mechanism provides administrative relief, the tort framework enables victims to sue for damages and injunctions in court. Three categories of actors are subject to clearly defined duties:
- Communicators must not communicate any specified online harm.
- Administrators must not create or manage an online location that facilitates harm, and must take reasonable steps to address harm once notified.
- Online service providers (platforms) must take reasonable measures to address harmful content upon notice; platforms with greater reach may be subject to additional requirements, such as accelerated response times.
Courts may award "just and equitable" damages, including loss of future earnings, an account of profits, and enhanced damages designed to "target the root cause of the harm, such as recalcitrant communicators or administrators who create harmful websites or chatgroups". Importantly, only private citizens not public agencies can invoke the statutory torts, reinforcing the Bill's vision of victims as active participants rather than passive recipients of state protection.
- End-User Identification
A common frustration for victims of online abuse is the perpetrator’s anonymity. The Bill tackles this head-on by empowering the Commissioner to require online service providers to retain relevant records and to disclose identity information about users suspected of harmful activity. Providers with greater reach may also be directed to collect additional identifying information from suspected perpetrators.
Once the Commissioner holds identity information, a victim may apply for its disclosure for specified purposes primarily to bring a civil claim. Misuse of disclosed information is a criminal offence. This mechanism is “aimed squarely at those who hide behind anonymity to cause online harm” and seeks to ensure that perpetrators can no longer act with impunity.
Other features of Bill
- Categories of Harm
The Bill defines 13 categories of “online harmful activity,” from online harassment and doxxing to incitement of violence and publication of false material . Recognising that the OSC must build operational capacity, implementation is phased. The first five categories-online harassment, doxxing, online stalking, intimate image abuse, and image-based child abuse are designated the “most severe and prevalent harms” and will take effect immediately in 2026 . The remaining eight will be phased in progressively, with the Minister retaining discretion to prescribe additional harms, subject to a commitment to exercise that power “judiciously” .
- Enforcement, Penalties, and Safeguards
Enforcement is backed by serious penalties. Individuals may face fines of up to S$20,000, imprisonment of up to 12 months, or both, with additional daily fines for ongoing offences. Entities can be fined up to S$500,000 . Yet these powers are not unchecked. Procedural safeguards include notice, opportunity to respond, reconsideration, and the independent appeals framework. The appellate architecture signals that OSRA is conceived not as an instrument of censorship but of victim protection.
Conclusion
The OSRA Bill represents more than a legislative development, it is a normative statement about the governance of digital spaces. It affirms that online environments are not lawless domains, that anonymity does not equate to immunity, and that platforms bear meaningful responsibilities toward their users.
For legal practitioners, the Bill significantly reshapes the regulatory landscape, particularly in areas of platform liability, digital torts, and cross-border enforcement. Its long-term impact will depend on how effectively the Online Safety Commission exercises its powers once the regime comes into force in 2026.
Nevertheless, as a conceptual and regulatory model, OSRA is undeniably a landmark. By integrating administrative enforcement, civil remedies, and accountability mechanisms into a single framework, it offers a coherent and forward-looking approach to digital regulation, one that other jurisdictions are likely to study closely in the years ahead.