A Freedom of Information response has confirmed what the UK’s speech regulator would probably have preferred to keep quiet. Ofcom fired off 197 information demands to American tech companies under the Online Safety Act, and not a single one went through the US-UK Mutual Legal Assistance Treaty, the formal diplomatic process that exists for exactly this kind of cross-border legal enforcement. Every one of those 197 notices was sent directly, by email or post, to companies operating entirely on American soil.
The number comes from a FOI request filed by Daniel Lü, who asked Ofcom a series of pointed questions about how it enforces the Online Safety Act against non-UK targets.
Ofcom confirmed that as of February 26, 2026, it had issued 197 Section 100 notices to US businesses. Zero through MLAT. The treaty between the US and UK that governs how one country’s legal process gets enforced in the other’s jurisdiction was treated as optional. Ofcom decided it didn’t apply.
That admission drew an immediate response from Preston Byrne, the American lawyer who represents 4chan and other US companies targeted by Ofcom.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
Byrne called the 197 notices a “breathtaking” “attack on the First Amendment” and pointed out the uncomfortable math.
Only two US companies, 4chan and Kiwi Farms, have publicly refused to comply with Ofcom’s demands. If Byrne’s assessment is right, that leaves Ofcom enjoying “a 98% compliance rate with foreign censorship orders that violate the First Amendment.”
A British regulator sent nearly 200 demands to American companies, bypassed every established legal channel, and almost all of them appear to have simply done what they were told. The chilling effect is already here.
Ofcom Uses Free Speech to Hide Its Censorship Methods
Lü did more than ask for the number of notices. He asked for policy documents about how Ofcom selects its foreign enforcement targets, what guidance it gives its teams about the legality of emailing criminal penalty warnings to US corporations, and whether Ofcom has any internal guidance on protected speech.
Ofcom admitted it holds much of that information. Then it refused to hand it over. The reason, cited directly from the FOI Act, was that disclosure “would, or would be likely to, inhibit the free and frank exchange of views for the purposes of deliberation; and/or would otherwise prejudice, or would be likely otherwise to prejudice, the effective conduct of public affairs.”
A speech regulator is claiming that transparency about its censorship operations would damage free and frank deliberation. Ofcom is borrowing the language of free expression to shield itself from accountability over how it suppresses expression. The irony is so complete it feels deliberate.
On the question of whether Ofcom holds any guidance on protected speech, the answer was even more revealing. Ofcom said it doesn’t have any. No internal documents addressing what speech is protected when it exercises its enforcement powers against foreign companies.
It pointed instead to its general obligations under the Online Safety Act, the Communications Act 2003, and the European Convention on Human Rights, along with links to already-public guidance documents. That’s the speech protection regime for companies being censored by the UK from American soil: a few hyperlinks to existing publications.
The MLAT Problem Isn’t New. It’s Getting Worse.
The treaty issue is central. MLAT exists so that when one country wants to enforce its laws against people or companies in another country, there’s a formal process involving both governments. For the US side, that means routing through the Department of Justice. A judge gets involved. There’s oversight. There are procedural protections.
Ofcom has previously argued it doesn’t need to use MLAT because its Section 100 notices are administrative, not criminal. That distinction might satisfy Ofcom’s lawyers in London, but it doesn’t satisfy anyone else. Byrne and his clients have argued in federal court that Ofcom’s demands have no legal force precisely because they skipped the treaty process. 4chan and Kiwi Farms received their enforcement demands by email, sent to addresses that in some cases weren’t even authorized to accept legal service.
The Lü FOI also asked whether Ofcom holds any correspondence with the US Department of Justice or the FBI about its enforcement activity. Ofcom’s response: it holds no information related to this question. The regulator didn’t talk to anyone in the US government before firing off 197 demands to US companies. It just hit send.
What the FOI Actually Revealed, and What Ofcom Hid
Lü’s request covered six questions. The pattern in Ofcom’s responses tells its own story. On the questions where Ofcom could respond by linking to documents that are already public, it was happy to share. On everything else, it cited exemptions, claimed it didn’t hold the information, or both.
When asked for policy documents about enforcing the OSA against non-UK providers, including any records discussing MLAT, Ofcom said it holds some information but won’t release it. It also claimed it holds no records of MLAT discussions or legal guidance about whether emailing criminal penalty warnings to American corporations is valid. Either Ofcom never considered whether its enforcement method was legal under international law, or it did consider it and doesn’t want anyone to see that analysis.
When asked how it selects non-UK enforcement targets, Ofcom cited exemptions under the Communications Act 2003 and linked to its public enforcement guidance, plus its own decisions against 4chan and other US entities. The internal criteria, the actual decision-making process for choosing which American companies to go after, stayed hidden.
When asked about its approach to “qualifying worldwide revenue,” the basis for calculating fines that can reach £18 million or 10% of global revenue, Ofcom linked to its public guidance explaining that companies are expected to self-report their revenue to Ofcom. Companies that Ofcom is threatening with fines are supposed to voluntarily tell Ofcom how much money they make, so that Ofcom can calculate a bigger fine. The compliance incentives here are about as perverse as they get.
Byrne Goes to Congress
Byrne said he forwarded Ofcom’s admission directly to the US government. He tagged US Under Secretary of State for Public Diplomacy Sarah Rogers, Senator Eric Schmitt, and House Judiciary Committee Chairman Jim Jordan, and called on Congress to act. This is consistent with Byrne’s approach throughout the Ofcom fight. He has previously said he copies the US government on Ofcom correspondence that crosses his desk.
The legal strategy from the US side has been to deny Ofcom any clean precedent. The four companies that received formal enforcement action, 4chan, Kiwi Farms, a mental health forum called SaSu, and the social network Gab, all refused to comply. 4chan responded to one of Ofcom’s fines with a picture of a hamster. The point was to make Ofcom’s orders publicly and visibly unenforceable on American soil, turning each attempted punishment into a political liability for the regulator rather than a deterrent for the rest of the American internet.
But the 197 number changes the scale of the problem. Those four companies were the public-facing enforcement targets, the ones Ofcom wanted to make examples of. Behind them, 193 other US companies apparently received quieter demands and, if Byrne’s analysis is correct, most of them complied without a fight. Without lawyers, without publicity, without anyone in Congress knowing it happened.
Byrne has pushed the GRANITE Act, a proposed law that would allow US entities to sue foreign governments for censorship attempts and void foreign censorship orders in US courts. Sarah Rogers, the US Under Secretary of State for Public Diplomacy, has appeared on GB News in London suggesting Congress is considering a federal version of the law. The Trump administration has made public statements objecting to the Online Safety Act. The US State Department sent diplomats to London in 2025 to challenge Ofcom directly.
Whether all of that translates into legislation remains an open question. Ofcom, for its part, has already moved on to bigger targets. After spending a year trying to fine platforms like 4chan and getting nowhere, the regulator recently opened new investigations into Facebook, Instagram, Snapchat, TikTok, YouTube, Roblox, and X. The small companies held the line. The question now is whether the large ones will too, or whether they’ll decide that complying with a foreign regulator’s censorship demands is easier than asserting their constitutional rights.
